From 4cdee4e355a017778720372493791fc6b2be9acb Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 19 Nov 2022 09:50:46 -0800
Subject: [PATCH] basessh: try and check path in renew path too

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/basessh/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index 2fd3ad4a21..6a24adcbfe 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -136,7 +136,7 @@
   set_fact:
     certs_to_sign: "{{certs_to_sign}} + [ '{{item.item.path}}' ]"
   with_items: "{{ssh_cert_files.results}}"
-  when: "item.stat.exists and item.stat.mtime|int < (lookup('pipe', 'date +%s')|int - 25920000)"
+  when: "item.stat.exists and item.item.path.startswith('/etc/ssh') and item.stat.mtime|int < (lookup('pipe', 'date +%s')|int - 25920000)"
   tags:
   - basessh
   - sshd_cert