From 8db04520d6d1edf417013772960bf1f6e4623dcb Mon Sep 17 00:00:00 2001
From: Andris Reinman <andris@reinman.eu>
Date: Wed, 16 Nov 2022 11:38:56 +0200
Subject: [PATCH] Fixed acme cert upgrade

---
 lib/cert-handler.js | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/lib/cert-handler.js b/lib/cert-handler.js
index ccf8c96b..4577dae1 100644
--- a/lib/cert-handler.js
+++ b/lib/cert-handler.js
@@ -144,7 +144,7 @@ class CertHandler {
         }
 
         const changes = {
-            $set: updates
+            $set: Object.assign({}, updates)
         };
 
         let fp;
@@ -161,14 +161,17 @@ class CertHandler {
             let encodedPrivateKey = await encrypt(updates.privateKey, this.secret);
 
             changes.$set = Object.assign({}, updates, { fp, privateKey: encodedPrivateKey });
-
-            changes.$inc = { v: 1 };
         }
 
         if (updateOptions.certUpdated) {
             changes.$set['_acme.lastError'] = null;
         }
 
+        if (updates.privateKey || updateOptions.certUpdated) {
+            changes.$inc = { v: 1 };
+            changes.$set.updated = new Date();
+        }
+
         try {
             r = await this.database.collection('certs').findOneAndUpdate(query, changes, {
                 upsert: false,
@@ -189,6 +192,15 @@ class CertHandler {
             throw err;
         }
 
+        if (updateOptions.certUpdated) {
+            this.loggelf({
+                short_message: `SNI cert updated for ${r.value.servername}`,
+                _sni_servername: r.value.servername,
+                _cert_action: 'update',
+                _cert_expires: r.value.expires && r.value.expires.toISOString()
+            });
+        }
+
         if (this.redis && updates.cert) {
             try {
                 await publish(this.redis, {
@@ -368,6 +380,22 @@ class CertHandler {
             throw err;
         }
 
+        if (r.lastErrorObject.upserted) {
+            this.loggelf({
+                short_message: `SNI cert created for ${r.value.servername}`,
+                _sni_servername: r.value.servername,
+                _cert_action: 'create',
+                _cert_expires: r.value.expires && r.value.expires.toISOString()
+            });
+        } else if (r.lastErrorObject.updatedExisting) {
+            this.loggelf({
+                short_message: `SNI cert updated for ${r.value.servername}`,
+                _sni_servername: r.value.servername,
+                _cert_action: 'update',
+                _cert_expires: r.value.expires && r.value.expires.toISOString()
+            });
+        }
+
         if (this.redis && certData.cert) {
             try {
                 if (r.lastErrorObject.upserted) {