@@ -8,6 +8,8 @@ ACME_CA_URI="${ACME_CA_URI:-https://acme-v01.api.letsencrypt.org/directory}"
88DEFAULT_KEY_SIZE=4096
99REUSE_ACCOUNT_KEYS=" $( lc ${REUSE_ACCOUNT_KEYS:- true} ) "
1010REUSE_PRIVATE_KEYS=" $( lc ${REUSE_PRIVATE_KEYS:- false} ) "
11+ MIN_VALIDITY_CAP=7603200
12+ DEFAULT_MIN_VALIDITY=2592000
1113
1214function create_link {
1315 local -r source=${1?missing source argument}
@@ -174,7 +176,28 @@ function update_certs {
174176
175177 [[ " $( lc $DEBUG ) " == true ]] && params_d_str+=" -v"
176178 [[ $REUSE_PRIVATE_KEYS == true ]] && params_d_str+=" --reuse_key"
177- [[ " ${1} " == " --force-renew" && params_d_str+=" --valid_min 7776000"
179+
180+ min_validity=" LETSENCRYPT_${cid} _MIN_VALIDITY"
181+ min_validity=" ${! min_validity} "
182+ if [[ " $min_validity " == " <no value>" ; then
183+ min_validity=$DEFAULT_MIN_VALIDITY
184+ fi
185+ # Sanity Check
186+ # Upper Bound
187+ if [[ $min_validity -gt $MIN_VALIDITY_CAP ]]; then
188+ min_validity=$MIN_VALIDITY_CAP
189+ fi
190+ # Lower Bound
191+ if [[ $min_validity -lt $(( $seconds_to_wait * 2 )) ; then
192+ min_validity=$(( $seconds_to_wait * 2 ))
193+ fi
194+
195+ if [[ " ${1} " == " --force-renew" ; then
196+ # Manually set to highest certificate lifetime given by LE CA
197+ params_d_str+=" --valid_min 7776000"
198+ else
199+ params_d_str+=" --valid_min $min_validity "
200+ fi
178201
179202 # Create directory for the first domain,
180203 # make it root readable only and make it the cwd
0 commit comments