From a74d9e52823b4d6bcd0789c5321799f375842fa5 Mon Sep 17 00:00:00 2001
From: Erik Wilson <Erik.E.Wilson@gmail.com>
Date: Tue, 30 Jul 2019 14:55:25 -0700
Subject: [PATCH] Regenerate server certs if CA changed

---
 pkg/tls/storage.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/tls/storage.go b/pkg/tls/storage.go
index eaacbc6fdf..f857bb3277 100644
--- a/pkg/tls/storage.go
+++ b/pkg/tls/storage.go
@@ -65,8 +65,7 @@ func (l *listenerConfigStorage) Set(config *dynamiclistener.ListenerStatus) (*dy
 	obj.Status = *config
 	obj.Status.Revision = ""
 
-	if l.config.CACerts != "" && l.config.CAKey != "" {
-		obj.Status.CACert = ""
+	if l.config.CAKey != "" {
 		obj.Status.CAKey = ""
 	}
 
@@ -94,7 +93,10 @@ func (l *listenerConfigStorage) fromStorage(obj *v1.ListenerConfig) *dynamiclist
 	copy.Status.Revision = obj.ResourceVersion
 
 	if l.config.CACerts != "" && l.config.CAKey != "" {
-		copy.Status.CACert = l.config.CACerts
+		if copy.Status.CACert != l.config.CACerts {
+			copy.Status.CACert = l.config.CACerts
+			copy.Status.GeneratedCerts = map[string]string{}
+		}
 		copy.Status.CAKey = l.config.CAKey
 	}