From 1bbfac4dff02e6c244539557f8905e14c69da700 Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Wed, 16 Jan 2019 23:45:43 +0000
Subject: [PATCH 1/3] Add SetAccountURI method to ACME client

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 third_party/crypto/acme/acme.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/third_party/crypto/acme/acme.go b/third_party/crypto/acme/acme.go
index 86f1009c0..aa30062d4 100644
--- a/third_party/crypto/acme/acme.go
+++ b/third_party/crypto/acme/acme.go
@@ -90,6 +90,15 @@ type Client struct {
 	accountURL string
 }
 
+// SetAccountURL will set the account URL cached by the client.
+// This should be used with caution, in order to reduce the number of calls
+// made to the 'new-acct' endpoint in 'cacheAccountURL'
+func (c *Client) SetAccountURL(url string) {
+	c.urlMu.Lock()
+	defer c.urlMu.Unlock()
+	c.accountURL = url
+}
+
 // Discover performs ACME server discovery using c.DirectoryURL.
 //
 // It caches successful result. So, subsequent calls will not result in

From 26ef11d2dc715e3d8acf303e1080da915ef6a816 Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Wed, 16 Jan 2019 23:48:19 +0000
Subject: [PATCH 2/3] Use cached account URI on Issuer resource when
 constructing ACME client

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/acme/acme.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/acme/acme.go b/pkg/acme/acme.go
index 005bea79e..3470aa519 100644
--- a/pkg/acme/acme.go
+++ b/pkg/acme/acme.go
@@ -111,13 +111,20 @@ func ClientWithKey(iss cmapi.GenericIssuer, pk *rsa.PrivateKey) (acme.Interface,
 	if acmeSpec == nil {
 		return nil, fmt.Errorf("issuer %q is not an ACME issuer. Ensure the 'acme' stanza is correctly specified on your Issuer resource", iss.GetObjectMeta().Name)
 	}
-
-	return acmemw.NewLogger(&acmecl.Client{
+	acmeStatus := iss.GetStatus().ACME
+	accountURI := ""
+	if acmeStatus != nil || acmeStatus.URI != "" {
+		accountURI = acmeStatus.URI
+	}
+	acmeCl := &acmecl.Client{
 		HTTPClient:   buildHTTPClient(acmeSpec.SkipTLSVerify),
 		Key:          pk,
 		DirectoryURL: acmeSpec.Server,
 		UserAgent:    util.CertManagerUserAgent,
-	}), nil
+	}
+	acmeCl.SetAccountURL(accountURI)
+
+	return acmemw.NewLogger(acmeCl), nil
 }
 
 // ClientForIssuer will return a properly configure ACME client for the given

From 4b6351a4f2d0a1e18a210c2c4626a68f2c4749de Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Thu, 17 Jan 2019 12:57:19 +0000
Subject: [PATCH 3/3] :facepalm:

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/acme/acme.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/acme/acme.go b/pkg/acme/acme.go
index 3470aa519..3ae3991fe 100644
--- a/pkg/acme/acme.go
+++ b/pkg/acme/acme.go
@@ -113,7 +113,7 @@ func ClientWithKey(iss cmapi.GenericIssuer, pk *rsa.PrivateKey) (acme.Interface,
 	}
 	acmeStatus := iss.GetStatus().ACME
 	accountURI := ""
-	if acmeStatus != nil || acmeStatus.URI != "" {
+	if acmeStatus != nil && acmeStatus.URI != "" {
 		accountURI = acmeStatus.URI
 	}
 	acmeCl := &acmecl.Client{