From 0fee09099a2de13c17d2fd9d508c4a4f794cc78c Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Mon, 29 Dec 2025 01:01:05 -0600
Subject: [PATCH] service tweaks

---
 systemd/cert-renewer.service | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/systemd/cert-renewer.service b/systemd/cert-renewer.service
index 76541d2..7fc9b54 100644
--- a/systemd/cert-renewer.service
+++ b/systemd/cert-renewer.service
@@ -3,22 +3,18 @@ Description=Certificate renewal
 After=network-online.target
 Documentation=https://smallstep.com/docs/step-ca/certificate-authority-server-production
 StartLimitIntervalSec=0
-; PartOf=cert-renewer.target
 
 [Service]
 Type=oneshot
 User=root
 
-; ExecCondition checks if the certificate is ready for renewal,
-; based on the exit status of the command.
-; (In systemd <242, you can use ExecStartPre= here.)
-ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
+; ExecCondition checks if the certificate is ready for renewal.
+; ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
 
-; ExecStart renews the certificate, if ExecStartPre was successful.
+; ExecStart renews the certificate, if ExecCondition was successful.
 ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
 
-; ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
-; ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
+ExecStartPost=/usr/bin/openssl x509 -noout -subject -issuer -enddate -in ${CERT_LOCATION}
 
 [Install]
 WantedBy=multi-user.target
\ No newline at end of file