Don't run PagesDomainSslRenewalWorker for domains that aren't enabled

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

We repeatedly schedule renewal of SSL certificates for PagesDomains from the PagesDomainSslRenewalCronWorker.

We do this for domains that have auto_ssl_enabled and that haven't failed in the past: https://gitlab.com/gitlab-org/gitlab/blob/06a3f9769133bae8ebcf065523def714db9111f0/app/models/pages_domain.rb#L63. But in this query we don't exclude domains that aren't enabled.

We do skip the the domain in the PagesDomainSslRenewalWorker itself. Meaning this job becomes a no-op. We should add the check for enabled_until to the PagesDomain.need_auto_ssl_renewal-scope so we can avoid scheduling the job altogether.

We might need to double check the indexes if we add that to the query.