Only warn if less than 28 days to cert expires (#5077)

Fixes #5076 as much as reasonable.
minio · Nov 5, 2024 · 6ac1861 · 6ac1861
1 parent 95a03f5
commit 6ac1861
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/cmd/client-s3.go b/cmd/client-s3.go
@@ -196,7 +196,8 @@ func (n notifyExpiringTLS) RoundTrip(req *http.Request) (res *http.Response, err
 
 	cert := res.TLS.PeerCertificates[0] // leaf certificate
 	validityDur := cert.NotAfter.Sub(cert.NotBefore)
-	if time.Since(cert.NotBefore) > time.Duration(0.9*float64(validityDur)) {
+	// Warn if less than 10% of time left and it is less than 28 days.
+	if time.Until(cert.NotAfter) < time.Duration(min(0.1*float64(validityDur), 28*24*float64(time.Hour))) {
 		globalExpiringCerts.Store(req.Host, cert.NotAfter)
 	}