From ba644d44f17fe08ec48499178868de1f28cfdad9 Mon Sep 17 00:00:00 2001
From: Rudolf Mayerhofer <git@eightyfive.net>
Date: Tue, 28 Mar 2023 21:38:14 +0200
Subject: [PATCH] Update config id if we have a key algorithm set to allow for
 multiple certs with different algorithms for the same set of domains

This is a breaking change!
Changes the id for configurations with a key algorithm set, which by default results in changes to serveral dependent configuration values as well,
such as cert_file/key_file/csr_file. This will require existing ECC setups to append the ecc suffix to files in the acertmgr configuration directory
---
 acertmgr/configuration.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/acertmgr/configuration.py b/acertmgr/configuration.py
index 8303cca..4da7a04 100644
--- a/acertmgr/configuration.py
+++ b/acertmgr/configuration.py
@@ -124,6 +124,17 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
     # Use a static cert request
     update_config_value(config, 'csr_static', localconfig, globalconfig, "false")
 
+    # SSL key algorithm (if key has to be (re-)generated)
+    update_config_value(config, 'key_algorithm', localconfig, globalconfig, None)
+    # Update config id if we have a key algorithm set to allow for
+    # multiple certs with different algorithms for the same set of domains
+    if config.get('key_algorithm', None):
+        config['id'] += "_" + config['key_algorithm']
+
+    # SSL key length (if key has to be (re-)generated, converted to int)
+    update_config_value(config, 'key_length', localconfig, globalconfig, None)
+    config['key_length'] = int(config['key_length']) if config['key_length'] else None
+
     # SSL cert request location
     update_config_value(config, 'csr_file', localconfig, globalconfig,
                         os.path.join(config['cert_dir'], "{}.csr".format(config['id'])))
@@ -136,13 +147,6 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
     update_config_value(config, 'key_file', localconfig, globalconfig,
                         os.path.join(config['cert_dir'], "{}.key".format(config['id'])))
 
-    # SSL key algorithm (if key has to be (re-)generated)
-    update_config_value(config, 'key_algorithm', localconfig, globalconfig, None)
-
-    # SSL key length (if key has to be (re-)generated, converted to int)
-    update_config_value(config, 'key_length', localconfig, globalconfig, None)
-    config['key_length'] = int(config['key_length']) if config['key_length'] else None
-
     # SSL CA location / use static
     update_config_value(config, 'ca_file', localconfig, globalconfig,
                         os.path.join(config['cert_dir'], "{}.ca".format(config['id'])))