Reload certs between retries

Open mcpherrinm opened this issue 6 years ago • 0 comments

I think we only reload certs when we start a sync.

But if a client cert is invalid (eg, expired), there's no point in retrying with the same cert.

We saw this after a host had its renewal fail to happen on time, and then once we kicked the renewal, keysync still failed until it gave up retrying. We could have cut down the failure window here.

Jun 24 '19 20:06 mcpherrinm