Add PEM certificate change detection and fix permissions

2025-04-08 15:10:05 +02:00 · 2025-04-08 15:10:05 +02:00 · e8d392e4a4
commit e8d392e4a4
parent 7c2a31e495
1 changed files with 11 additions and 8 deletions
--- a/certman.sh
+++ b/certman.sh
@ -150,6 +150,10 @@ install_certificate() {
    # Check if certificate needs updating
    if [ "$FORCE_UPDATE" = "true" ]; then
        needs_reload=1
+    elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_cert_pem" ]; then
+        if ! cmp -s "$final_cert_pem" "$temp_cert_pem"; then
+            needs_reload=1
+        fi
    elif [ -f "$final_cert" ]; then
        if ! cmp -s "$final_cert" "$temp_cert"; then
            needs_reload=1
@ -160,22 +164,21 @@ install_certificate() {

    # Install new certificate and key
    if [ $needs_reload -eq 1 ]; then
-        if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
-            echo -e "${RED}Failed to install certificate files for $domain${NC}"
-            return 1
-        fi
-
        if [ "$FULLCHAIN_PEM" = "true" ]; then
            if ! cp -f "$temp_cert_pem" "$final_cert_pem" || ! cp -f "$temp_key_pem" "$final_key_pem"; then
                echo -e "${RED}Failed to install PEM files for $domain${NC}"
                return 1
            fi
+            local files=("$final_cert_pem" "$final_key_pem")
+        else
+            if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
+                echo -e "${RED}Failed to install certificate files for $domain${NC}"
+                return 1
+            fi
+            local files=("$final_cert" "$final_key")
        fi

        # Set permissions and ownership
-        local files=("$final_cert" "$final_key")
-        [ "$FULLCHAIN_PEM" = "true" ] && files+=("$final_cert_pem" "$final_key_pem")
-
        for file in "${files[@]}"; do
            if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \
               ! chmod "$CERT_PERMISSIONS" "$file"; then