FR: When `step ca renew` on expired certificate trigger `step ca certificate`

[LecrisUT]

trafficstars

What would you like to be added

As title says, add a flag like --recreate-if-expired so that if the user tries to step ca renew an expired certificate, trigger step ca certificate with all the original parameters in the certificate that are allowed to be set, and ask the user to choose how they want to authenticate.

Why this is needed

This is part of my recent hiccups when bootstrapping a fully integrated server after a long power outage. This one would be useful with the cert-renewer daemon when supervised booting, simply have a prompt for the user to input the acceptable password.

[dopey]

#398

[dopey]

Hey @LecrisUT, apologies for the delayed response. It's been a busy few weeks.

We would prefer not to add more complexity to existing commands but rather to make our commands more easily compose-able. For instance, the issue I linked above is for a command that would return whether or not a certificate was fresh/verdant. Then you could compose this command with the appropriate follow up command:

if verdant renew else recreate

Does our thinking here make sense? Would that sort of composition appropriately address your use case?

[LecrisUT]

Well partially. There still will be needed s step recreate command to read a certificate and create a new one from its info

[dopey]

Maybe we need a step ca certificate --from-crt flag? I'm guessing the implementation would be an interplay between templates and template_data.