etc/config.tcl: Don't reissue long-term certificates daily.

[ca] / etc / config.tcl

diff --git a/etc/config.tcl b/etc/config.tcl
index ee8dd31..ad98137 100644 (file)
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -28,7 +28,7 @@ set P(tls-server) {
 
 set P(tls-server-longterm) {
   extensions tls-server-extensions
-  issue-time "*-*-* 00:00:00"
+  issue-time "*-03-01 00:00:00"
   start-skew 1
   expire-interval 43838
 }
@@ -36,7 +36,7 @@ set P(tls-server-longterm) {
 proc update-hook {} {
   global env
   if {![info exists env(CA_BODGE)]} {
-    exec 2>@stderr rsync -rtv --delete-delay \
+    exec 2>@stderr rsync -rtl --delete-delay \
        ca.cert crl cert req archive \
        sysupl-ca@stratocaster.distorted.org.uk:files/
   }