From ab59a58c550dfd0d8a432f6e384151188bb89e2b Mon Sep 17 00:00:00 2001
From: Ruben <post@rubensolvang.no>
Date: Fri, 20 Feb 2026 23:07:44 +0100
Subject: [PATCH] Use install for certificate and key file installation

Replace separate cp and chmod operations with single install commands
for certificate, key, and PEM file installation to ensure proper
permissions and ownership are set in one operation
---
 certman.sh | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/certman.sh b/certman.sh
index acbd38c..291a807 100755
--- a/certman.sh
+++ b/certman.sh
@@ -185,33 +185,20 @@ install_certificate() {
 
     # Install new certificate and key
     if [ $needs_reload -eq 1 ]; then
-        if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
-            echo -e "${RED}Failed to install certificate files for $domain${NC}"
+        if ! install -m "$CERT_PERMISSIONS" -o "$CERT_OWNER" -g "$CERT_GROUP" "$temp_cert" "$final_cert"; then
+            echo -e "${RED}Failed to install certificate for $domain${NC}"
             return 1
         fi
-
-        # Set permissions and ownership for cert and key separately
-        if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_cert" || \
-           ! chmod "$CERT_PERMISSIONS" "$final_cert"; then
-            echo -e "${RED}Failed to set permissions for $final_cert${NC}"
-            return 1
-        fi
-        if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_key" || \
-           ! chmod "$KEY_PERMISSIONS" "$final_key"; then
-            echo -e "${RED}Failed to set permissions for $final_key${NC}"
+        if ! install -m "$KEY_PERMISSIONS" -o "$CERT_OWNER" -g "$CERT_GROUP" "$temp_key" "$final_key"; then
+            echo -e "${RED}Failed to install private key for $domain${NC}"
             return 1
         fi
 
         if [ "$FULLCHAIN_PEM" = "true" ]; then
-            if ! cp -f "$temp_pem" "$final_pem"; then
+            if ! install -m "$KEY_PERMISSIONS" -o "$CERT_OWNER" -g "$CERT_GROUP" "$temp_pem" "$final_pem"; then
                 echo -e "${RED}Failed to install PEM file for $domain${NC}"
                 return 1
             fi
-            if ! chown "$CERT_OWNER:$CERT_GROUP" "$final_pem" || \
-               ! chmod "$KEY_PERMISSIONS" "$final_pem"; then
-                echo -e "${RED}Failed to set permissions for $final_pem${NC}"
-                return 1
-            fi
         fi
 
         echo -e "${GREEN}Certificate updated for $domain${NC}"