acme-acmesh: Provide a 'combined' certificate bundle as well
authorToke Høiland-Jørgensen <toke@toke.dk>
Wed, 14 Dec 2022 14:21:59 +0000 (15:21 +0100)
committerToke Høiland-Jørgensen <toke@toke.dk>
Wed, 14 Dec 2022 15:43:45 +0000 (16:43 +0100)
commit17691a5a52833511ef3fcd31ae835c3c4a230542
treec6b5bdec08ee432c0b3257a576f9ec318b4804d0
parent152a26da57ba18166cda5349d4597e909cb93f5e
acme-acmesh: Provide a 'combined' certificate bundle as well

The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.

Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
net/acme-acmesh/Makefile
net/acme-acmesh/files/hook.sh
net/haproxy/Makefile
net/haproxy/files/acme.hotplug [deleted file]