CA Certificate is not renewed after it expired

canonical / self-signed-certificates-operator

A charm to provide self-signed X.509 certificates in the Juju ecosystem.

https://charmhub.io/self-signed-certificates

Apache License 2.0

0 stars 6 forks source link

CA Certificate is not renewed after it expired #239

Closed gruyaume closed 2 months ago

gruyaume commented 2 months ago

Bug Description

The CA Certificate is not renewed after it expired

To Reproduce

Deploy the charm with the root ca validity set to a short-lived time
Run get-ca-certificate
Wait for it to expire
Run get-ca-certificate

Environment

Revision 190 (edge)

Relevant log output

N/A

Additional context

No response

gruyaume commented 2 months ago

We observe the secret expiry event but we don't get into the condition to generate a new certificate. Currently we check that the root certificate is stored (which it is) and that the root certificate matches the expected config (which it does), therefore we don't generate a new one.

gruyaume commented 2 months ago

Fixed by #242