From e4d9f488709f4dcf866ed79982bc0561f7d02a70 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Mon, 27 Oct 2025 18:04:29 +1000
Subject: [PATCH] Fix creating wrong cert type when trying dns

---
 backend/internal/certificate.js             | 34 ++++++++++++---------
 frontend/src/modals/DNSCertificateModal.tsx |  3 ++
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 786b1414..9a440632 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -20,6 +20,8 @@ import internalNginx from "./nginx.js";
 
 const letsencryptConfig = "/etc/letsencrypt.ini";
 const certbotCommand = "certbot";
+const certbotLogsDir = "/data/logs";
+const certbotWorkDir = "/tmp/letsencrypt-lib";
 
 const omissions = () => {
 	return ["is_deleted", "owner.is_deleted"];
@@ -830,18 +832,18 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--agree-tos",
 			"--authenticator",
 			"webroot",
-			"--email",
+			"-m",
 			email,
 			"--preferred-challenges",
-			"dns,http",
+			"http",
 			"--domains",
 			certificate.domain_names.join(","),
 		];
@@ -884,14 +886,16 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--agree-tos",
-			"--email",
+			"-m",
 			email,
+			"--preferred-challenges",
+			"dns",
 			"--domains",
 			certificate.domain_names.join(","),
 			"--authenticator",
@@ -987,13 +991,13 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--preferred-challenges",
-			"dns,http",
+			"http",
 			"--no-random-sleep-on-renew",
 			"--disable-hook-validation",
 		];
@@ -1031,11 +1035,13 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
+			"--preferred-challenges",
+			"dns",
 			"--disable-hook-validation",
 			"--no-random-sleep-on-renew",
 		];
@@ -1068,9 +1074,9 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-path",
 			`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
 			"--delete-after-revoke",
diff --git a/frontend/src/modals/DNSCertificateModal.tsx b/frontend/src/modals/DNSCertificateModal.tsx
index c2b37f92..3c97fddd 100644
--- a/frontend/src/modals/DNSCertificateModal.tsx
+++ b/frontend/src/modals/DNSCertificateModal.tsx
@@ -42,6 +42,9 @@ const DNSCertificateModal = EasyModal.create(({ visible, remove }: InnerModalPro
 					{
 						domainNames: [],
 						provider: "letsencrypt",
+						meta: {
+							dnsChallenge: true,
+						},
 					} as any
 				}
 				onSubmit={onSubmit}