From 555d0e8bfc8d3773fa05302303b43ed43e5f27a1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 23 Jan 2023 17:27:34 +0100 Subject: check-certificates: make the warning time configurable --- check-certificates | 4 +++- doc/check-certificates.md | 1 + global-config | 1 + global-config.changes | 1 + global-functions | 2 +- 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/check-certificates b/check-certificates index 9802cde..2bf2443 100644 --- a/check-certificates +++ b/check-certificates @@ -13,6 +13,7 @@ :global CertRenewPass; :global CertRenewTime; :global CertRenewUrl; +:global CertWarnTime; :global Identity; :global CertificateAvailable @@ -103,7 +104,8 @@ $WaitFullyConnected; } } -:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) expires-after<2w !(fingerprint=[]) ] do={ +:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \ + expires-after<$CertWarnTime !(fingerprint=[]) ] do={ :local CertVal [ /certificate/get $Cert ]; :if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={ diff --git a/doc/check-certificates.md b/doc/check-certificates.md index 76357ce..80f6aee 100644 --- a/doc/check-certificates.md +++ b/doc/check-certificates.md @@ -32,6 +32,7 @@ in `global-config-overlay`, these are the parameters: * `CertRenewPass`: an array of passphrases to try * `CertRenewTime`: on what remaining time to try a renew * `CertRenewUrl`: the url to download certificates from +* `CertWarnTime`: on what remaining time to warn via notification Certificates on the web server should be named `CN.pem` (`PEM` format) or `CN.p12` (`PKCS#12` format). diff --git a/global-config b/global-config index bd632a1..dcd7a09 100644 --- a/global-config +++ b/global-config @@ -194,6 +194,7 @@ "v3ry-s3cr3t"; "4n0th3r-s3cr3t"; } +:global CertWarnTime 2w; :global CertIssuedExportPass { "cert1-cn"="v3ry-s3cr3t"; "cert2-cn"="4n0th3r-s3cr3t"; diff --git a/global-config.changes b/global-config.changes index dacb9a1..2ae335e 100644 --- a/global-config.changes +++ b/global-config.changes @@ -97,6 +97,7 @@ 86="Added support for hooks in 'sms-forward'. This now provides similar functionality to 'sms-action', but is more flexible."; 87="Added support for extra text (or emojis \F0\9F\9A\80) in notification tags."; 88="Added support for monitoring CPU load and available free RAM in 'check-health'."; + 89="Made the warning time for 'check-certificates' configurable."; }; # Migration steps to be applied on script updates diff --git a/global-functions b/global-functions index 9654824..58c025e 100644 --- a/global-functions +++ b/global-functions @@ -12,7 +12,7 @@ :local 0 "global-functions"; # expected configuration version -:global ExpectedConfigVersion 88; +:global ExpectedConfigVersion 89; # global variables not to be changed by user :global GlobalFunctionsReady false; -- cgit v1.2.3-70-g09d2