From 4a6d94b3fe06646f37201d54bb74abaefb5d7120 Mon Sep 17 00:00:00 2001
From: symetryczny <36606184+symetryczny@users.noreply.github.com>
Date: Wed, 9 Feb 2022 14:38:05 +0100
Subject: [PATCH] Update 30-keygen

Add a check to renew certificate if is close to expiring (expires within 30 days)
---
 root/etc/cont-init.d/30-keygen | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/root/etc/cont-init.d/30-keygen b/root/etc/cont-init.d/30-keygen
index 32e6357..42ce95f 100644
--- a/root/etc/cont-init.d/30-keygen
+++ b/root/etc/cont-init.d/30-keygen
@@ -1,7 +1,8 @@
 #!/usr/bin/with-contenv bash
 
 # generate key
-if [ ! -f /config/quasselCert.pem ]; then openssl req -x509 -nodes -days 365 \
+if [ ! -f /config/quasselCert.pem ] || ! openssl x509 -noout -checkend 2592000 \
+-in /config/quasselCert.pem ; then openssl req -x509 -nodes -days 365 \
 -newkey rsa:4096 -keyout /config/quasselCert.pem -out /config/quasselCert.pem \
 -subj "/CN=Quassel-core" ; fi