diff --git a/pkg/controller/certificates/cleaner/cleaner.go b/pkg/controller/certificates/cleaner/cleaner.go index 51de92fd605..bfe43fa028b 100644 --- a/pkg/controller/certificates/cleaner/cleaner.go +++ b/pkg/controller/certificates/cleaner/cleaner.go @@ -118,11 +118,11 @@ func (ccc *CSRCleanerController) handle(csr *capi.CertificateSigningRequest) err // isIssuedExpired checks if the CSR has been issued a certificate and if the // expiration of the certificate (the NotAfter value) has passed. func isIssuedExpired(csr *capi.CertificateSigningRequest) (bool, error) { + isExpired, err := isExpired(csr) + if err != nil { + return false, err + } for _, c := range csr.Status.Conditions { - isExpired, err := isExpired(csr) - if err != nil { - return false, err - } if c.Type == capi.CertificateApproved && isIssued(csr) && isExpired { glog.Infof("Cleaning CSR %q as the associated certificate is expired.", csr.Name) return true, nil