From e530664da6d889c77fb6a670cac115ff6fa52fe0 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 4 Mar 2021 19:11:20 -0800
Subject: [PATCH] exclude revoked certs from default to auto-rotate

---
 lemur/certificates/service.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index b9bc16f0..b4f88923 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -153,6 +153,7 @@ def get_all_certs_attached_to_endpoint_without_autorotate():
     return (
         Certificate.query.filter(Certificate.endpoints.any())
         .filter(Certificate.rotation == false())
+        .filter(Certificate.revoked == false())
         .filter(Certificate.not_after >= arrow.now())
         .filter(not_(Certificate.replaced.any()))
         .all()  # noqa