The
renew command will aggressively write and re-write existing certificates to all
the configured certificate
outputs, redundantly. Thus, it is necessary that all
certificate output implementations be
idempotent with regards to the write operation.
There are multiple reasons for this redundancy. Firstly, the
certusine
client cannot know the status of all the external systems to which it supplies certificates; external systems can
be destroyed and recreated at any given time, and an external system should not be forced to wait until the next
certificate renewal to receive certificates just because it wasn't present at the exact time the original
issue/renewal occurred. Secondly, the very nature of systems being external means that the act of sending
certificates to those systems can fail. Whilst the
certusine client does retry I/O
operations on failure, sometimes a system can be inaccessible long enough for all of the retry attempts to fail.
If the
certusine
client did not redundantly write certificates, the external system would be stuck without any certificates until
the next full renewal attempt.