From ffb4fde1c64a5d129f7a9752862fc08af57fa806 Mon Sep 17 00:00:00 2001
From: David Klaftenegger <david.klaftenegger@it.uu.se>
Date: Sun, 28 Feb 2016 16:21:56 +0100
Subject: [PATCH] Adds support for SubjectAltName in CSR generation

To use this feature, add multiple domain names in the configuration,
separated by spaces
---
 acertmgr.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/acertmgr.py b/acertmgr.py
index 77516f1..0b671cb 100755
--- a/acertmgr.py
+++ b/acertmgr.py
@@ -147,7 +147,17 @@ def cert_get(domain, settings):
 		server_thread.start()
 
 	try:
-		cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
+		allnames = domain.split(' ')
+		if len(allnames) == 1:
+			cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
+		else:
+			cnt = 0
+			altnames = []
+			for alias in allnames[1:]
+				cnt = cnt + 1
+				altnames.append('DNS.%d=%s' % cnt, alias)
+			subject = '/CN=%s subjectAltName=%s' % allnames[0], ','.join(altnames)
+			cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-reqexts', 'SAN', '-subj', subject])
 
 		# get certificate
 		crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir)