Only download fixed CA certs if none was found in the original response

webmin/letsencrypt-lib.pl

@@ -332,7 +332,6 @@ else {
 	# Check if the returned cert contains a CA cert as well
 	my $chain = &transname();
 	my @certs = &cert_file_split($cert);
-	my %donecert;
 	if (@certs > 1) {
 		# Yes .. keep the first as the cert, and use the others as
 		# the chain
@@ -341,7 +340,6 @@ else {
 		&open_tempfile($fh, ">$chain");
 		foreach my $c (@certs) {
 			&print_tempfile($fh, $c);
-			$donecert{$c}++;
 			}
 		&close_tempfile($fh);
 		my $fh2 = "CERT";
@@ -349,22 +347,24 @@ else {
 		&print_tempfile($fh2, $orig);
 		&close_tempfile($fh2);
 		}
-
-	# Download the latest chained cert files
-	foreach my $url (@$letsencrypt_chain_urls) {
-		my $cout;
-		my ($host, $port, $page, $ssl) = &parse_http_url($url);
-		my $err;
-		&http_download($host, $port, $page, \$cout, \$err, undef, $ssl);
-		if ($err) {
-			&cleanup_wellknown($wellknown_new, $challenge_new);
-			return (0, &text('letsencrypt_echain', $err));
-			}
-		if ($cout !~ /\S/ && !-r $chain) {
-			&cleanup_wellknown($wellknown_new, $challenge_new);
-			return (0, &text('letsencrypt_echain2', $url));
-			}
-		if (!$donecert{$cout}++) {
+	else {
+		# Download the fixed list chained cert files
+		foreach my $url (@$letsencrypt_chain_urls) {
+			my $cout;
+			my ($host, $port, $page, $ssl) = &parse_http_url($url);
+			my $err;
+			&http_download($host, $port, $page, \$cout, \$err,
+				       undef, $ssl);
+			if ($err) {
+				&cleanup_wellknown($wellknown_new,
+						   $challenge_new);
+				return (0, &text('letsencrypt_echain', $err));
+				}
+			if ($cout !~ /\S/ && !-r $chain) {
+				&cleanup_wellknown($wellknown_new,
+						   $challenge_new);
+				return (0, &text('letsencrypt_echain2', $url));
+				}
 			my $fh = "CHAIN";
 			&open_tempfile($fh, ">>$chain");
 			&print_tempfile($fh, $cout);