From df15e0c1efd3b2f372170e6866cac54df720e724 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 6 Jul 2019 19:12:45 -0300
Subject: [PATCH] Backdate notBefore to support macOS Catalina

Updates #174
---
 cert.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cert.go b/cert.go
index 6558ab9..e4c5d7c 100644
--- a/cert.go
+++ b/cert.go
@@ -64,7 +64,13 @@ func (m *mkcert) makeCert(hosts []string) {
 		},
 
 		NotAfter:  time.Now().AddDate(10, 0, 0),
-		NotBefore: time.Now(),
+
+		// Fix the notBefore to temporarily bypass macOS Catalina's limit on
+		// certificate lifespan. Once mkcert provides an ACME server, automation
+		// will be the recommended way to guarantee uninterrupted functionality,
+		// and the lifespan will be shortened to 825 days. See issue 174 and
+		// https://support.apple.com/en-us/HT210176.
+		NotBefore: time.Date(2019, time.June, 1, 0, 0, 0, 0, time.UTC),
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		BasicConstraintsValid: true,