From 08e1beba6ef70c13acae88740aa78d2b8613df8a Mon Sep 17 00:00:00 2001
From: Anders Pitman <tapitman11@gmail.com>
Date: Thu, 17 Feb 2022 13:58:20 -0700
Subject: [PATCH] Fix auto TLS cert bug for Client TLS tunnels

It wasn't grabbing certs automatically.
---
 client.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/client.go b/client.go
index 1a95836..43d2472 100644
--- a/client.go
+++ b/client.go
@@ -310,14 +310,6 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {
 		// boringproxy server does.
 		go httpServer.Serve(tlsListener)
 
-		// TODO: There's still quite a bit of duplication with what the server does. Could we
-		// encapsulate it into a type?
-		err = c.certConfig.ManageSync(ctx, []string{tunnel.Domain})
-		if err != nil {
-			log.Println("CertMagic error at startup")
-			log.Println(err)
-		}
-
 	} else {
 
 		if tunnel.TlsTermination == "client-tls" {
@@ -349,6 +341,14 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {
 		}()
 	}
 
+	// TODO: There's still quite a bit of duplication with what the server does. Could we
+	// encapsulate it into a type?
+	err = c.certConfig.ManageSync(ctx, []string{tunnel.Domain})
+	if err != nil {
+		log.Println("CertMagic error at startup")
+		log.Println(err)
+	}
+
 	<-ctx.Done()
 
 	return nil