followup: be slightly more verbose on error or renew

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/bin/pveupdate b/bin/pveupdate
index 4ab4d79e9e878d74818426855f8d7e66a2fc7e8c..15a2accc6f090a593a5ecf9d598fc30fe048bf1e 100755 (executable)
--- a/bin/pveupdate
+++ b/bin/pveupdate
@@ -87,18 +87,18 @@ eval {
        # get cert and check issuer and chain metadata
        my $certinfo = PVE::Certificate::get_certificate_info($certpath);
        if ($certinfo->{issuer} ne $cainfo->{subject}) {
-           die "SSL Certificate is not issued by root CA";
+           die "SSL certificate ($certpath) is not issued by root CA ($capath)!\n";
        }
 
        # check if cert is really signed by the ca
-
-       # TODO
-       # replace by low level interface in ssleay if version 1.86 is available
+       # TODO: replace by low level ssleay interface if version 1.86 is available
        PVE::Tools::run_command(['/usr/bin/openssl', 'verify', '-CAfile', $capath, $certpath]);
 
+       print "PVE certificate expires soon, renewing...\n";
        # create new certificate
        my $ip = PVE::Cluster::remote_node_ip($nodename);
        PVE::Cluster::Setup::gen_pve_ssl_cert(1, $nodename, $ip);
+
        print "Restarting pveproxy after renewing certificate\n";
        PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'pveproxy']);
     }