acmetool
acmetool copied to clipboard
cull does not delete links in live
I used to have a desired
domein with 'michiel' in it. I don't anymore:
root@acme:/var/lib/acme# fgrep michiel * -R
root@acme:/var/lib/acme#
but acmetool cull
does not delete the symlink in live
:
root@acme:/var/lib/acme/live# ls -alsF *michiel*
0 lrwxrwxrwx 1 acme acme 61 Apr 1 2016 michiel.afvalonline.nl -> ../certs/qrkcr5fleuzp4hirthkc2rzjhypjdpgmcnxwy3bdfkpdmjdjoeda/
nor is it valid anymore:
root@acme:/var/lib/acme/live# openssl x509 -in ../certs/qrkcr5fleuzp4hirthkc2rzjhypjdpgmcnxwy3bdfkpdmjdjoeda/cert -text | fgrep -A 2 Validity
Validity
Not Before: Apr 1 19:41:00 2016 GMT
Not After : Jun 30 19:41:00 2016 GMT
er, i now see this is 0.0.50, i'll try 0.0.58 later.
0.0.58 does not help.
This is as (currently) designed. Certificates currently referenced by live/ are not culled by cull
, even if they are expired, as they represent the best available certificate for that hostname. The idea is that if any webserver were referencing that certificate, it's probably better to serve an expired certificate than none at all, as with most webservers that will prevent the server starting at all.
Deleting the symlink and then running cull should be an effective workaround.
Understood! Change this into a feature request for acmetool cleanup
then perhaps?