From ff3f198eca1918d1310dee043ebb32bde1206086 Mon Sep 17 00:00:00 2001
From: Gus Parvin <gparvin@us.ibm.com>
Date: Thu, 15 Nov 2018 14:07:34 +0000
Subject: [PATCH] make sure the expire time is set when the certificate is in
 an infinite renewal loop

Signed-off-by: Gus Parvin <gparvin@us.ibm.com>
---
 pkg/controller/certificates/sync.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go
index 3eba6e259..17b93c4bc 100644
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@@ -179,6 +179,9 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (reque
 		return c.issue(ctx, i, crtCopy)
 	}
 
+	metaNotAfter := metav1.NewTime(cert.NotAfter)
+	crtCopy.Status.NotAfter = &metaNotAfter
+
 	// check if the certificate needs renewal
 	needsRenew := c.Context.IssuerOptions.CertificateNeedsRenew(cert)
 	if needsRenew {
@@ -191,9 +194,6 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (reque
 
 	// end checking if the TLS certificate is valid/needs a re-issue or renew
 
-	metaNotAfter := metav1.NewTime(cert.NotAfter)
-	crtCopy.Status.NotAfter = &metaNotAfter
-
 	return false, nil
 }