From 33cb1dd8ef174b8c9bc3b5cb6d1ae193d3cfb069 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Thu, 14 Oct 2021 17:38:42 +0200
Subject: [PATCH] certbot: detect domains for SAN certificates

---
 certbot/files/hooks/deploy/sync_remote.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/certbot/files/hooks/deploy/sync_remote.sh b/certbot/files/hooks/deploy/sync_remote.sh
index dd4b8f6d..7fc3ecf4 100644
--- a/certbot/files/hooks/deploy/sync_remote.sh
+++ b/certbot/files/hooks/deploy/sync_remote.sh
@@ -14,8 +14,15 @@ debug() {
 found_renewed_lineage() {
     test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
 }
+cert_content() {
+    openssl x509 -text -in "${RENEWED_LINEAGE}/fullchain.pem"
+}
 domain_from_cert() {
-    openssl x509 -noout -subject -in "${RENEWED_LINEAGE}/fullchain.pem" | sed 's/^.*CN\ *=\ *//'
+    if cert_content | grep -q "X509v3 Subject Alternative Name:" && cert_content | grep -q "DNS:"; then
+        cert_content | grep "DNS:" | sed -e 's/\s\+//g' -e 's/DNS://g'
+    else
+        cert_content | sed 's/^.*CN\ *=\ *//'
+    fi
 }
 main() {
     if [ -z "${RENEWED_LINEAGE}" ]; then