From 1dee31e3ebf69d4fe392633881d7c78dd94dc0c8 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 8 Dec 2014 14:36:10 -0800
Subject: give error if cert has already expired. closes #6484

---
 lib/leap_cli/commands/ca.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/leap_cli/commands/ca.rb')

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 579e305..357792f 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -238,8 +238,12 @@ module LeapCli; module Commands
     dns_names_for_node(node).each do |domain|
       if file_exists?([:commercial_cert, domain])
         cert = load_certificate_file([:commercial_cert, domain])
-        if cert.not_after < months_from_yesterday(2)
-          log :warning, "the commercial certificate '#{Path.relative_path([:commercial_cert, domain])}' will expire soon. "+
+        path = Path.relative_path([:commercial_cert, domain])
+        if cert.not_after < Time.now.utc
+          log :error, "the commercial certificate '#{path}' has EXPIRED! " +
+            "You should renew it with `leap cert csr --domain #{domain}`."
+        elsif cert.not_after < months_from_yesterday(2)
+          log :warning, "the commercial certificate '#{path}' will expire soon. "+
             "You should renew it with `leap cert csr --domain #{domain}`."
         end
       end
-- 
cgit v1.2.3