Too many server reloads; stale certificate exposed #842
Description
If getssl detects that a remote certificate expires sooner than a saved local certificate, an upload is attempted. Then a server reload is performed.
Later in the same run, if getssl discovers that the remote certificate has a different domain list, a new CSR is created, the certificate is signed, and the server is reloaded again.
Besides being inefficient, this means that the initial local, stale certificate is used in the interval before the correct certificate is issued and installed.
This just happened to me in real life.
A glance at the code indicates a similar scenario if the key type(s) change: the saved/stale local certificate is uploaded, then the new one is generated and uploaded.
getsslshould check the expiration date after verifying that the domain lists match.- It should only upload the local certificate if it determines that it will not generate a new one. (for any reason)
Bottom line: Only local certificates matching the current specification should be uploaded. The RELOAD_CMD should be invoked at most once per certificate. (Of course, RELOAD_CMD itself may reload more than one server if so-configured.)