Blank SANS leads to unnecessary CSR recreation

[cederberg]

Upon the first 30-day cert renewal, my cron logs printed these messages:

Check all certificates
existing csr at /etc/getssl/SERVER/SERVER.csr does not have the same domains as the config - re-create-csr
creating domain csr - /etc/getssl/SERVER/SERVER.csr
...

Since neither the DOMAIN nor SANS had been modified, this shouldn't be needed. Both the old and new CSR files are identical, and the output of the openssl req -text -noout -in ... command returns a single line:

SERVER

The issue seems to originate from the $alldomains variable on line 422:

alldomains=$(echo "$DOMAIN,$SANS" | sed -e 's/ //g; y/,/\n/' | sort -u)

The output here includes an empty line if SANS is empty:

$> DOMAIN="SERVER"
$> SANS=""
$> echo "$DOMAIN,$SANS" | sed -e 's/ //g; y/,/\n/' | sort -u

SERVER

A bugfix for this might be to change the sed command above to sed -e 's/ //g; s/,$//; y/,/\n/'.

[srvrco]

Many thanks, I hadn't spotted that bug ( I think nearly all mine have a SANS variable set)

[srvrco]

Updated in version 1.85 , thanks