2 files changed, 16 insertions, 3 deletions

diff --git a/Changelog b/Changelog
index 6f212b0..0336e5b 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+lacme (0.3) upstream;
+
+  - When parsing config-cert files and directories (default "lacme-certs.conf
+    lacme-certs.conf.d"), import the default section of files read earlier.
+
+ -- Guilhem Moulin <guilhem@guilhem.org>  Sun, 19 Feb 2017 13:08:41 +0100
+
 lacme (0.2) upstream;
 
   + Honor Retry-After headers for certificate issuance and challenge
diff --git a/lacme b/lacme
index 1951ed7..6c7f48d 100755
--- a/lacme
+++ b/lacme
@@ -562,7 +562,7 @@ elsif ($COMMAND eq 'new-cert') {
     my $conffiles = defined $OPTS{'config-certs'} ? $OPTS{'config-certs'}
                   : defined $CONFIG->{_}->{'config-certs'} ? [ split(/\s+/, $CONFIG->{_}->{'config-certs'}) ]
                   : [ "$NAME-certs.conf", "$NAME-certs.conf.d/" ];
-    my $conf;
+    my ($conf, %defaults);
     foreach my $conffile (@$conffiles) {
         $conffile = ($CONFFILENAME =~ s#[^/]+\z##r).$conffile unless $conffile =~ /\A\//;
         my @filenames;
@@ -582,13 +582,14 @@ elsif ($COMMAND eq 'new-cert') {
         foreach my $filename (sort @filenames) {
             print STDERR "Reading $filename\n" if $OPTS{debug};
             my $h = Config::Tiny::->read($filename) or die Config::Tiny::->errstr()."\n";
-            my $defaults = delete $h->{_} // {};
+            my $def = delete $h->{_} // {};
+            $defaults{$_} = $def->{$_} foreach keys %$def;
             my @valid = qw/certificate certificate-chain certificate-key min-days CAfile
                            hash keyUsage subject subjectAltName chown chmod notify/;
             foreach my $s (keys %$h) {
                 $conf->{$s} = { map { $_ => delete $h->{$s}->{$_} } @valid };
                 die "Unknown option(s) in [$s]: ".join(', ', keys %{$h->{$s}})."\n" if %{$h->{$s}};
-                $conf->{$s}->{$_} //= $defaults->{$_} foreach keys %$defaults;
+                $conf->{$s}->{$_} //= $defaults{$_} foreach keys %defaults;
             }
         }
     }
@@ -602,6 +603,11 @@ elsif ($COMMAND eq 'new-cert') {
             next;
         };
 
+        if ($OPTS{debug}) {
+            print STDERR "Configuration option for $s:\n";
+            print "    $_ = $conf->{$_}\n" foreach grep { defined $conf->{$_} } (sort keys %$conf);
+        }
+
         my $certtype = first { defined $conf->{$_} } qw/certificate certificate-chain/;
         unless (defined $certtype) {
             print STDERR "[$s] Warning: Missing 'certificate' and 'certificate-chain', skipping\n";