fix for expired order/cert renewal

anchordotdev · Apr 11, 2024 · 3ffc9da · 3ffc9da
1 parent 83962f1
commit 3ffc9da
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/puma/acme/plugin.rb b/lib/puma/acme/plugin.rb
@@ -124,7 +124,7 @@ def provision(cert, poll_interval:)
           @manager.account!
         end
 
-        if cert.order.nil?
+        if cert.order.nil? || cert.order.expired?
           @logger.debug 'Acme: creating order'
           @manager.order!(cert)
         else

diff --git a/lib/puma/acme/structs.rb b/lib/puma/acme/structs.rb
@@ -67,8 +67,12 @@ def names
         identifiers&.map(&:value)
       end
 
+      def expired?(now: Time.now.utc)
+        x509.not_after > now
+      end
+
       def usable?(now: Time.now.utc)
-        !cert_pem.nil? && !key_pem.nil? && x509.not_after > now
+        !cert_pem.nil? && !key_pem.nil? && !expired?(now: now)
       end
 
       def renewable?(renew_in, now: Time.now.utc)
@@ -129,6 +133,10 @@ def self.from(acme_order)
 
         new(acme_order.to_h.slice(*members).merge(identifiers: identifiers, authorizations: authorizations))
       end
+
+      def expired?(now: Time.now.utc)
+        not_after > now
+      end
     end
   end
 end