Load private keys first (#171)

The order of storing the certificates was previously changed so that the private key would be stored first. For anyone who is creating storage hooks which push the certificate & key to a 3rd party service (like a CDN), the certificates are generally refused if uploaded before the private key. Loading can trigger the same issue if (for any reason), the certificate & key have been deleted on the 3rd party service. I'll admit that this stretches what the storage system should be doing, but with this trivial change it is really easy to create a reliable link to a CDN.
2022-02-15 19:23:49 +00:00 · 2022-02-15 19:23:49 +00:00 · 134f03986c
commit 134f03986c
parent 2f78e52756
1 changed files with 5 additions and 5 deletions
--- a/crypto.go
+++ b/crypto.go
@ -240,16 +240,16 @@ func (cfg *Config) loadCertResource(issuer Issuer, certNamesKey string) (Certifi
 		return CertificateResource{}, fmt.Errorf("converting '%s' to ASCII: %v", certNamesKey, err)
 	}

-	certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(certRes.issuerKey, normalizedName))
-	if err != nil {
-		return CertificateResource{}, err
-	}
-	certRes.CertificatePEM = certBytes
 	keyBytes, err := cfg.Storage.Load(StorageKeys.SitePrivateKey(certRes.issuerKey, normalizedName))
 	if err != nil {
 		return CertificateResource{}, err
 	}
 	certRes.PrivateKeyPEM = keyBytes
+	certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(certRes.issuerKey, normalizedName))
+	if err != nil {
+		return CertificateResource{}, err
+	}
+	certRes.CertificatePEM = certBytes
 	metaBytes, err := cfg.Storage.Load(StorageKeys.SiteMeta(certRes.issuerKey, normalizedName))
 	if err != nil {
 		return CertificateResource{}, err