Merge pull request #2666 from pi-hole/tweak/renewal_without_https

Do not try to renew certificate that is not used
2025-12-19 23:08:23 +00:00 · 2025-10-26 19:56:08 +01:00
parent 53b98ec62a f6bc5c973f
commit 0b53419da7
2 changed files with 5 additions and 1 deletions
--- a/src/enums.h
+++ b/src/enums.h
@@ -335,6 +335,7 @@ enum cert_check {
 	CERT_NOT_YET_VALID,
 	CERT_EXPIRES_SOON,
 	CERT_OKAY,
+	CERT_NOT_IN_USE
 } __attribute__ ((packed));

 enum http_method {
--- a/src/webserver/webserver.c
+++ b/src/webserver/webserver.c
@@ -1042,7 +1042,10 @@ void *webserver_thread(void *val)
 	while(!killed)
 	{
 		// Check if the certificate is about to expire soon
-		const enum cert_check status = cert_currently_valid(config.webserver.tls.cert.v.s, 2);
+		// We check only if HTTPS is enabled (https_port > 0)
+		const enum cert_check status = https_port == 0 ?
+			CERT_NOT_IN_USE :
+			cert_currently_valid(config.webserver.tls.cert.v.s, 2);

 		if(status == CERT_EXPIRES_SOON &&
 		   config.webserver.tls.validity.v.ui > 0)