From 5940c55e18cb517063b0a53bf5e435760188e45c Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.so>
Date: Wed, 7 Feb 2018 00:46:02 +0100
Subject: [PATCH] prepared future migration to new acmev2 endpoint

---
 dehydrated           | 14 +++++++++++++-
 docs/examples/config |  7 +++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/dehydrated b/dehydrated
index b2e3d2d..5c9887d 100755
--- a/dehydrated
+++ b/dehydrated
@@ -111,6 +111,7 @@ load_config() {
 
   # Default values
   CA="https://acme-v01.api.letsencrypt.org/directory"
+  OLDCA=
   CERTDIR=
   ACCOUNTDIR=
   CHALLENGETYPE="http-01"
@@ -209,9 +210,20 @@ load_config() {
   # Check BASEDIR and set default variables
   [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}"
 
+  # Create new account directory or symlink to account directory from old CA
   CAHASH="$(echo "${CA}" | urlbase64)"
   [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
-  mkdir -p "${ACCOUNTDIR}/${CAHASH}"
+  if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then
+    OLDCAHASH="$(echo "${OLDCA}" | urlbase64)"
+    mkdir -p "${ACCOUNTDIR}"
+    if [[ -n "${OLDCA}" ]] && [[ -e "${ACCOUNTDIR}/${OLDCAHASH}" ]]; then
+      echo "! Reusing account from ${OLDCA}"
+      ln -s "${OLDCAHASH}" "${ACCOUNTDIR}/${CAHASH}"
+    else
+      mkdir "${ACCOUNTDIR}/${CAHASH}"
+    fi
+  fi
+
   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
   ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
diff --git a/docs/examples/config b/docs/examples/config
index 074331d..1aa7d63 100644
--- a/docs/examples/config
+++ b/docs/examples/config
@@ -24,6 +24,13 @@
 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 #CA="https://acme-v01.api.letsencrypt.org/directory"
 
+# Path to old certificate authority
+# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
+# If dehydrated detects an account-key for the old CA it will automatically reuse that key
+# instead of registering a new one.
+# default: <unset>
+#OLDCA=
+
 # Which challenge should be used? Currently http-01 and dns-01 are supported
 #CHALLENGETYPE="http-01"
 
-- 
2.47.2