From a5b954658c8e1bb1aa6dec56cdd82cdaa0d204cb Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Sat, 4 Nov 2017 00:27:22 +0000
Subject: [PATCH] Fix panic in certificates controller

---
 pkg/controller/certificates/sync.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go
index ef7ea6881..164b7993c 100644
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@@ -91,6 +91,15 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
 		return err
 	}
 
+	expectedCN, err := pki.CommonNameForCertificate(crt)
+	if err != nil {
+		return err
+	}
+	expectedDNSNames, err := pki.DNSNamesForCertificate(crt)
+	if err != nil {
+		return err
+	}
+
 	// grab existing certificate and validate private key
 	cert, err := kube.SecretTLSCert(c.secretLister, crt.Namespace, crt.Spec.SecretName)
 	if err != nil {
@@ -111,14 +120,6 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
 	defer c.scheduleRenewal(crt)
 
 	crtCopy := crt.DeepCopy()
-	expectedCN, err := pki.CommonNameForCertificate(crtCopy)
-	if err != nil {
-		return err
-	}
-	expectedDNSNames, err := pki.DNSNamesForCertificate(crtCopy)
-	if err != nil {
-		return err
-	}
 
 	// if the certificate was not found, or the certificate data is invalid, we
 	// should issue a new certificate.