Add preferred-chain option to support "alternate" certificate links (#1227)

Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>

cmd/cmd_renew.go

@@ -58,6 +58,10 @@ func createRenew() cli.Command {
 				Name:  "renew-hook",
 				Usage: "Define a hook. The hook is executed only when the certificates are effectively renewed.",
 			},
+			cli.StringFlag{
+				Name:  "preferred-chain",
+				Usage: "If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.",
+			},
 		},
 	}
 }
@@ -123,10 +127,11 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 	}
 
 	request := certificate.ObtainRequest{
-		Domains:    merge(certDomains, domains),
-		Bundle:     bundle,
-		PrivateKey: privateKey,
-		MustStaple: ctx.Bool("must-staple"),
+		Domains:        merge(certDomains, domains),
+		Bundle:         bundle,
+		PrivateKey:     privateKey,
+		MustStaple:     ctx.Bool("must-staple"),
+		PreferredChain: ctx.String("preferred-chain"),
 	}
 	certRes, err := client.Certificate.Obtain(request)
 	if err != nil {
@@ -168,7 +173,7 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 	timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 	log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
 
-	certRes, err := client.Certificate.ObtainForCSR(*csr, bundle)
+	certRes, err := client.Certificate.ObtainForCSR(*csr, bundle, ctx.String("preferred-chain"))
 	if err != nil {
 		log.Fatal(err)
 	}