File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -404,7 +404,7 @@ func (m *Manager) issue(ctx context.Context, volumeID string) error {
404404 return fmt .Errorf ("waiting for request: %w" , err )
405405 }
406406
407- // Default the renewal time to be halfway through the certificate's duration.
407+ // Default the renewal time to be 2/3rds through the certificate's duration.
408408 // The implementation's writeKeypair function may override this value before
409409 // writing to the storage layer.
410410 block , _ := pem .Decode (req .Status .Certificate )
@@ -413,8 +413,8 @@ func (m *Manager) issue(ctx context.Context, volumeID string) error {
413413 return fmt .Errorf ("parsing issued certificate: %w" , err )
414414 }
415415 duration := crt .NotAfter .Sub (crt .NotBefore )
416- midpoint := crt .NotBefore .Add (duration / 2 )
417- meta .NextIssuanceTime = & midpoint
416+ renewalPoint := crt .NotBefore .Add (duration * ( 2 / 3 ) )
417+ meta .NextIssuanceTime = & renewalPoint
418418
419419 if err := m .writeKeypair (meta , key , req .Status .Certificate , req .Status .CA ); err != nil {
420420 return fmt .Errorf ("writing keypair: %w" , err )
You can’t perform that action at this time.
0 commit comments