From aad674cda5ba191b4ffce509f05bea5ef8534da9 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Thu, 5 Sep 2024 10:53:29 -0600
Subject: [PATCH] ari: Fix panic when loaded cert has no RetryAfter

---
 maintain.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/maintain.go b/maintain.go
index 28ded5d..dea2cfd 100644
--- a/maintain.go
+++ b/maintain.go
@@ -427,7 +427,7 @@ func (cfg *Config) storageHasNewerARI(ctx context.Context, cert Certificate) (bo
 	// or if the one in storage has a later RetryAfter (though I suppose
 	// it's not guaranteed, typically those will move forward in time)
 	if (!cert.ari.HasWindow() && storedCertData.RenewalInfo.HasWindow()) ||
-		storedCertData.RenewalInfo.RetryAfter.After(*cert.ari.RetryAfter) {
+		(cert.ari.RetryAfter == nil || storedCertData.RenewalInfo.RetryAfter.After(*cert.ari.RetryAfter)) {
 		return true, *storedCertData.RenewalInfo, nil
 	}
 	return false, acme.RenewalInfo{}, nil