format certs for nginx

2025-11-01 10:37:45 +00:00 · 2021-08-09 22:51:23 +02:00
parent 98b903fe13
commit 24f9bf1064
3 changed files with 23 additions and 5 deletions
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -4,7 +4,6 @@ import os
 import time
 import subprocess

-
 command = [
    "certbot",
    "-n", "--agree-tos", # non-interactive
@@ -31,12 +30,30 @@ command2 = [
    "--post-hook", "/config.py"
 ]

+def format_for_nginx(fullchain, output):
+    """ nginx expects cert + intermediate
+    whereas letsencrypt provides ca + intermediate + cert
+    """
+    certs = []
+    with open(fullchain, 'r') as pem:
+        cert = ''
+        for line in pem:
+            cert += line
+            if '-----END CERTIFICATE-----' in line:
+                certs += [cert]
+                cert = ''
+    with open(output, 'w') as pem:
+        for cert in reversed(certs[1:]):
+            pem.write(cert)
+
 # Wait for nginx to start
 time.sleep(5)

 # Run certbot every hour
 while True:
    subprocess.call(command)
+    format_for_nginx('/certs/letsencrypt/live/mailu/fullchain.pem', '/certs/letsencrypt/live/mailu/nginx-chain.pem')
    subprocess.call(command2)
+    format_for_nginx('/certs/letsencrypt/live/mailu-ecdsa/fullchain.pem', '/certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem')
    time.sleep(3600)