From 73256e81fbd980bfbb406791a5c8914e85fd0a8a Mon Sep 17 00:00:00 2001
From: Brad Davidson <brad.davidson@rancher.com>
Date: Tue, 9 Apr 2024 22:49:55 +0000
Subject: [PATCH] Actually fix agent certificate rotation

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 4cc73b1fee5a9af456dfa986b79cee10a9059adb)
---
 pkg/cli/cert/cert.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go
index 6cc26670ff..72848fdd2a 100644
--- a/pkg/cli/cert/cert.go
+++ b/pkg/cli/cert/cert.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"time"
 
@@ -191,14 +190,20 @@ func rotate(app *cli.Context, cfg *cmds.Server) error {
 }
 
 func backupCertificates(serverDataDir, agentDataDir string, fileMap map[string][]string) (string, error) {
+	backupDirName := fmt.Sprintf("tls-%d", time.Now().Unix())
 	serverTLSDir := filepath.Join(serverDataDir, "tls")
-	tlsBackupDir := filepath.Join(serverDataDir, "tls-"+strconv.Itoa(int(time.Now().Unix())))
+	tlsBackupDir := filepath.Join(agentDataDir, backupDirName)
 
+	// backup the server TLS dir if it exists
 	if _, err := os.Stat(serverTLSDir); err != nil {
-		return "", err
-	}
-	if err := copy.Copy(serverTLSDir, tlsBackupDir); err != nil {
-		return "", err
+		if !os.IsNotExist(err) {
+			return "", err
+		}
+	} else {
+		tlsBackupDir = filepath.Join(serverDataDir, backupDirName)
+		if err := copy.Copy(serverTLSDir, tlsBackupDir); err != nil {
+			return "", err
+		}
 	}
 
 	for _, files := range fileMap {