From 3d2e3a966b67d16f119f0b212d1c0d0cda7d6f91 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 14 Dec 2015 20:29:09 +0100 Subject: [PATCH 1/1] do not keep CSRs --- letsencrypt-tiny | 4 +++- letsencrypt-tiny.conf.sample | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/letsencrypt-tiny b/letsencrypt-tiny index 4503a6e..3b89db7 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -21,7 +21,7 @@ def keyfile(name): def csrfile(name): global config - return os.path.join(config['dirs']['csrs'], name + ".csr") + return os.path.join(config['dirs']['keys'], name + ".csr.tmp") def make_backup(fname): if os.path.exists(fname): @@ -65,6 +65,8 @@ def acme(name, domains): make_backup(certfile(name)) with open(certfile(name), 'wb') as f: f.write(signed_crt) + # clean up + os.remove(csrfile(name)) def request_cert(name): global config diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample index c8c91bc..5369fdc 100644 --- a/letsencrypt-tiny.conf.sample +++ b/letsencrypt-tiny.conf.sample @@ -34,7 +34,6 @@ challenge-dir = /srv/acme-challenge/ [dirs] certs = /etc/ssl/mycerts/letsencrypt keys = /etc/ssl/private/letsencrypt -csrs = /etc/ssl/private/letsencrypt backups = /etc/ssl/old/letsencrypt [files] -- 2.30.2