Posts by calvcol

calvcol · mORMot 2

lfyey121 wrote:

In TAcmeLetsEncrypt checkCertificates procedure(line 1110), check the expiration date of error code:
cc. GetNotAfter < expired
should be:
cc.getNotAfter-fRenewBeforeEndDays < NowUtc

lfyey121 is right.

This "chart" shows when the value of cc.getNotAfter-fRenewBeforeEndDays < NowUtc changes, and works as expected

     FALSE  FALSE  FALSE  >|<  TRUE  TRUE  TRUE  TRUE  TRUE  TRUE 
---------------------------|----------------------------|--------------
                GetNotAfter-fRenewBeforeEndDays     GetNotAfter       
 NowUtc -->
---------------------------|----------------------------|--------------

The previous expression is equivalent to: cc.getNotAfter < NowUtc+fRenewBeforeEndDays

In actual code a expired value is precaltulated before entring the loop, and then the renewal of each certificate is checked with cc.GetNotAfter < expired, so line 1154 should be:

   expired := NowUtc + fRenewBeforeEndDays;

mORMot Open Source

#1 Re: mORMot 2 » mormot.net.acme error » 2024-11-01 21:12:28

Board footer