only try and renew certs if they exist

Start9Labs · Dec 2, 2020 · 6d56528 · 6d56528
1 parent efdc93d
commit 6d56528
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
@@ -13,7 +13,8 @@ import           Lib.Ssl
 import           Daemon.ZeroConf                ( getStart9AgentHostname )
 import           Lib.Tor
 import           Control.Carrier.Lift
-import           System.Directory               ( removePathForcibly
+import           System.Directory               ( doesPathExist
+                                                , removePathForcibly
                                                 , renameDirectory
                                                 )
 import           Lib.SystemCtl
@@ -74,5 +75,9 @@ renewSslLeafCert ctx = do
 
 doesSslNeedRenew :: FilePath -> IO Bool
 doesSslNeedRenew cert = do
-    ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
-    pure $ ec /= ExitSuccess
+    exists <- doesPathExist cert
+    if exists
+        then do
+            ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
+            pure $ ec /= ExitSuccess
+        else pure False