hlandau · jtl999 · Jul 4, 2020
diff --git a/cli/main.go b/cli/main.go
@@ -104,6 +104,9 @@ var (
 	revokeArg = revokeCmd.Arg("certificate-id-or-path", "Certificate ID to revoke").String()
 
 	accountThumbprintCmd = kingpin.Command("account-thumbprint", "Prints account thumbprints")
+
+
+	forceRenewFlag = kingpin.Flag("forceRenew", "Force renewal of certificate").Bool()
 )
 
 const reconcileHelp = `Reconcile ACME state, idempotently requesting and renewing certificates to satisfy configured targets.
@@ -151,6 +154,10 @@ func Main() {
 		log.Errore(err, "cannot load response file, continuing anyway")
 	}
 
+    if *forceRenewFlag {
+        storageops.ForceRenew = true
+    }
+
 	switch cmd {
 	case "reconcile":
 		cmdReconcile()

diff --git a/storageops/reconcile-util.go b/storageops/reconcile-util.go
@@ -167,7 +167,7 @@ func CertificateNeedsRenewing(c *storage.Certificate, t *storage.Target) bool {
 	}
 
 	renewTime := renewTime(cc.NotBefore, cc.NotAfter, t)
-	needsRenewing := !InternalClock.Now().Before(renewTime)
+	needsRenewing := !InternalClock.Now().Before(renewTime) || ForceRenew
 
 	log.Debugf("%v needsRenewing=%v notAfter=%v", c, needsRenewing, cc.NotAfter)
 	return needsRenewing

diff --git a/storageops/reconcile.go b/storageops/reconcile.go
@@ -33,6 +33,8 @@ var InternalClock = clock.Default()
 // Internal use only. Used for testing purposes. Do not change.
 var InternalHTTPClient *http.Client
 
+var ForceRenew = false
+
 // Optional configuration for the Reconcile operation.
 type ReconcileConfig struct {
 	// If non-empty, a set of target names/paths to limit reconciliation to.