From 75ed9c4a631649660cf51f67d79b313e76706576 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Sat, 19 Mar 2016 18:49:55 -0700
Subject: [PATCH] Check for key file instead of csr file

1) csr file in older backups got corrupt
2) new key results in a new cert request in LE (for rate limits)
---
 src/cert/acme.js | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/cert/acme.js b/src/cert/acme.js
index a5290fbaf..d31d386e8 100644
--- a/src/cert/acme.js
+++ b/src/cert/acme.js
@@ -316,24 +316,23 @@ Acme.prototype.createKeyAndCsr = function (domain, callback) {
 
     var outdir = paths.APP_CERTS_DIR;
     var csrFile = path.join(outdir, domain + '.csr');
-
-    if (safe.fs.existsSync(csrFile)) {
-        debug('createKeyAndCsr: reuse the csr for renewal');
-        return callback(null, safe.fs.readFileSync(csrFile));
-    }
-
+    var privateKeyFile = path.join(outdir, domain + '.key');
     var execSync = safe.child_process.execSync;
 
-    var privateKeyFile = path.join(outdir, domain + '.key');
-    var key = execSync('openssl genrsa 4096');
-    if (!key) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
-    if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+    if (safe.fs.existsSync(privateKeyFile)) {
+        // in some old releases, csr file was corrupt. so always regenerate it
+        debug('createKeyAndCsr: reuse the key for renewal at %s', privateKeyFile);
+    } else {
+        var key = execSync('openssl genrsa 4096');
+        if (!key) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+        if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
 
-    debug('createKeyAndCsr: key file saved at %s', privateKeyFile);
+        debug('createKeyAndCsr: key file saved at %s', privateKeyFile);
+    }
 
     var csrDer = execSync(util.format('openssl req -new -key %s -outform DER -subj /CN=%s', privateKeyFile, domain));
     if (!csrDer) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
-    if (!safe.fs.writeFileSync(csrFile, csrDer)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+    if (!safe.fs.writeFileSync(csrFile, csrDer)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error)); // bookkeeping
 
     debug('createKeyAndCsr: csr file (DER) saved at %s', csrFile);