rcritten
commented
9 months ago I think you are right. It looks like this was due to a conversion error from using NSS to openssl. The original NSS command did a validity check to be sure the certificate was still valid in two days. The current check only allows it to be valid for two days. It should probably use -enddate instead of -startdate, and modify the diff to be:
let diff=($end_timestamp-$now_timestamp)/86400
Currently the script renews the issued certificate every two days, which seems quite odd. Shouldn't the script check for how long the certificate is valid and just renew it roughly 30 days before expiry.