From ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0 Mon Sep 17 00:00:00 2001
From: Egor Tensin <egor@tensin.name>
Date: Tue, 26 Dec 2023 21:38:37 +0100
Subject: letsencrypt: don't sort SANs

Sort them in the /etc status file only, for consistency. This should
allow users to supply the SANs in custom order, preserving the intended
main certificate domain (or whatever the technical term is).
---
 roles/letsencrypt/tasks/domain.yml             | 2 +-
 roles/letsencrypt/templates/domain_list.txt.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml
index bc6e581..0ff74e9 100644
--- a/roles/letsencrypt/tasks/domain.yml
+++ b/roles/letsencrypt/tasks/domain.yml
@@ -2,7 +2,7 @@
   become: true
   vars:
     certificate_name: '{{ domain.name | default(domain) }}'
-    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
+    certificate_domains: "{{ domain.domains | default([certificate_name]) | unique }}"
   block:
     - name: Cache domain list
       ansible.builtin.template:
diff --git a/roles/letsencrypt/templates/domain_list.txt.j2 b/roles/letsencrypt/templates/domain_list.txt.j2
index d37e0bd..4641e2f 100644
--- a/roles/letsencrypt/templates/domain_list.txt.j2
+++ b/roles/letsencrypt/templates/domain_list.txt.j2
@@ -2,6 +2,6 @@
 
 {{ letsencrypt_email }}
 {{ letsencrypt_credentials_ini }}
-{% for domain in certificate_domains %}
+{% for domain in certificate_domains | sort %}
 {{ domain }}
 {% endfor %}
-- 
cgit v1.2.3