From c7a70f630a67bb6bea76e71c076cb4338ce4eb92 Mon Sep 17 00:00:00 2001
From: yusing <yusing.wys@gmail.com>
Date: Sat, 31 Jan 2026 18:57:15 +0800
Subject: [PATCH] fix(autocert): rebuild SNI matcher after ObtainCertAll
 operations

The ObtainCertAll method was missing a call to rebuildSNIMatcher(),
which could leave the SNI configuration stale after certificate
renewals. Both ObtainCertIfNotExistsAll and ObtainCertAll now
consistently rebuild the SNI matcher after their operations.

This was introduced in 3ad6e98a174250e3b507e36a6440acb4ece65a82,
not a bug fix for previous version
---
 internal/autocert/provider.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/autocert/provider.go b/internal/autocert/provider.go
index 4bb70e0e..3c84f906 100644
--- a/internal/autocert/provider.go
+++ b/internal/autocert/provider.go
@@ -222,8 +222,9 @@ func (p *Provider) ObtainCertIfNotExistsAll() error {
 		})
 	}
 
+	err := errs.Wait().Error()
 	p.rebuildSNIMatcher()
-	return errs.Wait().Error()
+	return err
 }
 
 // obtainCertIfNotExists obtains a new certificate for this provider if it does not exist.
@@ -261,7 +262,10 @@ func (p *Provider) ObtainCertAll() error {
 			return nil
 		})
 	}
-	return errs.Wait().Error()
+
+	err := errs.Wait().Error()
+	p.rebuildSNIMatcher()
+	return err
 }
 
 // ObtainCert renews existing certificate or obtains a new certificate for this provider.