From a3873fa202d75e4197df82d87952a2f3903246db Mon Sep 17 00:00:00 2001 From: Samantha Date: Thu, 10 Oct 2024 10:59:33 -0400 Subject: [PATCH] Use ARI unless explicitly disabled --- cmd/cmd_renew.go | 14 +++++++------- docs/data/zz_cli_help.toml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cmd/cmd_renew.go b/cmd/cmd_renew.go index 1d0a040796..1057d42330 100644 --- a/cmd/cmd_renew.go +++ b/cmd/cmd_renew.go @@ -20,7 +20,7 @@ import ( // Flag names. const ( flgDays = "days" - flgARIEnable = "ari-enable" + flgARIDisable = "ari-disable" flgARIWaitToRenewDuration = "ari-wait-to-renew-duration" flgReuseKey = "reuse-key" flgRenewHook = "renew-hook" @@ -61,8 +61,8 @@ func createRenew() *cli.Command { Usage: "The number of days left on a certificate to renew it.", }, &cli.BoolFlag{ - Name: flgARIEnable, - Usage: "Use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed.", + Name: flgARIDisable, + Usage: "Do not use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed.", }, &cli.DurationFlag{ Name: flgARIWaitToRenewDuration, @@ -151,7 +151,7 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif cert := certificates[0] var ariRenewalTime *time.Time - if ctx.Bool(flgARIEnable) { + if !ctx.Bool(flgARIDisable) { ariRenewalTime = getARIRenewalTime(ctx, cert, domain, client) if ariRenewalTime != nil { now := time.Now().UTC() @@ -209,7 +209,7 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif AlwaysDeactivateAuthorizations: ctx.Bool(flgAlwaysDeactivateAuthorizations), } - if ctx.Bool(flgARIEnable) { + if !ctx.Bool(flgARIDisable) { request.ReplacesCertID, err = certificate.MakeARICertID(cert) if err != nil { log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err) @@ -250,7 +250,7 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat cert := certificates[0] var ariRenewalTime *time.Time - if ctx.Bool(flgARIEnable) { + if !ctx.Bool(flgARIDisable) { ariRenewalTime = getARIRenewalTime(ctx, cert, domain, client) if ariRenewalTime != nil { now := time.Now().UTC() @@ -279,7 +279,7 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat AlwaysDeactivateAuthorizations: ctx.Bool(flgAlwaysDeactivateAuthorizations), } - if ctx.Bool(flgARIEnable) { + if !ctx.Bool(flgARIDisable) { request.ReplacesCertID, err = certificate.MakeARICertID(cert) if err != nil { log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err) diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml index 9e53c66596..ad95fe40df 100644 --- a/docs/data/zz_cli_help.toml +++ b/docs/data/zz_cli_help.toml @@ -88,7 +88,7 @@ USAGE: OPTIONS: --days value The number of days left on a certificate to renew it. (default: 30) - --ari-enable Use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed. (default: false) + --ari-disable Do not use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed. (default: false) --ari-wait-to-renew-duration value The maximum duration you're willing to sleep for a renewal time returned by the renewalInfo endpoint. (default: 0s) --reuse-key Used to indicate you want to reuse your current private key for the new certificate. (default: false) --no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate. (default: false)