Skyfritt/certman
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Improve certificate and key permission handling

Browse source 
Separate permission settings for certificate and key files
Add specific permissions for key files
Maintain consistent error handling for all file operations
This commit is contained in:
Ruben 2026-02-20 22:47:54 +01:00
parent 0f17ec7fd5
commit 4c68bc5d2a
1 changed files with 21 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
certman.sh
View file

@ -176,28 +176,34 @@ install_certificate() {
# Install new certificate and key # Install new certificate and key
if [ $needs_reload -eq 1 ]; then if [ $needs_reload -eq 1 ]; then
if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
echo -e "${RED}Failed to install certificate files for $domain${NC}"
return 1
fi
# Set permissions and ownership for cert and key separately
if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_cert" || \
! chmod "$CERT_PERMISSIONS" "$final_cert"; then
echo -e "${RED}Failed to set permissions for $final_cert${NC}"
return 1
fi
if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_key" || \
! chmod "$KEY_PERMISSIONS" "$final_key"; then
echo -e "${RED}Failed to set permissions for $final_key${NC}"
return 1
fi
if [ "$FULLCHAIN_PEM" = "true" ]; then if [ "$FULLCHAIN_PEM" = "true" ]; then
if ! cp -f "$temp_pem" "$final_pem"; then if ! cp -f "$temp_pem" "$final_pem"; then
echo -e "${RED}Failed to install PEM file for $domain${NC}" echo -e "${RED}Failed to install PEM file for $domain${NC}"
return 1 return 1
fi fi
local files=("$final_pem") if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_pem" || \
fi ! chmod "$KEY_PERMISSIONS" "$final_pem"; then
echo -e "${RED}Failed to set permissions for $final_pem${NC}"
if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
echo -e "${RED}Failed to install certificate files for $domain${NC}"
return 1 return 1
fi fi
local files=("$final_cert" "$final_key")
# Set permissions and ownership
for file in "${files[@]}"; do
if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \
! chmod "$CERT_PERMISSIONS" "$file"; then
echo -e "${RED}Failed to set permissions for $file${NC}"
return 1
fi fi
done
echo -e "${GREEN}Certificate updated for $domain${NC}" echo -e "${GREEN}Certificate updated for $domain${NC}"
return 0 return 0