From 04925f34bb451b36ca6512d0523fb11cf4d26fb0 Mon Sep 17 00:00:00 2001
From: jjijack <32895850+jjijack@users.noreply.github.com>
Date: Fri, 9 Feb 2024 04:19:02 +0800
Subject: [PATCH 1/3] Update deploy_freenas.py

Seems acme has updated and the previous deploy_freenas.py doesn't work on my TrueNAS Core, which is the latest version. So I add segment"_ecc" in line 52&53 to stay in line with the latest acme format.
---
 deploy_freenas.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy_freenas.py b/deploy_freenas.py
index 8441f75..6a3e75d 100755
--- a/deploy_freenas.py
+++ b/deploy_freenas.py
@@ -49,8 +49,8 @@
 DOMAIN_NAME = deploy.get('cert_fqdn',socket.gethostname())
 FREENAS_ADDRESS = deploy.get('connect_host','localhost')
 VERIFY = deploy.getboolean('verify',fallback=False)
-PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "/" + DOMAIN_NAME + ".key")
-FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "/fullchain.cer")
+PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/" + DOMAIN_NAME + ".key")
+FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/fullchain.cer")
 PROTOCOL = deploy.get('protocol','http://')
 PORT = deploy.get('port','80')
 UI_CERTIFICATE_ENABLED = deploy.getboolean('ui_certificate_enabled',fallback=True)

From 32b4eb1f5eb5e671fa71aa01870bb1712b375b68 Mon Sep 17 00:00:00 2001
From: jjijack <jjijack@163.com>
Date: Fri, 9 Feb 2024 14:50:38 +0800
Subject: [PATCH 2/3] Switch to try/except structure to support old acme
 format.

---
 deploy_freenas.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/deploy_freenas.py b/deploy_freenas.py
index 6a3e75d..12d7697 100755
--- a/deploy_freenas.py
+++ b/deploy_freenas.py
@@ -49,8 +49,16 @@
 DOMAIN_NAME = deploy.get('cert_fqdn',socket.gethostname())
 FREENAS_ADDRESS = deploy.get('connect_host','localhost')
 VERIFY = deploy.getboolean('verify',fallback=False)
-PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/" + DOMAIN_NAME + ".key")
-FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/fullchain.cer")
+try:
+   PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "/" + DOMAIN_NAME + ".key")
+   open(PRIVATEKEY_PATH, 'r')
+except FileNotFoundError:
+  PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/" + DOMAIN_NAME + ".key")
+try:
+   FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "/fullchain.cer")
+   open(FULLCHAIN_PATH, 'r')
+except FileNotFoundError:
+  FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/fullchain.cer")
 PROTOCOL = deploy.get('protocol','http://')
 PORT = deploy.get('port','80')
 UI_CERTIFICATE_ENABLED = deploy.getboolean('ui_certificate_enabled',fallback=True)

From 72e0a48c0302c2fbfd1fc8cd018c3b2c9ce4525b Mon Sep 17 00:00:00 2001
From: jjijack <jjijack@163.com>
Date: Tue, 20 Feb 2024 00:40:45 +0800
Subject: [PATCH 3/3] Optimize code Use os.path.isfile, rather than try open to
 determine whether a file exists. Now the config would only be read once.
 Update deploy_config.example to contain both new and old acme route

---
 deploy_config.example |  4 ++--
 deploy_freenas.py     | 12 ++++--------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/deploy_config.example b/deploy_config.example
index 73f43af..121e5db 100644
--- a/deploy_config.example
+++ b/deploy_config.example
@@ -24,12 +24,12 @@ password = YourSuperSecurePassword#@#$*
 
 # privkey_path is the path to the certificate private key on your system.  Default
 # assumes you're using acme.sh:
-# /root/.acme.sh/cert_fqdn/cert_fqdn.key
+# /root/.acme.sh/cert_fqdn/cert_fqdn.key or /root/.acme.sh/cert_fqdn_ecc/cert_fqdn.key
 # privkey_path = /some/other/path
 
 # fullchain_path is the path to the full chain (leaf cert + intermediate certs)
 # on your system.  Default assumes you're using acme.sh:
-# /root/.acme.sh/cert_fqdn/fullchain.cer
+# /root/.acme.sh/cert_fqdn/fullchain.cer or /root/.acme.sh/cert_fqdn_ecc/fullchain.cer
 # fullchain_path = /some/other/other/path
 
 # protocol sets the connection protocol, http or https.  Include '://' at the end.
diff --git a/deploy_freenas.py b/deploy_freenas.py
index 12d7697..9002f38 100755
--- a/deploy_freenas.py
+++ b/deploy_freenas.py
@@ -49,15 +49,11 @@
 DOMAIN_NAME = deploy.get('cert_fqdn',socket.gethostname())
 FREENAS_ADDRESS = deploy.get('connect_host','localhost')
 VERIFY = deploy.getboolean('verify',fallback=False)
-try:
-   PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "/" + DOMAIN_NAME + ".key")
-   open(PRIVATEKEY_PATH, 'r')
-except FileNotFoundError:
+PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "/" + DOMAIN_NAME + ".key")
+if os.path.isfile(PRIVATEKEY_PATH)==False:
   PRIVATEKEY_PATH = deploy.get('privkey_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/" + DOMAIN_NAME + ".key")
-try:
-   FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "/fullchain.cer")
-   open(FULLCHAIN_PATH, 'r')
-except FileNotFoundError:
+FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "/fullchain.cer")
+if os.path.isfile(FULLCHAIN_PATH)==False:
   FULLCHAIN_PATH = deploy.get('fullchain_path',"/root/.acme.sh/" + DOMAIN_NAME + "_ecc/fullchain.cer")
 PROTOCOL = deploy.get('protocol','http://')
 PORT = deploy.get('port','80')