|
@@ -59,7 +59,8 @@ def run(service_name, config, acme_dir="/var/lib/acme",
|
|
current_cert = OpenSSL.crypto.load_certificate(
|
|
current_cert = OpenSSL.crypto.load_certificate(
|
|
OpenSSL.crypto.FILETYPE_PEM, cert_text
|
|
OpenSSL.crypto.FILETYPE_PEM, cert_text
|
|
)
|
|
)
|
|
- fqdn = current_cert.get_subject().CN
|
|
|
|
|
|
+ cert_alt_names = helpers.get_subject_alt_name(current_cert)
|
|
|
|
+ fqdn = cert_alt_names[0]
|
|
acme_cert_path = os.path.join(acme_dir, "live", fqdn,
|
|
acme_cert_path = os.path.join(acme_dir, "live", fqdn,
|
|
"cert")
|
|
"cert")
|
|
acme_fullchain_path = os.path.join(acme_dir, "live", fqdn,
|
|
acme_fullchain_path = os.path.join(acme_dir, "live", fqdn,
|
|
@@ -76,9 +77,10 @@ def run(service_name, config, acme_dir="/var/lib/acme",
|
|
OpenSSL.crypto.FILETYPE_PEM, acme_cert_text
|
|
OpenSSL.crypto.FILETYPE_PEM, acme_cert_text
|
|
)
|
|
)
|
|
if tlsa:
|
|
if tlsa:
|
|
- for port in tlsa_ports:
|
|
|
|
- helpers.create_tlsa_records(fqdn, port, acme_cert,
|
|
|
|
- named_key_path)
|
|
|
|
|
|
+ for name in cert_alt_names:
|
|
|
|
+ for port in tlsa_ports:
|
|
|
|
+ helpers.create_tlsa_records(name, port, acme_cert,
|
|
|
|
+ named_key_path)
|
|
newkey_path = os.path.join(acme_dir, "live",
|
|
newkey_path = os.path.join(acme_dir, "live",
|
|
fqdn, "privkey")
|
|
fqdn, "privkey")
|
|
if certificate_path == key_path:
|
|
if certificate_path == key_path:
|