Add --cert-name option to certbot calls to set primary domain instead of --expand

JanThiel · JanThiel · commit a7f17fc095a5 · 2021-02-15T16:13:50.000+01:00
Fixes https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6061
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
@@ -137,6 +137,7 @@ public function get_certbot_command($domains) {
 			return false;
 		}
 
+		$primary_domain = $domains[0];
 		$matches = array();
 		$ret = null;
 		$val = 0;
@@ -158,11 +159,13 @@ public function get_certbot_command($domains) {
 				$webroot_map[$domains[$i]] = '/usr/local/ispconfig/interface/acme';
 			}
 			$webroot_args = "--webroot-map " . escapeshellarg(str_replace(array("\r", "\n"), '', json_encode($webroot_map)));
+			$cert_selection_command = "--cert-name $primary_domain";
 		} else {
 			$webroot_args = "$cmd --webroot-path /usr/local/ispconfig/interface/acme";
+			$cert_selection_command = "--expand";
 		}
 
-		$cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $webroot_args";
+		$cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$primary_domain $webroot_args";
 
 		return $cmd;
 	}

Original file line number	Diff line number	Diff line change
`@@ -137,6 +137,7 @@ public function get_certbot_command($domains) {`
`137`	`137`	`return false;`
`138`	`138`	`}`
`139`	`139`
	`140`	`+ $primary_domain = $domains[0];`
`140`	`141`	`$matches = array();`
`141`	`142`	`$ret = null;`
`142`	`143`	`$val = 0;`
`@@ -158,11 +159,13 @@ public function get_certbot_command($domains) {`
`158`	`159`	`$webroot_map[$domains[$i]] = '/usr/local/ispconfig/interface/acme';`
`159`	`160`	`}`
`160`	`161`	`$webroot_args = "--webroot-map " . escapeshellarg(str_replace(array("\r", "\n"), '', json_encode($webroot_map)));`
	`162`	`+ $cert_selection_command = "--cert-name $primary_domain";`
`161`	`163`	`} else {`
`162`	`164`	`$webroot_args = "$cmd --webroot-path /usr/local/ispconfig/interface/acme";`
	`165`	`+ $cert_selection_command = "--expand";`
`163`	`166`	`}`
`164`	`167`
`165`		`- $cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $webroot_args";`
	`168`	`+ $cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$primary_domain $webroot_args";`
`166`	`169`
`167`	`170`	`return $cmd;`
`168`	`171`	`}`