From 5c96ee1d9ca0ca2be087c0b5f1281ea2ca0c6f1d Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Fri, 22 Apr 2016 10:14:47 -0600
Subject: [PATCH] Fix bug in renewing default certificate

---
 caddy/https/maintain.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/caddy/https/maintain.go b/caddy/https/maintain.go
index 28fa2fe6c..a0fb0557b 100644
--- a/caddy/https/maintain.go
+++ b/caddy/https/maintain.go
@@ -112,12 +112,21 @@ func renewManagedCertificates(allowPrompts bool) (err error) {
 
 	// Apply changes to the cache
 	for _, cert := range renewed {
+		if cert.Names[len(cert.Names)-1] == "" {
+			// Special case: This is the default certificate, so we must
+			// ensure it gets updated as well, otherwise the renewal
+			// routine will find it and think it still needs to be renewed,
+			// even though we already renewed it...
+			certCacheMu.Lock()
+			delete(certCache, "")
+			certCacheMu.Unlock()
+		}
 		_, err := cacheManagedCertificate(cert.Names[0], cert.OnDemand)
 		if err != nil {
 			if client.AllowPrompts {
 				return err // operator is present, so report error immediately
 			}
-			log.Printf("[ERROR] %v", err)
+			log.Printf("[ERROR] Caching renewed certificate: %v", err)
 		}
 	}
 	for _, cert := range deleted {
@@ -178,7 +187,7 @@ func updateOCSPStaples() {
 		if err != nil {
 			if cert.OCSP != nil {
 				// if it was no staple before, that's fine, otherwise we should log the error
-				log.Printf("[ERROR] Checking OCSP for %s: %v", name, err)
+				log.Printf("[ERROR] Checking OCSP for %v: %v", cert.Names, err)
 			}
 			continue
 		}