From: Tom Hughes <tom@compton.nu>
Date: Fri, 26 Jan 2018 15:30:13 +0000 (+0000)
Subject: Don't check the certificate when the connection failed
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/a89717c095abc842b5908617279e6c601dcd27c5?ds=sidebyside

Don't check the certificate when the connection failed
---

diff --git a/cookbooks/letsencrypt/files/default/bin/check-certificate b/cookbooks/letsencrypt/files/default/bin/check-certificate
index 35fbbed1f..f3599a36f 100755
--- a/cookbooks/letsencrypt/files/default/bin/check-certificate
+++ b/cookbooks/letsencrypt/files/default/bin/check-certificate
@@ -21,13 +21,15 @@ rescue StandardError => error
   puts "Error connecting to #{host}: #{error.message}"
 end
 
-certificate = ssl.peer_cert
+if ssl
+  certificate = ssl.peer_cert
+
+  if Time.now < certificate.not_before
+    puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
+  elsif certificate.not_after - Time.now < 21 * 86400
+    puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
+  end
 
-if Time.now < certificate.not_before
-  puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
-elsif certificate.not_after - Time.now < 21 * 86400
-  puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
-else
   subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
 
   if subject_alt_name.nil?
@@ -47,6 +49,6 @@ else
       puts "Certificate #{domains.first} on #{host} has unexpected subjectAltName #{name}"
     end
   end
-end
 
-ssl.close
+  ssl.close
+end