add support for generating crt+chain files

diff --git a/letsencrypt-tiny b/letsencrypt-tiny
index 663faa3888e11a8bf703a6e30240e8070371d502..033887e05452df5130186c7a45f1290802ba8835 100755 (executable)
--- a/letsencrypt-tiny
+++ b/letsencrypt-tiny
@@ -73,6 +73,14 @@ def acme(name, domains):
         with open(certfile(name, 'dh'), 'wb') as f:
             f.write(signed_crt)
             f.write(dh)
+    # append chain
+    chainfile = config['DEFAULT'].get('chain')
+    if chainfile is not None:
+        with open(chainfile, 'rb') as f:
+            chain = f.read()
+        with open(certfile(name, 'chain'), 'wb') as f:
+            f.write(signed_crt)
+            f.write(chain)
 
 def request_cert(name):
     global config
@@ -115,6 +123,10 @@ def check_staging():
         os.rename(src = certfile(staging, 'dh'), dst = certfile(live, 'dh'))
     except FileNotFoundError:
         pass
+    try:
+        os.rename(src = certfile(staging, 'chain'), dst = certfile(live, 'chain'))
+    except FileNotFoundError:
+        pass
     return 2
 
 def auto_renewal():

diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample
index f195128c06eec395c75b626e563665f1562edf1d..55c4f0f4a04848d884b4b52ff9025d7d2c049018 100644 (file)
--- a/letsencrypt-tiny.conf.sample
+++ b/letsencrypt-tiny.conf.sample
@@ -10,6 +10,7 @@ key-length = 4096
 
 # File containing the DH parameters, as generated by openssl (optional)
 dh-params = /etc/ssl/dh2048.pem
+chain = /etc/ssl/chains/letsencrypt-x1.crt
 
 [timing]
 # After how many days should the private key be re-generated?