Merge pull request #57 from xenolf/fix-san-renewal

Fix: renew dropping additional DNSNames
go-acme · Dec 18, 2015 · 3715351 · 3715351
2 parents 102a9f7 + 136cc73
commit 3715351
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 40 deletions.
diff --git a/acme/client.go b/acme/client.go
@@ -368,7 +368,24 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bund
 		return cert, nil
 	}
 
-	newCerts, failures := c.ObtainCertificates([]string{cert.Domain}, bundle)
+	var domains []string
+	newCerts := make([]CertificateResource, 1)
+	var failures map[string]error
+	// check for SAN certificate
+	if len(x509Cert.DNSNames) > 1 {
+		domains = append(domains, x509Cert.Subject.CommonName)
+		for _, sanDomain := range x509Cert.DNSNames {
+			if sanDomain == x509Cert.Subject.CommonName {
+				continue
+			}
+			domains = append(domains, sanDomain)
+		}
+		newCerts[0], failures = c.ObtainSANCertificate(domains, bundle)
+	} else {
+		domains = append(domains, x509Cert.Subject.CommonName)
+		newCerts, failures = c.ObtainCertificates(domains, bundle)
+	}
+
 	if len(failures) > 0 {
 		return CertificateResource{}, failures[cert.Domain]
 	}

diff --git a/cli_handlers.go b/cli_handlers.go
@@ -172,55 +172,59 @@ func revoke(c *cli.Context) {
 
 func renew(c *cli.Context) {
 	conf, _, client := setup(c)
+
+	if len(c.GlobalStringSlice("domains")) <= 0 {
+		logger().Fatal("Please specify at least one domain.")
+	}
+
+	domain := c.GlobalStringSlice("domains")[0]
 
-	for _, domain := range c.GlobalStringSlice("domains") {
-		// load the cert resource from files.
-		// We store the certificate, private key and metadata in different files
-		// as web servers would not be able to work with a combined file.
-		certPath := path.Join(conf.CertPath(), domain+".crt")
-		privPath := path.Join(conf.CertPath(), domain+".key")
-		metaPath := path.Join(conf.CertPath(), domain+".json")
-
-		certBytes, err := ioutil.ReadFile(certPath)
-		if err != nil {
-			logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
-		}
-
-		if c.IsSet("days") {
-			expTime, err := acme.GetPEMCertExpiration(certBytes)
-			if err != nil {
-				logger().Printf("Could not get Certification expiration for domain %s", domain)
-			}
+	// load the cert resource from files.
+	// We store the certificate, private key and metadata in different files
+	// as web servers would not be able to work with a combined file.
+	certPath := path.Join(conf.CertPath(), domain+".crt")
+	privPath := path.Join(conf.CertPath(), domain+".key")
+	metaPath := path.Join(conf.CertPath(), domain+".json")
 
-			if int(expTime.Sub(time.Now()).Hours()/24.0) <= c.Int("days") {
-				continue
-			}
-		}
+	certBytes, err := ioutil.ReadFile(certPath)
+	if err != nil {
+		logger().Fatalf("Error while loading the certificate for domain %s\n\t%s", domain, err.Error())
+	}
 
-		keyBytes, err := ioutil.ReadFile(privPath)
+	if c.IsSet("days") {
+		expTime, err := acme.GetPEMCertExpiration(certBytes)
 		if err != nil {
-			logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
+			logger().Printf("Could not get Certification expiration for domain %s", domain)
 		}
 
-		metaBytes, err := ioutil.ReadFile(metaPath)
-		if err != nil {
-			logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
+		if int(expTime.Sub(time.Now()).Hours() / 24.0) <= c.Int("days") {
+			return
 		}
+	}
 
-		var certRes acme.CertificateResource
-		err = json.Unmarshal(metaBytes, &certRes)
-		if err != nil {
-			logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
-		}
+	keyBytes, err := ioutil.ReadFile(privPath)
+	if err != nil {
+		logger().Fatalf("Error while loading the private key for domain %s\n\t%s", domain, err.Error())
+	}
 
-		certRes.PrivateKey = keyBytes
-		certRes.Certificate = certBytes
+	metaBytes, err := ioutil.ReadFile(metaPath)
+	if err != nil {
+		logger().Fatalf("Error while loading the meta data for domain %s\n\t%s", domain, err.Error())
+	}
 
-		newCert, err := client.RenewCertificate(certRes, true, true)
-		if err != nil {
-			logger().Fatalf("%s", err.Error())
-		}
+	var certRes acme.CertificateResource
+	err = json.Unmarshal(metaBytes, &certRes)
+	if err != nil {
+		logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
+	}
 
-		saveCertRes(newCert, conf)
+	certRes.PrivateKey = keyBytes
+	certRes.Certificate = certBytes
+
+	newCert, err := client.RenewCertificate(certRes, true, true)
+	if err != nil {
+		logger().Fatalf("%s", err.Error())
 	}
+
+	saveCertRes(newCert, conf)
 }