Add support for preferred chain option

project0 · Oct 1, 2021 · 96aaebe · 96aaebe
1 parent 20f37a7
commit 96aaebe
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 15 deletions.
diff --git a/certstore/certstore.go b/certstore/certstore.go
@@ -40,19 +40,21 @@ func (u User) GetPrivateKey() crypto.PrivateKey {
 }
 
 type CertStore struct {
-	user    *User
-	email   string
-	client  *lego.Client
-	sync    *sync.Mutex
-	storage store.Store
+	user           *User
+	email          string
+	preferredChain string
+	client         *lego.Client
+	sync           *sync.Mutex
+	storage        store.Store
 }
 
-func NewCertStore(acmeDirectory string, email string, challengeProvider challenge.Provider, storage store.Store) (*CertStore, error) {
+func NewCertStore(acmeDirectory string, email string, challengeProvider challenge.Provider, storage store.Store, preferredChain string) (*CertStore, error) {
 	var err error
 	cs := &CertStore{
-		sync:    &sync.Mutex{},
-		email:   email,
-		storage: storage,
+		sync:           &sync.Mutex{},
+		email:          email,
+		storage:        storage,
+		preferredChain: preferredChain,
 	}
 
 	// ensure we have a user
@@ -159,10 +161,11 @@ func (c *CertStore) GetCertificate(request *CertRequest) (*CertificateResource,
 	}
 
 	req := certificate.ObtainRequest{
-		Domains:    request.domains(),
-		Bundle:     false,
-		PrivateKey: nil,
-		MustStaple: false,
+		Domains:        request.domains(),
+		Bundle:         false,
+		PrivateKey:     nil,
+		MustStaple:     false,
+		PreferredChain: c.preferredChain,
 	}
 	acmeCerts, err := c.client.Certificate.Obtain(req)
 	if err != nil {

diff --git a/certstore/request.go b/certstore/request.go
@@ -58,7 +58,7 @@ func removeDuplicates(elements []string) []string {
 	result := []string{}
 
 	for v := range elements {
-		if encountered[elements[v]] == true {
+		if encountered[elements[v]] {
 			// Do not add duplicate.
 		} else {
 			// Record this element as an encountered element.

diff --git a/main.go b/main.go
@@ -66,6 +66,12 @@ func main() {
 					Usage:  "DNS challenge provider name",
 					EnvVar: flagSetHelperEnvKey("PROVIDER"),
 				},
+				cli.StringFlag{
+					Name:   "preferred-chain",
+					Value:  "",
+					Usage:  "If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.",
+					EnvVar: flagSetHelperEnvKey("PREFERRED-CHAIN"),
+				},
 				cli.StringFlag{
 					Name:   "dns.listen",
 					Value:  ":53",
@@ -125,7 +131,7 @@ func main() {
 					}
 				}
 
-				certStore, err = certstore.NewCertStore(c.String("server"), email, dnsprovider, storage)
+				certStore, err = certstore.NewCertStore(c.String("server"), email, dnsprovider, storage, c.String("preferred-chain"))
 				if err != nil {
 					log.Fatal(err)
 				}