forked from TrueCloudLab/lego
Merge pull request #57 from xenolf/fix-san-renewal
Fix: renew dropping additional DNSNames
This commit is contained in:
commit
37153517a9
2 changed files with 72 additions and 51 deletions
|
@ -368,7 +368,24 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bund
|
||||||
return cert, nil
|
return cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
newCerts, failures := c.ObtainCertificates([]string{cert.Domain}, bundle)
|
var domains []string
|
||||||
|
newCerts := make([]CertificateResource, 1)
|
||||||
|
var failures map[string]error
|
||||||
|
// check for SAN certificate
|
||||||
|
if len(x509Cert.DNSNames) > 1 {
|
||||||
|
domains = append(domains, x509Cert.Subject.CommonName)
|
||||||
|
for _, sanDomain := range x509Cert.DNSNames {
|
||||||
|
if sanDomain == x509Cert.Subject.CommonName {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
domains = append(domains, sanDomain)
|
||||||
|
}
|
||||||
|
newCerts[0], failures = c.ObtainSANCertificate(domains, bundle)
|
||||||
|
} else {
|
||||||
|
domains = append(domains, x509Cert.Subject.CommonName)
|
||||||
|
newCerts, failures = c.ObtainCertificates(domains, bundle)
|
||||||
|
}
|
||||||
|
|
||||||
if len(failures) > 0 {
|
if len(failures) > 0 {
|
||||||
return CertificateResource{}, failures[cert.Domain]
|
return CertificateResource{}, failures[cert.Domain]
|
||||||
}
|
}
|
||||||
|
|
102
cli_handlers.go
102
cli_handlers.go
|
@ -173,54 +173,58 @@ func revoke(c *cli.Context) {
|
||||||
func renew(c *cli.Context) {
|
func renew(c *cli.Context) {
|
||||||
conf, _, client := setup(c)
|
conf, _, client := setup(c)
|
||||||
|
|
||||||
for _, domain := range c.GlobalStringSlice("domains") {
|
if len(c.GlobalStringSlice("domains")) <= 0 {
|
||||||
// load the cert resource from files.
|
logger().Fatal("Please specify at least one domain.")
|
||||||
// We store the certificate, private key and metadata in different files
|
|
||||||
// as web servers would not be able to work with a combined file.
|
|
||||||
certPath := path.Join(conf.CertPath(), domain+".crt")
|
|
||||||
privPath := path.Join(conf.CertPath(), domain+".key")
|
|
||||||
metaPath := path.Join(conf.CertPath(), domain+".json")
|
|
||||||
|
|
||||||
certBytes, err := ioutil.ReadFile(certPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.IsSet("days") {
|
|
||||||
expTime, err := acme.GetPEMCertExpiration(certBytes)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Could not get Certification expiration for domain %s", domain)
|
|
||||||
}
|
|
||||||
|
|
||||||
if int(expTime.Sub(time.Now()).Hours()/24.0) <= c.Int("days") {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
keyBytes, err := ioutil.ReadFile(privPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
metaBytes, err := ioutil.ReadFile(metaPath)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
var certRes acme.CertificateResource
|
|
||||||
err = json.Unmarshal(metaBytes, &certRes)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
certRes.PrivateKey = keyBytes
|
|
||||||
certRes.Certificate = certBytes
|
|
||||||
|
|
||||||
newCert, err := client.RenewCertificate(certRes, true, true)
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("%s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
saveCertRes(newCert, conf)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
domain := c.GlobalStringSlice("domains")[0]
|
||||||
|
|
||||||
|
// load the cert resource from files.
|
||||||
|
// We store the certificate, private key and metadata in different files
|
||||||
|
// as web servers would not be able to work with a combined file.
|
||||||
|
certPath := path.Join(conf.CertPath(), domain+".crt")
|
||||||
|
privPath := path.Join(conf.CertPath(), domain+".key")
|
||||||
|
metaPath := path.Join(conf.CertPath(), domain+".json")
|
||||||
|
|
||||||
|
certBytes, err := ioutil.ReadFile(certPath)
|
||||||
|
if err != nil {
|
||||||
|
logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.IsSet("days") {
|
||||||
|
expTime, err := acme.GetPEMCertExpiration(certBytes)
|
||||||
|
if err != nil {
|
||||||
|
logger().Printf("Could not get Certification expiration for domain %s", domain)
|
||||||
|
}
|
||||||
|
|
||||||
|
if int(expTime.Sub(time.Now()).Hours() / 24.0) <= c.Int("days") {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
keyBytes, err := ioutil.ReadFile(privPath)
|
||||||
|
if err != nil {
|
||||||
|
logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
metaBytes, err := ioutil.ReadFile(metaPath)
|
||||||
|
if err != nil {
|
||||||
|
logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
var certRes acme.CertificateResource
|
||||||
|
err = json.Unmarshal(metaBytes, &certRes)
|
||||||
|
if err != nil {
|
||||||
|
logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
certRes.PrivateKey = keyBytes
|
||||||
|
certRes.Certificate = certBytes
|
||||||
|
|
||||||
|
newCert, err := client.RenewCertificate(certRes, true, true)
|
||||||
|
if err != nil {
|
||||||
|
logger().Fatalf("%s", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
saveCertRes(newCert, conf)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue