From 19bbefbc8c65ba73ea791c51722762053744a3c2 Mon Sep 17 00:00:00 2001
From: Ludovic Fernandez <ldez@users.noreply.github.com>
Date: Mon, 11 Mar 2024 00:04:53 +0100
Subject: [PATCH] fix: don't generate ARI cert ID if ARI is not enable (#2138)

---
 cmd/cmd_renew.go | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/cmd/cmd_renew.go b/cmd/cmd_renew.go
index 6c0c7853..20876511 100644
--- a/cmd/cmd_renew.go
+++ b/cmd/cmd_renew.go
@@ -187,11 +187,6 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 		time.Sleep(sleepTime)
 	}
 
-	replacesCertID, err := certificate.MakeARICertID(cert)
-	if err != nil {
-		log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
-	}
-
 	request := certificate.ObtainRequest{
 		Domains:                        merge(certDomains, domains),
 		PrivateKey:                     privateKey,
@@ -201,7 +196,13 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 		Bundle:                         bundle,
 		PreferredChain:                 ctx.String("preferred-chain"),
 		AlwaysDeactivateAuthorizations: ctx.Bool("always-deactivate-authorizations"),
-		ReplacesCertID:                 replacesCertID,
+	}
+
+	if ctx.Bool("ari-enable") {
+		request.ReplacesCertID, err = certificate.MakeARICertID(cert)
+		if err != nil {
+			log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
+		}
 	}
 
 	certRes, err := client.Certificate.Obtain(request)
@@ -262,11 +263,6 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 	timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 	log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
 
-	replacesCertID, err := certificate.MakeARICertID(cert)
-	if err != nil {
-		log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
-	}
-
 	request := certificate.ObtainForCSRRequest{
 		CSR:                            csr,
 		NotBefore:                      getTime(ctx, "not-before"),
@@ -274,7 +270,13 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 		Bundle:                         bundle,
 		PreferredChain:                 ctx.String("preferred-chain"),
 		AlwaysDeactivateAuthorizations: ctx.Bool("always-deactivate-authorizations"),
-		ReplacesCertID:                 replacesCertID,
+	}
+
+	if ctx.Bool("ari-enable") {
+		request.ReplacesCertID, err = certificate.MakeARICertID(cert)
+		if err != nil {
+			log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
+		}
 	}
 
 	certRes, err := client.Certificate.ObtainForCSR(request)