|
|
|
@ -136,16 +136,17 @@ impl Manager for ManagerImpl { |
|
|
|
|
let thirty_days = openssl::asn1::Asn1Time::days_from_now(30) |
|
|
|
|
.expect("parsed thirty days from now as Asn1Time"); |
|
|
|
|
|
|
|
|
|
let cert_with_soonest_not_after = certs |
|
|
|
|
.into_iter() |
|
|
|
|
.map(|cert| openssl::x509::X509::try_from(&cert)) |
|
|
|
|
.try_collect::<Vec<openssl::x509::X509>>() |
|
|
|
|
.or_unexpected_while("parsing x509 certs")? |
|
|
|
|
.into_iter() |
|
|
|
|
.reduce(|a, b| if a.not_after() < b.not_after() { a } else { b }) |
|
|
|
|
.ok_or(unexpected::Error::from( |
|
|
|
|
"expected there to be more than one cert", |
|
|
|
|
))?; |
|
|
|
|
let cert_with_soonest_not_after = util::try_collect( |
|
|
|
|
certs |
|
|
|
|
.into_iter() |
|
|
|
|
.map(|cert| openssl::x509::X509::try_from(&cert)), |
|
|
|
|
) |
|
|
|
|
.or_unexpected_while("parsing x509 certs")? |
|
|
|
|
.into_iter() |
|
|
|
|
.reduce(|a, b| if a.not_after() < b.not_after() { a } else { b }) |
|
|
|
|
.ok_or(unexpected::Error::from( |
|
|
|
|
"expected there to be more than one cert", |
|
|
|
|
))?; |
|
|
|
|
|
|
|
|
|
if thirty_days < cert_with_soonest_not_after.not_after() { |
|
|
|
|
return Ok(()); |
|
|
|
@ -304,17 +305,18 @@ impl Manager for ManagerImpl { |
|
|
|
|
|
|
|
|
|
// Download the certificate, and panic if it doesn't exist.
|
|
|
|
|
log::info!("Fetching certificate for domain {}", domain.as_str()); |
|
|
|
|
let certs = order |
|
|
|
|
.certificate() |
|
|
|
|
.await |
|
|
|
|
.or_unexpected_while("fetching certificate")? |
|
|
|
|
.ok_or(unexpected::Error::from( |
|
|
|
|
"expected the order to return a certificate", |
|
|
|
|
))? |
|
|
|
|
.into_iter() |
|
|
|
|
.map(|cert| Certificate::try_from(cert.as_ref())) |
|
|
|
|
.try_collect::<Vec<Certificate>>() |
|
|
|
|
.or_unexpected_while("parsing certificate")?; |
|
|
|
|
let certs = util::try_collect( |
|
|
|
|
order |
|
|
|
|
.certificate() |
|
|
|
|
.await |
|
|
|
|
.or_unexpected_while("fetching certificate")? |
|
|
|
|
.ok_or(unexpected::Error::from( |
|
|
|
|
"expected the order to return a certificate", |
|
|
|
|
))? |
|
|
|
|
.into_iter() |
|
|
|
|
.map(|cert| Certificate::try_from(cert.as_ref())), |
|
|
|
|
) |
|
|
|
|
.or_unexpected_while("parsing certificate")?; |
|
|
|
|
|
|
|
|
|
if certs.len() <= 1 { |
|
|
|
|
return Err(unexpected::Error::from( |
|
|
|
|