From 5b9c2e5336fa08f8c77cf4ac861617b1453999c3 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sun, 6 Sep 2020 18:16:48 +0200
Subject: [PATCH] keep key during certificate renewal

---
 core/nginx/letsencrypt.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py
index e636dac9..562b0895 100755
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -36,6 +36,12 @@ command2 = [
     "--post-hook", "/config.py"
 ]
 
+# if dane is used we recommend pinning to the key, so it should not change
+# ('true','yes') to be consistent with the logic in configuration.py
+if os.environ.get("TLS_REUSE_KEY", "false").lower() in ('true','yes'):
+    command.append("--reuse-key")
+    command2.append("--reuse-key")
+
 # Wait for nginx to start
 time.sleep(5)