From 1ef6139f9bfc9becee9cb8d32f91c93fb6f1d360 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Mon, 26 Oct 2020 18:34:21 -0700
Subject: [PATCH] ignore rotated certs, since there is a new cert that can be
 used

---
 lemur/certificates/service.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 275935b2..ef82c605 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -567,6 +567,7 @@ def query_common_name(common_name, args):
         result = (
             Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
             .filter(not_(Certificate.revoked))
+            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
             .all()
         )
     elif common_name == "%":
@@ -575,6 +576,7 @@ def query_common_name(common_name, args):
             Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
             .filter(Certificate.owner == owner)
             .filter(not_(Certificate.revoked))
+            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
             .all()
         )
     else:
@@ -584,6 +586,7 @@ def query_common_name(common_name, args):
             .filter(Certificate.cn.like(common_name))
             .filter(Certificate.owner == owner)
             .filter(not_(Certificate.revoked))
+            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
             .all()
         )