Store certificate expiry date to storage

brianlund · brianlund · commit af157713ffe8 · 2017-12-19T14:32:41.000+01:00
diff --git a/bin/letsencrypt_hooks b/bin/letsencrypt_hooks
@@ -33,13 +33,19 @@ clean_challenge() {
 
 deploy_cert() {
   local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
+  local EXPIRY=$(date --date="$(openssl x509 -enddate -noout -in "$CERTFILE"|cut -d= -f 2)" +%s)
+  if [ $? -ne 0   ]; then
+    echo "failed to get the expiry date."
+    exit 1
+  fi
 
   curl --silent --show-error --fail -XPOST \
     --header "X-Hook-Secret: $HOOK_SECRET" \
     --data-urlencode "domain=$DOMAIN" \
     --data-urlencode "privkey@$KEYFILE" \
     --data-urlencode "cert@$CERTFILE" \
     --data-urlencode "fullchain@$FULLCHAINFILE" \
+    --data-urlencode "expiry=$EXPIRY" \
     "http://127.0.0.1:$HOOK_SERVER_PORT/deploy-cert" || { echo "hook request (deploy_cert) failed" 1>&2; exit 1; }
 }
 
diff --git a/lib/resty/auto-ssl/servers/hook.lua b/lib/resty/auto-ssl/servers/hook.lua
@@ -39,7 +39,8 @@ return function(auto_ssl_instance)
     assert(params["domain"])
     assert(params["fullchain"])
     assert(params["privkey"])
-    local _, err = storage:set_cert(params["domain"], params["fullchain"], params["privkey"], params["cert"])
+    assert(params["expiry"])
+    local _, err = storage:set_cert(params["domain"], params["fullchain"], params["privkey"], params["cert"], tonumber(params["expiry"]))
     if err then
       ngx.log(ngx.ERR, "auto-ssl: failed to set cert: ", err)
       return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
diff --git a/lib/resty/auto-ssl/storage.lua b/lib/resty/auto-ssl/storage.lua
@@ -30,10 +30,10 @@ function _M.get_cert(self, domain)
   end
 
   local data = cjson.decode(json)
-  return data["fullchain_pem"], data["privkey_pem"], data["cert_pem"]
+  return data["fullchain_pem"], data["privkey_pem"], data["cert_pem"], data["expiry"]
 end
 
-function _M.set_cert(self, domain, fullchain_pem, privkey_pem, cert_pem)
+function _M.set_cert(self, domain, fullchain_pem, privkey_pem, cert_pem, expiry)
   -- Store the public certificate and private key as a single JSON string.
   --
   -- We use a single JSON string so that the storage adapter just has to store
@@ -44,6 +44,7 @@ function _M.set_cert(self, domain, fullchain_pem, privkey_pem, cert_pem)
     fullchain_pem = fullchain_pem,
     privkey_pem = privkey_pem,
     cert_pem = cert_pem,
+    expiry = expiry,
   })
 
   -- Store the cert with the current timestamp, so the old certs are preserved
