[pve-devel] [PATCH manager 2/2] pveupdate: improve cert renew log messages

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Sep 9 12:04:48 CEST 2025


by explicitly checking for already expired certificates and adapting the
message in that case.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 bin/pveupdate | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bin/pveupdate b/bin/pveupdate
index 9984c9369..c5356c885 100755
--- a/bin/pveupdate
+++ b/bin/pveupdate
@@ -125,7 +125,10 @@ eval {
         PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'pveproxy']);
     };
 
-    if (PVE::Certificate::check_expiry($certpath, time() + 14 * 24 * 60 * 60)) {
+    if (PVE::Certificate::check_expiry($certpath)) {
+        # already expired
+        $renew->("expired, renewing...");
+    } elsif (PVE::Certificate::check_expiry($certpath, time() + 14 * 24 * 60 * 60)) {
         # expires in next 2 weeks
         $renew->("expires soon, renewing...");
     } elsif (!PVE::Certificate::check_expiry($certpath, time() + 2 * 365 * 24 * 60 * 60)) {
-- 
2.47.3





More information about the pve-devel mailing list