Bug #16946
openMixed DNS and HTTP validation methods clear environment variables during multi-domain certificate issue
0%
Description
When creating a certificate containing multiple SANs that use mixed validation methods (e.g., Domain 1 uses DNS-deSEC, Domain 2 uses Standalone HTTP), the environment variables are cleared.
In `/usr/local/pkg/acme/acme.inc`, `$envvariables = array();` is defined inside the `foreach ($certificate['a_domainlist']['item'] as $domain)` loop. As a result, subsequent loop items (like an HTTP validation row that doesn't supply DNS keys) clear out the environmental array variables collected from previous rows before executing `signCertificate()`.
Moving `$envvariables = array();` immediately above the `foreach` loop fixes the issue, allowing environment definitions to accumulate properly across all target domains in a single execution pass.
Updated by Konrad Lanz 1 day ago
See also: https://redmine.pfsense.org/issues/11614
Updated by Konrad Lanz 1 day ago
Konrad Lanz wrote in #note-2:
> awk -v bang="!" 'NR==3687 {$0="\t\t\t\t\t\tif (" bang "isset($envvariables)) { $envvariables = array(); }"} {print}' /usr/local/pkg/acme/acme.inc > /usr/local/pkg/acme/acme.inc.tmp && mv /usr/local/pkg/acme/acme.inc.tmp /usr/local/pkg/acme/acme.inc
>
> sed -n '3685,3690p' /usr/local/pkg/acme/acme.inc
>
> diff /usr/local/pkg/acme/acme.inc /usr/local/pkg/acme/acme.inc.bak 3687c3687
> < if (!isset($envvariables)) { $envvariables = array(); }
> ---
> > $envvariables = array();