# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1644859771 -3600
# Node ID 5cd075ed4fd3c18d8b7322aac6a8a06306103b04
# Parent  ad88732eea516935eced70bc72cd15959cba0c08
core.certmanager: Relax certificate filename check #1713

After a survey of ACME clients it seems *.crt and *fullchain* should
work for the majority. The rest get to manually copy their files.

diff -r ad88732eea51 -r 5cd075ed4fd3 core/certmanager.lua
--- a/core/certmanager.lua	Sun Feb 13 17:27:29 2022 +0100
+++ b/core/certmanager.lua	Mon Feb 14 18:29:31 2022 +0100
@@ -102,12 +102,7 @@
 end
 
 local function find_matching_key(cert_path)
-	-- FIXME we shouldn't need to guess the key filename
-	if cert_path:sub(-4) == ".crt" then
-		return cert_path:sub(1, -4) .. "key";
-	elseif cert_path:sub(-14) == "/fullchain.pem" then
-		return cert_path:sub(1, -14) .. "privkey.pem";
-	end
+	return (cert_path:gsub("%.crt$", ".key"):gsub("fullchain", "privkey"));
 end
 
 local function index_certs(dir, files_by_name, depth_limit)
@@ -130,8 +125,7 @@
 			if file:sub(1,1) ~= "." then
 				index_certs(full, files_by_name, depth_limit-1);
 			end
-			-- TODO support more filename patterns?
-		elseif full:match("%.crt$") or full:match("/fullchain%.pem$") then
+		elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files
 			local f = io_open(full);
 			if f then
 				-- TODO look for chained certificates