From 0c9aebd9cde72825b62e5e09a8a577d55abe1243 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 13 Dec 2015 16:48:44 +0100 Subject: [PATCH 1/1] let the hooks handle the combined file generation --- letsencrypt-tiny | 26 +------------------------- letsencrypt-tiny.conf.sample | 6 +----- 2 files changed, 2 insertions(+), 30 deletions(-) diff --git a/letsencrypt-tiny b/letsencrypt-tiny index 033887e..57a2e60 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -11,7 +11,7 @@ def readConfig(fname, defSection = 'DEFAULT'): config.read_file(stream) return config -def certfile(name, suff = None): +def certfile(name): global config return os.path.join(config['dirs']['certs'], name + ".crt" + ('' if suff is None else '+'+suff) ) @@ -65,22 +65,6 @@ def acme(name, domains): make_backup(certfile(name)) with open(certfile(name), 'wb') as f: f.write(signed_crt) - # append DH params - dhfile = config['DEFAULT'].get('dh-params') - if dhfile is not None: - with open(dhfile, 'rb') as f: - dh = f.read() - with open(certfile(name, 'dh'), 'wb') as f: - f.write(signed_crt) - f.write(dh) - # append chain - chainfile = config['DEFAULT'].get('chain') - if chainfile is not None: - with open(chainfile, 'rb') as f: - chain = f.read() - with open(certfile(name, 'chain'), 'wb') as f: - f.write(signed_crt) - f.write(chain) def request_cert(name): global config @@ -119,14 +103,6 @@ def check_staging(): os.rename(src = keyfile(staging), dst = keyfile(live)) make_backup(certfile(live)) os.rename(src = certfile(staging), dst = certfile(live)) - try: - os.rename(src = certfile(staging, 'dh'), dst = certfile(live, 'dh')) - except FileNotFoundError: - pass - try: - os.rename(src = certfile(staging, 'chain'), dst = certfile(live, 'chain')) - except FileNotFoundError: - pass return 2 def auto_renewal(): diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample index 55c4f0f..4c28d17 100644 --- a/letsencrypt-tiny.conf.sample +++ b/letsencrypt-tiny.conf.sample @@ -8,10 +8,6 @@ domains = # The length of secret RSA keys key-length = 4096 -# File containing the DH parameters, as generated by openssl (optional) -dh-params = /etc/ssl/dh2048.pem -chain = /etc/ssl/chains/letsencrypt-x1.crt - [timing] # After how many days should the private key be re-generated? max-key-age-days = 180 @@ -22,7 +18,7 @@ renew-cert-before-expiry-days = 15 [hooks] # Called after a new certificate has been obtained. -# Example usage: Reloading services. +# Example usage: Reloading services, generating combined "certificate + key chain" file. post-certchange = /home/user/letsencrypt/cert-hook # Called after a new certificate has been obtained, *if* there also were changes in the private keys # Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone -- 2.30.2