common: Refactored how --force works and when certs get generated/rolled over
The defaults are as follows: * If the current set is available ** If it is due to expire inside the threshold *** generate a new set if there is no set more recent (unless instructed otherwise) *** roll over to the new set if one has been generated (unless instructed not to) ** Otherwise *** do not generate a new set (unless instructed otherwise) *** do not roll over (unless instructed to) * If the "current" set is missing, but other sets are available ** If the most recent set is due to expire inside the threshold *** generate a new set (unless instructed otherwise) *** roll over to the new set if one has been generated (unless instructed not to) ** If the most recent set is not due to expire soon *** do not generate a new set (unless instructed otherwise) *** roll over to the latest set (unless instructed not to) * If there are no certificate sets ** generate a new one (unless instructed otherwise) ** roll over to the new set if one has been generate (unless instructed not to)
Please register or sign in to comment