Got the fix upstream as commit 527933db2434cc103428e04cf72fdd04c13a06a9 On Mon, Feb 1, 2021 at 6:27 AM Mattia Rizzolo <mat...@debian.org> wrote: > > Hi! > > On Sun, Jan 31, 2021 at 05:48:25AM -0800, Michel Lespinasse wrote: > > Dehydrated supports two locations for config settings: > > - The main config file, /etc/dehydrated/config by default > > - Per-certificate config files, i.e. certs/*/config > > > > Settings defined in the per-certificate config files are expected to > > only affect that particular certificate. But, this doesn't seem to be > > the case - in particular, I noticed that PRIVATE_KEY_ROLLOVER was also > > affecting certificates that are processed later in the run. > > > > Looking at the code, I think I found the root cause. > > Could I ask if you'd be willing to forward this issue directly upstream > at https://github.com/dehydrated-io/dehydrated/issues ? > > > The store_configvars() and reset_configvars() are expected to save the > > canonical (as per the global config file) settings and restore them > > before processing each certificate. But, the set of variables that are > > saved by these functions is only a subset of those that can be set in > > per-certificate config files; in particular the OCSP_FETCH, OCSP_DAYS, > > and PRIVATE_KEY_ROLLOVER settings are missing. > > So, only from reading your report, this might be as trivial as you say. > If you tried to patch it and it works you might as well also propose > this in the form of a merge request in the above github repository :) > > -- > regards, > Mattia Rizzolo > > GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. > More about me: https://mapreri.org : :' : > Launchpad user: https://launchpad.net/~mapreri `. `'` > Debian QA page: https://qa.debian.org/developer.php?login=mattia `-