give error if cert has already expired. closes #6484

author: elijah <elijah@riseup.net> 2014-12-08 14:36:10 -0800
committer: elijah <elijah@riseup.net> 2014-12-08 14:36:10 -0800
commit: 1dee31e3ebf69d4fe392633881d7c78dd94dc0c8 (patch)
tree: a0bc779b2911f85816197fd4a2e2ba66ded4c110 /lib/leap_cli
parent: e2a066dec8af7aae421401c9b9cb30752e7aa0d6 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 579e305..357792f 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -238,8 +238,12 @@ module LeapCli; module Commands
     dns_names_for_node(node).each do |domain|
       if file_exists?([:commercial_cert, domain])
         cert = load_certificate_file([:commercial_cert, domain])
-        if cert.not_after < months_from_yesterday(2)
-          log :warning, "the commercial certificate '#{Path.relative_path([:commercial_cert, domain])}' will expire soon. "+
+        path = Path.relative_path([:commercial_cert, domain])
+        if cert.not_after < Time.now.utc
+          log :error, "the commercial certificate '#{path}' has EXPIRED! " +
+            "You should renew it with `leap cert csr --domain #{domain}`."
+        elsif cert.not_after < months_from_yesterday(2)
+          log :warning, "the commercial certificate '#{path}' will expire soon. "+
             "You should renew it with `leap cert csr --domain #{domain}`."
         end
       end
author	elijah <elijah@riseup.net>	2014-12-08 14:36:10 -0800
committer	elijah <elijah@riseup.net>	2014-12-08 14:36:10 -0800
commit	1dee31e3ebf69d4fe392633881d7c78dd94dc0c8 (patch)
tree	a0bc779b2911f85816197fd4a2e2ba66ded4c110 /lib/leap_cli
parent	e2a066dec8af7aae421401c9b9cb30752e7aa0d6 (diff)