Log warning if manually-loaded cert has expired

Or is expiring soon See https://github.com/caddyserver/caddy/issues/6016
2024-01-08 08:44:58 -07:00 · 2024-01-08 08:44:58 -07:00 · 3dd8f7da62
commit 3dd8f7da62
parent 1652b4f5f5
1 changed files with 9 additions and 0 deletions
--- a/certificates.go
+++ b/certificates.go
@ -185,6 +185,15 @@ func (cfg *Config) CacheUnmanagedTLSCertificate(ctx context.Context, tlsCert tls
 	if err != nil {
 		return "", err
 	}
+	if time.Now().After(cert.Leaf.NotAfter) {
+		cfg.Logger.Warn("unmanaged certificate has expired",
+			zap.Time("not_after", cert.Leaf.NotAfter),
+			zap.Strings("sans", cert.Names))
+	} else if time.Until(cert.Leaf.NotAfter) < 24*time.Hour {
+		cfg.Logger.Warn("unmanaged certificate expires within 1 day",
+			zap.Time("not_after", cert.Leaf.NotAfter),
+			zap.Strings("sans", cert.Names))
+	}
 	err = stapleOCSP(ctx, cfg.OCSP, cfg.Storage, &cert, nil)
 	if err != nil {
 		cfg.Logger.Warn("stapling OCSP", zap.Error(err))