From a7f17fc095a56fe21ec5881da248e4f9f6bcd771 Mon Sep 17 00:00:00 2001
From: Jan Thiel <jan@hive-it.de>
Date: Mon, 15 Feb 2021 16:13:50 +0100
Subject: [PATCH] Add --cert-name option to certbot calls to set primary domain
 instead of --expand Fixes
 https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6061

---
 server/lib/classes/letsencrypt.inc.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index a2e6a5c380..2f2ac25483 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -137,6 +137,7 @@ class letsencrypt {
 			return false;
 		}
 
+		$primary_domain = $domains[0];
 		$matches = array();
 		$ret = null;
 		$val = 0;
@@ -158,11 +159,13 @@ class letsencrypt {
 				$webroot_map[$domains[$i]] = '/usr/local/ispconfig/interface/acme';
 			}
 			$webroot_args = "--webroot-map " . escapeshellarg(str_replace(array("\r", "\n"), '', json_encode($webroot_map)));
+			$cert_selection_command = "--cert-name $primary_domain";
 		} else {
 			$webroot_args = "$cmd --webroot-path /usr/local/ispconfig/interface/acme";
+			$cert_selection_command = "--expand";
 		}
 
-		$cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $webroot_args";
+		$cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$primary_domain $webroot_args";
 
 		return $cmd;
 	}
-- 
GitLab