From 9f4379926c2b72a64cbddad898dfe1026660d5eb Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 16 Dec 2020 19:27:48 +0100
Subject: [PATCH] Remove the OCSP issuer file if it's obsolete.

---
 templates/haproxy-letsencrypt-acme.sh.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/templates/haproxy-letsencrypt-acme.sh.j2 b/templates/haproxy-letsencrypt-acme.sh.j2
index 3e60faf..2ef7045 100644
--- a/templates/haproxy-letsencrypt-acme.sh.j2
+++ b/templates/haproxy-letsencrypt-acme.sh.j2
@@ -40,8 +40,14 @@ fi
 
 # Run the OCSP stapling script
 if [ -x /usr/local/bin/hapos-upd ] ; then
+    upd_retval=
     echo "Run the OCSP stapling updater script" >> $LE_LOG_DIR/haproxy.log
     /usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s {{ haproxy_admin_socket }} -v - >> $LE_LOG_DIR/haproxy.log 2>&1
+    upd_retval=$?
+    if [ $upd_retval -ne 0 ] ; then
+        rm -f ${HAPROXY_CERTFILE}.issuer
+        /usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s {{ haproxy_admin_socket }} -v - >> $LE_LOG_DIR/haproxy.log 2>&1
+    fi
 else
     echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log
 fi