# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1645430079 -3600
# Node ID f8b8061461e323ffaa64c6b25e50c64302dd2ec9
# Parent  8210c2a52e9c03a4f8e685d9b2b3cacfb098125e
core.certmanager: Ensure key exists for fullchain

Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.

Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.

diff -r 8210c2a52e9c -r f8b8061461e3 core/certmanager.lua
--- a/core/certmanager.lua	Sun Feb 20 00:24:18 2022 +0100
+++ b/core/certmanager.lua	Mon Feb 21 08:54:39 2022 +0100
@@ -130,7 +130,7 @@
 			if f then
 				-- TODO look for chained certificates
 				local firstline = f:read();
-				if firstline == "-----BEGIN CERTIFICATE-----" then
+				if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
 					f:seek("set")
 					local cert = ssl.loadcertificate(f:read("*a"))
 					-- TODO if more than one cert is found for a name, the most recently