Feature/handle expire date #49
Conversation
|
This is a good idea, thanks @davidlibrera, however rather than relying on ENV variables for configuration, why not use the Heroku platform API to check the existing certificate for expiry? https://github.com/jalada/platform-api/blob/master/schema.json#L10856 |
|
Yeah, off course. I use directly env variables without think about ask to heroku 😸 . |
|
@davidlibrera is there any point still having a configurable expiry window? Certbot renews any certificate that expires within 30 days, I think we should just use the same default and leave it at that. |
|
@davidlibrera rather than checking the certificate by hand, I meant using the Heroku API itself; does that make sense? |
|
@jalada I think that renew window is useless. Using certbot daemon it consider 30 days, so we can use that value. |
|
@jalada about checking the certificate by hand, I noticed that Platform-api json not provide expire_at value. Your fork of the gem do that. |
|
@davidlibrera it's already compulsory to use my fork of the gem until the upstream platform-api gem is updated, as per heroku/platform-api#49 and heroku/platform-api#56. |
|
Do we need the ability to force a renewal? |
|
Yes, when I add a domain name to the heroku app. |
|
@jalada about the use of the endpoint, OK! I fix that ASAP |
|
@davidlibrera Ahh of course! That makes sense. In which case I suggest we swap the behaviour round. Instead of adding a That way, this is a backwards compatible change, rather than a breaking change forcing everyone to redo their scheduled tasks. Does that make sense? |
I copy the behaviour from certbot service.
Running the service with --keep-until-expire that renew the certificate only if it is due to expire.
Now it is possible to run the script daily.