Skyfritt/certman
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Split certificate and key into separate PEM files

Browse source
This commit is contained in:
Ruben Solvang 2025-04-08 15:07:19 +02:00
parent e526c98d37
commit 7c2a31e495
1 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
certman.sh
View file

@ -87,7 +87,8 @@ download_and_verify_cert() {
local key_api_key=$3 local key_api_key=$3
local temp_cert="$TEMP_DIR/$domain.crt" local temp_cert="$TEMP_DIR/$domain.crt"
local temp_key="$TEMP_DIR/$domain.key" local temp_key="$TEMP_DIR/$domain.key"
local temp_fullchain="$TEMP_DIR/$domain.pem" local temp_cert_pem="$TEMP_DIR/$domain.cert.pem"
local temp_key_pem="$TEMP_DIR/$domain.key.pem"
echo -e "${BLUE}Processing certificate for $domain${NC}" echo -e "${BLUE}Processing certificate for $domain${NC}"
@ -111,9 +112,10 @@ download_and_verify_cert() {
return 1 return 1
fi fi
# Create fullchain PEM if requested # Create PEM files if requested
if [ "$FULLCHAIN_PEM" = "true" ]; then if [ "$FULLCHAIN_PEM" = "true" ]; then
cat "$temp_cert" "$temp_key" > "$temp_fullchain" cat "$temp_cert" > "$temp_cert_pem"
cat "$temp_key" > "$temp_key_pem"
fi fi
# Validate certificate and key match # Validate certificate and key match
@ -137,10 +139,12 @@ install_certificate() {
local domain=$1 local domain=$1
local final_cert="$CERT_PATH/$domain.crt" local final_cert="$CERT_PATH/$domain.crt"
local final_key="$KEY_PATH/$domain.key" local final_key="$KEY_PATH/$domain.key"
local final_fullchain="$CERT_PATH/$domain.pem" local final_cert_pem="$CERT_PATH/$domain.cert.pem"
local final_key_pem="$KEY_PATH/$domain.key.pem"
local temp_cert="$TEMP_DIR/$domain.crt" local temp_cert="$TEMP_DIR/$domain.crt"
local temp_key="$TEMP_DIR/$domain.key" local temp_key="$TEMP_DIR/$domain.key"
local temp_fullchain="$TEMP_DIR/$domain.pem" local temp_cert_pem="$TEMP_DIR/$domain.cert.pem"
local temp_key_pem="$TEMP_DIR/$domain.key.pem"
local needs_reload=0 local needs_reload=0
# Check if certificate needs updating # Check if certificate needs updating
@ -162,15 +166,15 @@ install_certificate() {
fi fi
if [ "$FULLCHAIN_PEM" = "true" ]; then if [ "$FULLCHAIN_PEM" = "true" ]; then
if ! cp -f "$temp_fullchain" "$final_fullchain"; then if ! cp -f "$temp_cert_pem" "$final_cert_pem" || ! cp -f "$temp_key_pem" "$final_key_pem"; then
echo -e "${RED}Failed to install fullchain PEM for $domain${NC}" echo -e "${RED}Failed to install PEM files for $domain${NC}"
return 1 return 1
fi fi
fi fi
# Set permissions and ownership # Set permissions and ownership
local files=("$final_cert" "$final_key") local files=("$final_cert" "$final_key")
[ "$FULLCHAIN_PEM" = "true" ] && files+=("$final_fullchain") [ "$FULLCHAIN_PEM" = "true" ] && files+=("$final_cert_pem" "$final_key_pem")
for file in "${files[@]}"; do for file in "${files[@]}"; do
if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \ if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \