Software / code / prosody
Changeset
12305:f8b8061461e3
core.certmanager: Ensure key exists for fullchain
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.
Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 21 Feb 2022 08:54:39 +0100 |
| parents | 12304:8210c2a52e9c |
| children | 12306:81fc7fc77e68 |
| files | core/certmanager.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Sun Feb 20 00:24:18 2022 +0100 +++ b/core/certmanager.lua Mon Feb 21 08:54:39 2022 +0100 @@ -130,7 +130,7 @@ if f then -- TODO look for chained certificates local firstline = f:read(); - if firstline == "-----BEGIN CERTIFICATE-----" then + if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then f:seek("set") local cert = ssl.loadcertificate(f:read("*a")) -- TODO if more than one cert is found for a name, the most recently
