From c458ed8b0cccd741d075713f576a1b2c794d6d84 Mon Sep 17 00:00:00 2001
From: Daniel Reichelt <hacking@nachtgeist.net>
Date: Tue, 8 Mar 2016 08:11:59 +0100
Subject: [PATCH] cron/LE: fix superfluous CSRs

Depending on the data present, the LE cronscript may cause multiple
entries per domain in domain_ssl_settings.

This is due to $updcert_stmt interfering with the outer loop
while ($certrow = $stmt->fetch()): PDO's DB cursor sees rows newly created
by $updcert_stmt within the loop. As a consequence this also leads to
superfluous CSRs, thus increasing the certificate limit counter on the LE
side.

Solution: manifest the result of @$certificates_stmt@ on the PHP side in
its entirety prior to entering the outer loop.
---
 scripts/jobs/cron_letsencrypt.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php
index 9bceea5e..720ae706 100644
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -36,7 +36,8 @@ $upddom_stmt = Database::prepare("
 ");
 
 $changedetected = 0;
-while ($certrow = $certificates_stmt->fetch(PDO::FETCH_ASSOC)) {
+$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
+foreach($certrows AS $certrow) {
 
     // set logger to corresponding loginname for the log to appear in the users system-log
     $cronlog = FroxlorLogger::getInstanceOf(array('loginname' => $certrow['loginname']));