EasyRSA command 'renew' has been flawed since its ill-fated inception.
The first version of 'renew' did not renew a certificate from
the original request. Instead, it built a new request, key and
certificate which bore no relation to the original request or key.
Also, certificates which had been "renewed" left a dangling, valid
certificate, which could not be revoked by EasyRSA.
After many attempts to rectify the process of renewal, it is clear
that this is an unnecessary maintenance burden.
This change replaces the renewal process by simply allowing the
original request to be signed again, exactly as it was first signed,
without the need for code to jump through absurd hoops.
EasyRSA command 'renew' has been flawed since its ill-fated inception.
The first version of 'renew' did not renew a certificate from the original request. Instead, it built a new request, key and certificate which bore no relation to the original request or key.
Also, certificates which had been "renewed" left a dangling, valid certificate, which could not be revoked by EasyRSA.
After many attempts to rectify the process of renewal, it is clear that this is an unnecessary maintenance burden.
This change replaces the renewal process by simply allowing the original request to be signed again, exactly as it was first signed, without the need for code to jump through absurd hoops.
In honor of Wayne's World. oooooo baby!