diff --git a/trifid-api/src/codegen/mod.rs b/trifid-api/src/codegen/mod.rs index 354c10a..79b9f17 100644 --- a/trifid-api/src/codegen/mod.rs +++ b/trifid-api/src/codegen/mod.rs @@ -57,7 +57,7 @@ pub async fn generate_config( .unwrap()], subnets: vec![], groups: vec![format!("role:{}", info.host.role)], - not_before: SystemTime::now(), + not_before: SystemTime::now() - Duration::from_secs(3600), // make certs that have already been valid for an hour. if your system clock is more than an hour behind, it is no longer my problem not_after: SystemTime::now() + Duration::from_secs(CONFIG.crypto.certs_expiry_time), public_key: info.dh_pubkey.clone().try_into().unwrap(), is_ca: false,