From acc0fa887b99a173106e5e0128f99ee47accbd27 Mon Sep 17 00:00:00 2001
From: Gus Parvin <gparvin@us.ibm.com>
Date: Thu, 15 Nov 2018 14:30:31 +0000
Subject: [PATCH] set the NotAfter time as soon as the cert is parsed
 successfully

Signed-off-by: Gus Parvin <gparvin@us.ibm.com>
---
 pkg/controller/certificates/sync.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go
index 17b93c4bc..20885f0c3 100644
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@@ -156,6 +156,9 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (reque
 		return false, err
 	}
 
+	metaNotAfter := metav1.NewTime(cert.NotAfter)
+	crtCopy.Status.NotAfter = &metaNotAfter
+
 	// begin checking if the TLS certificate is valid/needs a re-issue or renew
 
 	// check if the private key is the corresponding pair to the certificate
@@ -179,9 +182,6 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (reque
 		return c.issue(ctx, i, crtCopy)
 	}
 
-	metaNotAfter := metav1.NewTime(cert.NotAfter)
-	crtCopy.Status.NotAfter = &metaNotAfter
-
 	// check if the certificate needs renewal
 	needsRenew := c.Context.IssuerOptions.CertificateNeedsRenew(cert)
 	if needsRenew {