Until now, Sōzu replaces shorter-lived certificates when adding a new one.
This behaviour is imperfectly implement, and leads occasionnaly to confusing behaviours: a certificate with 2 domain names would be removed by a 1-domain-name certificate, leaving one of the domain names unresolved.
Instead of fixing the replacement of certificates, this PR changes the behaviour of the CertificateResolver:
all certificates are stored (unless explicitely removed)
resolving is done by pointing to the longest-lived certificate in storage, for a given domain name
when removing a certificate, the resolver falls back to the next-longest-lived certificate
Until now, Sōzu replaces shorter-lived certificates when adding a new one.
This behaviour is imperfectly implement, and leads occasionnaly to confusing behaviours: a certificate with 2 domain names would be removed by a 1-domain-name certificate, leaving one of the domain names unresolved.
Instead of fixing the replacement of certificates, this PR changes the behaviour of the
CertificateResolver
: