From 08be7d0a441785d76c24e101287e71e13591e9a0 Mon Sep 17 00:00:00 2001
From: Ivan Folgueira Bande <ivansete@status.im>
Date: Fri, 9 Jan 2026 15:17:38 +0100
Subject: [PATCH] enhance cert expiry process in run_node.sh

---
 run_node.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/run_node.sh b/run_node.sh
index 1c40ed2..27d1728 100755
--- a/run_node.sh
+++ b/run_node.sh
@@ -63,10 +63,12 @@ if [ -n "${DOMAIN}" ]; then
     echo "[INFO] Waiting for a valid TLS certificate for ${DOMAIN}..."
 
     while true; do
+        MIN_VALIDITY=3600  # 1 hour
+
         if [ ! -f "${CERT}" ] || [ ! -f "${KEY}" ]; then
             echo "[INFO] Certificate files not found yet. Waiting..."
-        elif ! openssl x509 -checkend 0 -noout -in "${CERT}" >/dev/null 2>&1; then
-            echo "[WARN] Certificate exists but is expired. Waiting for renewal..."
+        elif ! openssl x509 -checkend "${MIN_VALIDITY}" -noout -in "${CERT}" >/dev/null 2>&1; then
+            echo "[WARN] Certificate is invalid, expired, or expiring soon. Waiting..."
         else
             echo "[INFO] Valid TLS certificate detected."
             break