Handle the certificate expiration correctly
Right now CA checks expiration of its certificate during processing client requests. When the cert expire sooner than requested, the CA raises an exception and quits immediately. This has the effect that the request is popped form Redis without the client learning about the result. As a result the client keeps polling for the request result until the session expires. I propose one of these two possible solutions:
- Check the cert before popping request from Redis
- Before quitting, set
error
auth_state
according to https://gitlab.labs.nic.cz/turris/project/wikis/sentinel/certificator#rozhran%C3%AD-ca-cert-api so the client can restart the whole process