From af40c7af84e28381baaceddc6820d94a129b4ceb Mon Sep 17 00:00:00 2001 From: Dario Ernst Date: Sat, 19 Jan 2019 10:35:13 +0100 Subject: [PATCH] Make certdumper output fullchain-pems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before it only outputted a pem-file with the server-certificate — however, it seems some clients want the fullchain delivered, as it’s common with letsencrypt. closes #847 (cherry picked from commit 2c5f9771173a76219aea392ccead35a6635a741b) # Conflicts: # optional/traefik-certdumper/run.sh --- optional/traefik-certdumper/run.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/optional/traefik-certdumper/run.sh b/optional/traefik-certdumper/run.sh index 2e507c77..d6bffee5 100755 --- a/optional/traefik-certdumper/run.sh +++ b/optional/traefik-certdumper/run.sh @@ -3,6 +3,7 @@ function dump() { echo "$(date) Dumping certificates" +<<<<<<< HEAD traefik-certs-dumper file --version ${TRAEFIK_VERSION:-v1} --crt-name "cert" --crt-ext ".pem" --key-name "key" --key-ext ".pem" --domain-subdir --dest /tmp/work --source /traefik/acme.json > /dev/null if [[ -f "/tmp/work/${DOMAIN}/cert.pem" && -f "/tmp/work/${DOMAIN}/key.pem" && -f /output/cert.pem && -f /output/key.pem ]] && \ @@ -14,6 +15,18 @@ function dump() { echo "$(date) Certificate or key differ, updating" mv "/tmp/work/${DOMAIN}"/*.pem /output/ fi +======= + # private-keys are rsa, we need pem though + for key_file in $(ls /tmp/work/private/*); do + pem_file=$(echo $key_file | sed 's/private/pem/g' | sed 's/.key/-private.pem/g') + openssl rsa -in $key_file -text > $pem_file + done + + echo "$(date) Copying certificates" + cp -v /tmp/work/pem/${DOMAIN}-private.pem /output/key.pem + # the .crt is a chained-pem, as common for letsencrypt + cp -v /tmp/work/certs/${DOMAIN}.crt /output/cert.pem +>>>>>>> 2c5f9771 (Make certdumper output fullchain-pems) } mkdir -p /tmp/work