~tsileo/gemapi

04727e04ed6ab8f0e4df5f3c291dbae8c0b45605 — Thomas Sileo 3 months ago 93f1629 dev
Fix cert renewal
2 files changed, 14 insertions(+), 5 deletions(-)

M gemapi/certificates.py
M gemapi/server.py
M gemapi/certificates.py => gemapi/certificates.py +6 -3
@@ 94,7 94,6 @@ class CertificateManager:

        logger.info("Generating certificate")

        one_day = datetime.timedelta(days=1)
        builder = x509.CertificateBuilder()
        builder = builder.subject_name(
            x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, self._hostnames[0])])


@@ 102,8 101,12 @@ class CertificateManager:
        builder = builder.issuer_name(
            x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, self._hostnames[0])])
        )
        builder = builder.not_valid_before(datetime.datetime.today() - one_day)
        builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 365))
        builder = builder.not_valid_before(
            datetime.datetime.now(datetime.timezone.utc) - datetime.timedelta(days=1)
        )
        builder = builder.not_valid_after(
            datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365)
        )
        builder = builder.serial_number(x509.random_serial_number())
        builder = builder.public_key(private_key.public_key())
        builder = builder.add_extension(

M gemapi/server.py => gemapi/server.py +8 -2
@@ 1,4 1,5 @@
import asyncio
import datetime
import signal
import ssl



@@ 33,8 34,13 @@ class Server:
                logger.info("Certificate is expiring, restarting server")
                stop.set()

            timer = loop.call_at(
                cm.certificate_expires_at().timestamp(),
            expires_in = (
                cm.certificate_expires_at().timestamp()
                - datetime.datetime.now(datetime.timezone.utc).timestamp()
            )
            logger.info(f"Certificate is expiring in {expires_in}")
            timer = loop.call_later(
                expires_in,
                restart_server,
            )