From 5ba70878de4ad942db8435398ff6943fa35ff47f Mon Sep 17 00:00:00 2001
From: AJ ONeal <awesome@coolaj86.com>
Date: Tue, 14 Jul 2015 21:36:20 +0000
Subject: [PATCH] prefer letsencrypt-style certs

---
 lib/vhost-sni-server.js | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/lib/vhost-sni-server.js b/lib/vhost-sni-server.js
index 75e61e6..3f7301a 100644
--- a/lib/vhost-sni-server.js
+++ b/lib/vhost-sni-server.js
@@ -400,14 +400,28 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
     var secOpts;
 
     try {
-      var nodes = fs.readdirSync(path.join(certsPath, 'server'));
-      var keyNode = nodes.filter(function (node) { return /\.key\.pem$/.test(node); })[0];
-      var crtNode = nodes.filter(function (node) { return /\.crt\.pem$/.test(node); })[0];
+      var nodes = fs.readdirSync(certsPath);
+      var keyNode = nodes.filter(function (node) { return 'privkey.pem' === node; })[0];
+      var crtNode = nodes.filter(function (node) { return 'fullchain.pem' === node; })[0];
+
+      if (keyNode && crtNode) {
+        keyNode = path.join(certsPath, keyNode);
+        crtNode = path.join(certsPath, crtNode);
+      } else {
+        nodes = fs.readdirSync(path.join(certsPath, 'server'));
+        keyNode = nodes.filter(function (node) { return /^privkey(\.key)?\.pem$/.test(node) || /\.key\.pem$/.test(node); })[0];
+        crtNode = nodes.filter(function (node) { return /^fullchain(\.crt)?\.pem$/.test(node) || /\.crt\.pem$/.test(node); })[0];
+        keyNode = path.join(certsPath, 'server', keyNode);
+        crtNode = path.join(certsPath, 'server', crtNode);
+      }
+
       secOpts = {
-        key:  fs.readFileSync(path.join(certsPath, 'server', keyNode))
-      , cert: fs.readFileSync(path.join(certsPath, 'server', crtNode))
+        key:  fs.readFileSync(keyNode)
+      , cert: fs.readFileSync(crtNode)
       };
 
+      // I misunderstood what the ca option was for
+      /*
       if (fs.existsSync(path.join(certsPath, 'ca'))) {
         secOpts.ca = fs.readdirSync(path.join(certsPath, 'ca')).filter(function (node) {
           console.log('[log ca]', node);
@@ -416,6 +430,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
           return fs.readFileSync(path.join(certsPath, 'ca', node));
         });
       }
+      */
     } catch(err) {
       // TODO Let's Encrypt / ACME HTTPS
       console.error("[ERROR] Couldn't READ HTTPS certs from '" + certsPath + "':");
@@ -446,7 +461,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
                     // fallback / default dummy certs
       key:          localDummyCerts.key
     , cert:         localDummyCerts.cert
-    , ca:           localDummyCerts.ca
+    //, ca:           localDummyCerts.ca
     // io.js defaults have disallowed insecure algorithms as of 2015-06-29
     // https://iojs.org/api/tls.html
     // previous version could use something like this