From 75e5ddec527ac505540306ca5b26b7c40cdb1b5d Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 31 Jan 2025 13:09:22 +0100
Subject: [PATCH] check-certificates: do not rename the wrong certificate

---
 check-certificates.rsc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/check-certificates.rsc b/check-certificates.rsc
index a61cf81..2900a83 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -68,8 +68,10 @@
           $LogPrint warning $ScriptName ("Decryption failed for certificate file '" . $CertFileName . "'.");
         }
 
-        :foreach CertInChain in=[ /certificate/find where name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \
-            common-name!=$Name !(subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $Name ] . "(\\W|\$)")) !(common-name=[]) ] do={
+        :foreach CertInChain in=[ /certificate/find where common-name!=$Name !private-key \
+            name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \
+            !(subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $Name ] . "(\\W|\$)")) \
+            !(common-name=[]) ] do={
           $CertificateNameByCN [ /certificate/get $CertInChain common-name ];
         }