From 36b440c04b33cb443b045ee1751917beecb3cce3 Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Wed, 2 Mar 2016 11:34:39 -0700
Subject: [PATCH] https: Refuse start only if renewal fails on expired cert
 (closes #642)

---
 caddy/https/maintain.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/caddy/https/maintain.go b/caddy/https/maintain.go
index 49fc1c16..28fa2fe6 100644
--- a/caddy/https/maintain.go
+++ b/caddy/https/maintain.go
@@ -89,8 +89,13 @@ func renewManagedCertificates(allowPrompts bool) (err error) {
 
 			err := client.Renew(cert.Names[0]) // managed certs better have only one name
 			if err != nil {
-				if client.AllowPrompts {
-					// User is present, so stop immediately and report the error
+				if client.AllowPrompts && timeLeft < 0 {
+					// Certificate renewal failed, the operator is present, and the certificate
+					// is already expired; we should stop immediately and return the error. Note
+					// that we used to do this any time a renewal failed at startup. However,
+					// after discussion in https://github.com/mholt/caddy/issues/642 we decided to
+					// only stop startup if the certificate is expired. We still log the error
+					// otherwise.
 					certCacheMu.RUnlock()
 					return err
 				}