From 8b3164303c6a376063ffb78c997320d00f9cdab4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vladimir.cunat@nic.cz>
Date: Mon, 17 Jun 2019 16:58:49 +0200
Subject: [PATCH] modules/http ephemeral cert: update before expiration

Instead of three days after.  This bug was not introduced by the recent
commits moving the code.
---
 modules/http/http_tls_cert.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/http/http_tls_cert.lua b/modules/http/http_tls_cert.lua
index ea9dd3159..ee427018d 100644
--- a/modules/http/http_tls_cert.lua
+++ b/modules/http/http_tls_cert.lua
@@ -71,8 +71,8 @@ function tls_cert.ephemeral_state_maintain(ephem_state, certfile, keyfile)
 		s.config.ctx = ephem_state.ctx -- not required, but let's keep it synchonized
 	end
 	log('[http] created new ephemeral TLS certificate')
-	local _, lifetime_sec = certs[1]:getLifetime()
-	local wait_msec = 1000 * math.max(1, lifetime_sec - (os.time() - 3 * 24 * 3600))
+	local _, expiry_stamp = certs[1]:getLifetime()
+	local wait_msec = 1000 * math.max(1, expiry_stamp - os.time() - 3 * 24 * 3600)
 	if not ephem_state.timer_id then
 		ephem_state.timer_id = event.after(wait_msec, function ()
 			tls_cert.ephemeral_state_maintain(ephem_state, certfile, keyfile)
-- 
2.47.2