Open mejofi opened 4 months ago
Just got the following result on a domain where the 1-year certificate has just been renewed;
[FAIL] SSL expiry should be less than one year (396 days)
It is within spec, issued by Sectigo. It looks like you're testing for 366 days instead of 398?
https://github.com/sesh/ready/blob/48e08850bca6a4307a87b6ecaef8a278245cc205/ready/checks/ssl.py#L98-L107
The value to check against should be 398 instead, see;
398
https://support.apple.com/en-us/102028
https://stackoverflow.com/questions/62659149/why-was-398-days-chosen-for-tls-expiration
Just got the following result on a domain where the 1-year certificate has just been renewed;
It is within spec, issued by Sectigo. It looks like you're testing for 366 days instead of 398?
https://github.com/sesh/ready/blob/48e08850bca6a4307a87b6ecaef8a278245cc205/ready/checks/ssl.py#L98-L107
The value to check against should be
398
instead, see;https://support.apple.com/en-us/102028
https://stackoverflow.com/questions/62659149/why-was-398-days-chosen-for-tls-expiration