Certificate expiry doesn't match validity of certificate

DevelopingSpace / starchart

A self-serve tool for managing custom domains and certificates

MIT License

20 stars 13 forks source link

Certificate expiry doesn't match validity of certificate #655

Closed humphd closed 1 year ago

humphd commented 1 year ago

After landing the orderUrl fix on production and clearing out the old certificates in the db, I was able to make a certificate. The new certificate says it's only valid for 7 days:

However, if I decode the certificate, it shows:

Valid From: April 19, 2023
Valid To: July 18, 2023

So something is not right with our certificate date logic.

humphd commented 1 year ago

The problem here is that we're using the expiry of the order, not the certificate, see https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.3.

We need to parse the validity data out of the cert itself. I'll make a PR.