Don't run PagesDomainSslRenewalWorker for domains that aren't enabled
We repeatedly schedule renewal of SSL certificates for PagesDomain
s from the PagesDomainSslRenewalCronWorker
.
We do this for domains that have auto_ssl_enabled
and that haven't failed in the past: https://gitlab.com/gitlab-org/gitlab/blob/06a3f9769133bae8ebcf065523def714db9111f0/app/models/pages_domain.rb#L63.
But in this query we don't exclude domains that aren't enabled.
We do skip the the domain in the PagesDomainSslRenewalWorker
itself. Meaning this job becomes a no-op. We should add the check for enabled_until
to the PagesDomain.need_auto_ssl_renewal
-scope so we can avoid scheduling the job altogether.
We might need to double check the indexes if we add that to the query.