From be44177ee1a9ee34c84dbe85d2db25c43cd34a2c Mon Sep 17 00:00:00 2001
From: Markus Hansmair <markus+getssl@zendro.de>
Date: Sun, 26 Sep 2021 21:44:35 +0200
Subject: [PATCH] delete key file when key alg has changed

---
 getssl | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/getssl b/getssl
index 3bb6272..4f71639 100755
--- a/getssl
+++ b/getssl
@@ -3135,6 +3135,21 @@ if [[ "$REUSE_PRIVATE_KEY" != "true" ]]; then
     rm -f "$DOMAIN_DIR/${DOMAIN}.ec.key"
   fi
 fi
+
+# check if private key alg has changed from RSA to EC (or vice versa)
+if [[ "$DUAL_RSA_ECDSA" == "false" ]] && [[ -s "$DOMAIN_DIR/${DOMAIN}.key" ]]; then
+  case "${PRIVATE_KEY_ALG}" in
+    rsa)
+      if grep --silent -- "-----BEGIN EC PRIVATE KEY-----" "$DOMAIN_DIR/${DOMAIN}.key"; then
+        rm -f "$DOMAIN_DIR/${DOMAIN}.key"
+      fi ;;
+    prime256v1|secp384r1|secp521r1)
+      if grep --silent -- "-----BEGIN RSA PRIVATE KEY-----" "$DOMAIN_DIR/${DOMAIN}.key"; then
+        rm -f "$DOMAIN_DIR/${DOMAIN}.key"
+      fi ;;
+  esac
+fi
+
 # create new domain keys if they don't already exist
 if [[ "$DUAL_RSA_ECDSA" == "false" ]]; then
   create_key "${PRIVATE_KEY_ALG}" "$DOMAIN_DIR/${DOMAIN}.key" "$DOMAIN_KEY_LENGTH"