From: Ralf Jung Date: Mon, 14 Dec 2015 19:29:09 +0000 (+0100) Subject: do not keep CSRs X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/commitdiff_plain/3d2e3a966b67d16f119f0b212d1c0d0cda7d6f91?ds=inline do not keep CSRs --- diff --git a/letsencrypt-tiny b/letsencrypt-tiny index 4503a6e..3b89db7 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -21,7 +21,7 @@ def keyfile(name): def csrfile(name): global config - return os.path.join(config['dirs']['csrs'], name + ".csr") + return os.path.join(config['dirs']['keys'], name + ".csr.tmp") def make_backup(fname): if os.path.exists(fname): @@ -65,6 +65,8 @@ def acme(name, domains): make_backup(certfile(name)) with open(certfile(name), 'wb') as f: f.write(signed_crt) + # clean up + os.remove(csrfile(name)) def request_cert(name): global config diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample index c8c91bc..5369fdc 100644 --- a/letsencrypt-tiny.conf.sample +++ b/letsencrypt-tiny.conf.sample @@ -34,7 +34,6 @@ challenge-dir = /srv/acme-challenge/ [dirs] certs = /etc/ssl/mycerts/letsencrypt keys = /etc/ssl/private/letsencrypt -csrs = /etc/ssl/private/letsencrypt backups = /etc/ssl/old/letsencrypt [files]