fix: don't generate ARI cert ID if ARI is not enable (#2138)

go-acme · Mar 10, 2024 · 19bbefb · 19bbefb
1 parent 719d26c
commit 19bbefb
Showing 1 changed file with 14 additions and 12 deletions.
diff --git a/cmd/cmd_renew.go b/cmd/cmd_renew.go
@@ -187,11 +187,6 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 		time.Sleep(sleepTime)
 	}
 
-	replacesCertID, err := certificate.MakeARICertID(cert)
-	if err != nil {
-		log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
-	}
-
 	request := certificate.ObtainRequest{
 		Domains:                        merge(certDomains, domains),
 		PrivateKey:                     privateKey,
@@ -201,7 +196,13 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 		Bundle:                         bundle,
 		PreferredChain:                 ctx.String("preferred-chain"),
 		AlwaysDeactivateAuthorizations: ctx.Bool("always-deactivate-authorizations"),
-		ReplacesCertID:                 replacesCertID,
+	}
+
+	if ctx.Bool("ari-enable") {
+		request.ReplacesCertID, err = certificate.MakeARICertID(cert)
+		if err != nil {
+			log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
+		}
 	}
 
 	certRes, err := client.Certificate.Obtain(request)
@@ -262,19 +263,20 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 	timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 	log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
 
-	replacesCertID, err := certificate.MakeARICertID(cert)
-	if err != nil {
-		log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
-	}
-
 	request := certificate.ObtainForCSRRequest{
 		CSR:                            csr,
 		NotBefore:                      getTime(ctx, "not-before"),
 		NotAfter:                       getTime(ctx, "not-after"),
 		Bundle:                         bundle,
 		PreferredChain:                 ctx.String("preferred-chain"),
 		AlwaysDeactivateAuthorizations: ctx.Bool("always-deactivate-authorizations"),
-		ReplacesCertID:                 replacesCertID,
+	}
+
+	if ctx.Bool("ari-enable") {
+		request.ReplacesCertID, err = certificate.MakeARICertID(cert)
+		if err != nil {
+			log.Fatalf("Error while construction the ARI CertID for domain %s\n\t%v", domain, err)
+		}
 	}
 
 	certRes, err := client.Certificate.ObtainForCSR(request)