From 6d56528e7401e9d6808139613d98624ac97bc80a Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 16:15:56 -0700
Subject: [PATCH] only try and renew certs if they exist

---
 agent/src/Daemon/SslRenew.hs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
index ee2efff38..13c001817 100644
--- a/agent/src/Daemon/SslRenew.hs
+++ b/agent/src/Daemon/SslRenew.hs
@@ -13,7 +13,8 @@ import           Lib.Ssl
 import           Daemon.ZeroConf                ( getStart9AgentHostname )
 import           Lib.Tor
 import           Control.Carrier.Lift
-import           System.Directory               ( removePathForcibly
+import           System.Directory               ( doesPathExist
+                                                , removePathForcibly
                                                 , renameDirectory
                                                 )
 import           Lib.SystemCtl
@@ -74,5 +75,9 @@ renewSslLeafCert ctx = do
 
 doesSslNeedRenew :: FilePath -> IO Bool
 doesSslNeedRenew cert = do
-    ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
-    pure $ ec /= ExitSuccess
+    exists <- doesPathExist cert
+    if exists
+        then do
+            ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
+            pure $ ec /= ExitSuccess
+        else pure False