From 699500dbb081415b06e930778b76660a15896a74 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Fri, 12 Jan 2024 22:00:10 +0100
Subject: [PATCH] Fix DNS suffix edge case during XMPP certificate setup

---
 src/certificate.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/certificate.py b/src/certificate.py
index 76d3f32b7..10818b5b5 100644
--- a/src/certificate.py
+++ b/src/certificate.py
@@ -577,9 +577,16 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
             or {}
         )
         sanlist = []
+
+        # Handle the boring case where the domain is not the root of the dns zone etc...
+        from yunohost.dns import _get_relative_name_for_dns_zone, _get_dns_zone_for_domain
+        base_dns_zone = _get_dns_zone_for_domain(domain)
+        basename = _get_relative_name_for_dns_zone(domain, base_dns_zone)
+        suffix = f".{basename}" if basename != "@" else ""
+        
         for sub in ("xmpp-upload", "muc"):
             subdomain = sub + "." + domain
-            if xmpp_records.get("CNAME:" + sub) == "OK":
+            if xmpp_records.get("CNAME:" + sub + suffix) == "OK":
                 sanlist.append(("DNS:" + subdomain))
             else:
                 logger.warning(