diff --git a/certman.sh b/certman.sh index 0e6207d..17131bb 100755 --- a/certman.sh +++ b/certman.sh @@ -176,28 +176,34 @@ install_certificate() { # Install new certificate and key if [ $needs_reload -eq 1 ]; then + if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then + echo -e "${RED}Failed to install certificate files for $domain${NC}" + return 1 + fi + + # Set permissions and ownership for cert and key separately + if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_cert" || \ + ! chmod "$CERT_PERMISSIONS" "$final_cert"; then + echo -e "${RED}Failed to set permissions for $final_cert${NC}" + return 1 + fi + if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_key" || \ + ! chmod "$KEY_PERMISSIONS" "$final_key"; then + echo -e "${RED}Failed to set permissions for $final_key${NC}" + return 1 + fi + if [ "$FULLCHAIN_PEM" = "true" ]; then if ! cp -f "$temp_pem" "$final_pem"; then echo -e "${RED}Failed to install PEM file for $domain${NC}" return 1 fi - local files=("$final_pem") - fi - - if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then - echo -e "${RED}Failed to install certificate files for $domain${NC}" - return 1 - fi - local files=("$final_cert" "$final_key") - - # Set permissions and ownership - for file in "${files[@]}"; do - if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \ - ! chmod "$CERT_PERMISSIONS" "$file"; then - echo -e "${RED}Failed to set permissions for $file${NC}" + if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_pem" || \ + ! chmod "$KEY_PERMISSIONS" "$final_pem"; then + echo -e "${RED}Failed to set permissions for $final_pem${NC}" return 1 fi - done + fi echo -e "${GREEN}Certificate updated for $domain${NC}" return 0