From df13c4d1dcf42e7a27ce7f0ded7b848b4cfc7448 Mon Sep 17 00:00:00 2001
From: Wildan M <willnode@wellosoft.net>
Date: Thu, 14 Nov 2024 20:09:29 +0700
Subject: [PATCH] Smarter when to self sign

---
 src/executor/runnersub.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/executor/runnersub.js b/src/executor/runnersub.js
index 7a172ff..66cd1ee 100644
--- a/src/executor/runnersub.js
+++ b/src/executor/runnersub.js
@@ -301,9 +301,14 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
                             });
                             subdomaindata['SSL cert expiry'] = new Date().toISOString()
                         }
-                        // if LE ON AND force self-sign / shared on, must turn off
-                        // if it was shared or ssl path don't match, just assume that's also LE ON
-                    } else if ((selfSignSsl || sharedSSL || expectedSslMode == 'off') && ((subdomaindata['SSL shared with'] && changed && !expectedSslMode) || subdomaindata['Lets Encrypt renewal'] == 'Enabled')) {
+                        // Regenerate self sign if
+                        // 1. Explicit request || SSL off
+                        // 2. Let's Encrypt renewal enabled
+                        // 3. sharing SSL and was not
+                    } else if ((selfSignSsl || expectedSslMode == 'off') || (subdomaindata['Lets Encrypt renewal'] == 'Enabled') || ((sharedSSL && !subdomaindata['SSL shared with'] && !expectedSslMode))) {
+                        if (subdomaindata['SSL shared with']) {
+                            throw new Error('Cannot turn off SSL while using shared domain!')
+                        }
                         await writeLog("$> Generating self signed cert and turning off let's encrypt renewal");
                         await virtExec("generate-cert", {
                             domain: subdomain,