From 079d0cd41573ab0ef052b5398622e8c414eaa3d2 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Thu, 23 Dec 2021 15:02:29 -0500
Subject: [PATCH] Report expired certificates (#8045) (#8046)

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
---
 internal/ingress/controller/controller.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go
index 7d958a626..7c200bd8f 100644
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@@ -1332,7 +1332,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 
 			servers[host].SSLCert = cert
 
-			if cert.ExpireTime.Before(time.Now().Add(240 * time.Hour)) {
+			now := time.Now()
+			if cert.ExpireTime.Before(now) {
+				klog.Warningf("SSL certificate for server %q expired (%v)", host, cert.ExpireTime)
+			} else if cert.ExpireTime.Before(now.Add(240 * time.Hour)) {
 				klog.Warningf("SSL certificate for server %q is about to expire (%v)", host, cert.ExpireTime)
 			}
 		}