Certificate stored before private key

[sam-lord]

What version of the package are you using?

Latest release, 0.15.1

What are you trying to do?

Create a wrapper around the storage (which also implements certmagic.Store) so that I can upload certificates to a CDN whilst storing the certs in a compatible way otherwise.

What steps did you take?

Implemented a new store which just passes all of the function calls to the storage passed in. Added some more logic to Store so that certificates and private keys are uploaded to the CDN.

What did you expect to happen, and what actually happened instead?

Private key to be generated first, as the private key has to exist for the certificate to function. The CDN in use rejects requests to add a certificate if the private key for the certificate is missing.

How do you think this should be fixed?

• Swap the order that these two files are uploaded (in crypto.go. I can't see any way that this could negatively impact the compatibility.

Please link to any related issues, pull requests, and/or discussion

Bonus: What do you use CertMagic for, and do you find it useful?

So exciting to be using the project in my app. Hopefully will be able to announce something soon!

[mholt]

The private key is always created before the certificate, it's impossible to do it any other way.

To clarify, you're referring instead to the order in which the assets are saved, though, right, i.e. the order of elements in this slice?

certmagic/crypto.go

Lines 148 to 163 in 1c89882

	all := []keyValue{
	{
	key: StorageKeys.SiteCert(issuerKey, certKey),
	value: cert.CertificatePEM,
	},
	{
	key: StorageKeys.SitePrivateKey(issuerKey, certKey),
	value: cert.PrivateKeyPEM,
	},
	{
	key: StorageKeys.SiteMeta(issuerKey, certKey),
	value: metaBytes,
	},
	}
	return storeTx(cfg.Storage, all)

If so, I guess we can make that change. Shouldn't be a big deal.