From de3580a7d33a71f01400f6175aea7ea325eb44c9 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 19 Dec 2021 06:36:11 +0100
Subject: [PATCH] bundles/letsencrypt: ensure-some-certificate shouldn't create
 10-year-certs

---
 bundles/letsencrypt/files/letsencrypt-ensure-some-certificate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
index e0248cb..f9b961d 100644
--- a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
+++ b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
@@ -25,7 +25,7 @@ if [ "$already_exists" != true ]
 then
     rm -r "$cert_path"
     mkdir -p "$cert_path"
-    openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
+    openssl req -x509 -newkey rsa:4096 -nodes -days 1 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
     chmod 0600 "$cert_path/privkey.pem"
     cp "$cert_path/fullchain.pem" "$cert_path/chain.pem"
 fi