Merge pull request #5259 from certbot/issue_5045

Show expiration dates for cert when skipping its renewal
2026-05-28 04:34:11 -04:00 · 2018-02-15 09:53:13 -08:00 · 2018-02-15 09:53:13 -08:00 · 7e6d2f1efe
commit 7e6d2f1efe
parent 99aec1394d 608875cd65
2 changed files with 17 additions and 3 deletions
--- a/certbot/renewal.py
+++ b/certbot/renewal.py
@ -425,7 +425,10 @@ def handle_renewal_request(config):
                    main.renew_cert(lineage_config, plugins, renewal_candidate)
                    renew_successes.append(renewal_candidate.fullchain)
                else:
-                    renew_skipped.append(renewal_candidate.fullchain)
+                    expiry = crypto_util.notAfter(renewal_candidate.version(
+                        "cert", renewal_candidate.latest_common_version()))
+                    renew_skipped.append("%s expires on %s" % (renewal_candidate.fullchain,
+                                         expiry.strftime("%Y-%m-%d")))
        except Exception as e:  # pylint: disable=broad-except
            # obtain_cert (presumably) encountered an unanticipated problem.
            logger.warning("Attempting to renew cert (%s) from %s produced an "
--- a/certbot/tests/main_test.py
+++ b/certbot/tests/main_test.py
@ -1029,7 +1029,7 @@ class MainTest(test_util.ConfigTestCase):  # pylint: disable=too-many-public-met

    def _test_renewal_common(self, due_for_renewal, extra_args, log_out=None,
                             args=None, should_renew=True, error_expected=False,
-                                 quiet_mode=False):
+                                 quiet_mode=False, expiry_date=datetime.datetime.now()):
        # pylint: disable=too-many-locals,too-many-arguments
        cert_path = test_util.vector_path('cert_512.pem')
        chain_path = '/etc/letsencrypt/live/foo.bar/fullchain.pem'
@ -1062,7 +1062,8 @@ class MainTest(test_util.ConfigTestCase):  # pylint: disable=too-many-public-met
                            mock_latest = mock.MagicMock()
                            mock_latest.get_issuer.return_value = "Fake fake"
                            mock_ssl.crypto.load_certificate.return_value = mock_latest
-                            with mock.patch('certbot.main.renewal.crypto_util'):
+                            with mock.patch('certbot.main.renewal.crypto_util') as mock_crypto_util:
+                                mock_crypto_util.notAfter.return_value = expiry_date
                                if not args:
                                    args = ['-d', 'isnot.org', '-a', 'standalone', 'certonly']
                                if extra_args:
@ -1130,6 +1131,16 @@ class MainTest(test_util.ConfigTestCase):  # pylint: disable=too-many-public-met
        args = ["renew", "--dry-run", "-tvv"]
        self._test_renewal_common(True, [], args=args, should_renew=True)

+    @mock.patch('certbot.renewal.should_renew')
+    def test_renew_skips_recent_certs(self, should_renew):
+        should_renew.return_value = False
+        test_util.make_lineage(self.config.config_dir, 'sample-renewal.conf')
+        expiry = datetime.datetime.now() + datetime.timedelta(days=90)
+        _, _, stdout = self._test_renewal_common(False, extra_args=None, should_renew=False,
+                                                 args=['renew'], expiry_date=expiry)
+        self.assertTrue('No renewals were attempted.' in stdout.getvalue())
+        self.assertTrue('The following certs are not due for renewal yet:' in stdout.getvalue())
+
    def test_quiet_renew(self):
        test_util.make_lineage(self.config.config_dir, 'sample-renewal.conf')
        args = ["renew", "--dry-run"]