summaryrefslogtreecommitdiffstats
path: root/node-admin
diff options
context:
space:
mode:
Diffstat (limited to 'node-admin')
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index e295241b066..c684487b4f8 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -215,7 +215,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
private boolean shouldRefreshCertificate(NodeAgentContext context, ContainerPath certificatePath) throws IOException {
var certificate = readCertificateFromFile(certificatePath);
var now = timer.currentTime();
- var shouldRefresh = now.isAfter(certificate.getNotBefore().toInstant().plus(REFRESH_PERIOD));
+ var shouldRefresh = now.isAfter(certificate.getNotAfter().toInstant()) ||
+ now.isAfter(certificate.getNotBefore().toInstant().plus(REFRESH_PERIOD));
return !shouldThrottleRefreshAttempts(context.containerName(), now) &&
shouldRefresh;
}