From a58778311d184af632fe05bb886549e46c6574c7 Mon Sep 17 00:00:00 2001
From: Johannes Feichtner <johannes@web-wack.at>
Date: Sat, 3 Dec 2022 23:53:11 +0100
Subject: [PATCH] Keep existing cert while it is still valid

Letsencrypt has some hiccups sometimes during renewals. Instead of instantly replacing a still valid cert with a self-signed, it should be kept, while it hasn't expired
---
 renew.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/renew.sh b/renew.sh
index 8879477..dbd712c 100644
--- a/renew.sh
+++ b/renew.sh
@@ -98,6 +98,8 @@ if [ -n "$CERT" ] ; then
   cp -p "$LOCALDIR/$KEY" "$VMWARE_KEY"
   cp -p "$LOCALDIR/$CRT" "$VMWARE_CRT"
   log "Success: Obtained and installed a certificate from Let's Encrypt."
+elif openssl x509 -checkend 86400 -noout -in "$VMWARE_CRT"; then
+  log "Warning: No cert obtained from Let's Encrypt. Keeping the existing one as it is still valid."
 else
   log "Error: No cert obtained from Let's Encrypt. Generating a self-signed certificate."
   /sbin/generate-certificates