Pre-generate timestamp outside of sign_domain

diff --git a/dehydrated b/dehydrated
index 583a177cadf7796df071423ef2162ee9ae8b07ad..5cecfa7d4f293a59ddd76992a42b47adc52cb1a2 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -864,9 +864,10 @@ walk_chain() {
 sign_domain() {
   local certdir="${1}"
   shift
+  timestamp="${1}"
+  shift
   domain="${1}"
   altnames="${*}"
-  timestamp="$(date +%s)"
 
   export altnames
 
@@ -1114,6 +1115,8 @@ command_sign_domains() {
 
     force_renew="${PARAM_FORCE:-no}"
 
+    timestamp="$(date +%s)"
+
     if [[ -z "${morenames}" ]];then
       echo "Processing ${domain}"
     else
@@ -1181,6 +1184,7 @@ command_sign_domains() {
       fi
     fi
 
+    # Check expire date of existing certificate
     if [[ -e "${cert}" ]]; then
       echo " + Checking expire date of existing cert..."
       valid="$("${OPENSSL}" x509 -enddate -noout -in "${cert}" | cut -d= -f2- )"
@@ -1204,14 +1208,14 @@ command_sign_domains() {
     local update_ocsp
     update_ocsp="no"
 
-    # shellcheck disable=SC2086
+    # Sign certificate for this domain
     if [[ ! "${skip}" = "yes" ]]; then
       update_ocsp="yes"
       if [[ "${PARAM_KEEP_GOING:-}" = "yes" ]]; then
-        sign_domain "${certdir}" ${domain} ${morenames} &
+        sign_domain "${certdir}" ${timestamp} ${domain} ${morenames} &
         wait $! || true
       else
-        sign_domain "${certdir}" ${domain} ${morenames}
+        sign_domain "${certdir}" ${timestamp} ${domain} ${morenames}
       fi
     fi