Generating TLS certificate with LIT ignores tlsextradomain

[jholz88]

How to trigger the bug:

1. Delete tls.cert and tls.key from /root/.lit
2. Add lnd.tlsextradomain=lnd to lit.conf
3. Restart LIT
4. Generated certificate is missing the extra domain (lnd)

Expected behavior: The newly generated certificate should include the specified extra domain(s).

Workaround: I temporarily switched to "docker.io/lightninglabs/lnd:v0.18.0-beta.1" and copied the certificates from /root/.lnd to /root/.lit then switched back.

System Information: LIT running inside docker container running on Fedora CoreOS with ZFS. docker.io/lightninglabs/lightning-terminal:v0.13.0-alpha lnd-mode=integrated

[guggero]

I think when there's a certificate already present that hasn't expired, a new one isn't automatically created if you change the extra domains. Unless you specify lnd.tlsautorefresh (shich specifically mention the domains). So I think this is expected behavior.

[jholz88]

There is no certificate present because the first thing I did was delete the certificate and key. Then I restarted LIT and it successfully generates a new certificate and key, but is ignoring 'lnd.tlsextradomain'.

[guggero]

Ah, I misread that, sorry. You're talking about the litd certificate only. I guess we need a new tlsextradomain parameter/flag for just litd in addition to the lnd.tlsextradomain one (that only affects the certificate created by lnd itself).