If we regenerate the key by using FORCE=1 then we also need to regenerate the CSR, otherwise the key will not match the certificate.
@@ -110,7 +110,7 @@ createCSR() {
domainlist=$2
- if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ]; then
+ if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && ! [ "$FORCE" ]; then
_info "CSR exists, skip"
return
fi