Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 38 lines (28 sloc) 1 KB
#!/bin/bash
# copy LE certs for the use of applications that don't have setuid support
# usage:
# install-lecerts irc.darwin.network Debian-exim nogroup /etc/exim_certificates/tls
set -eu
DOMAIN=$1
TARGET_USER=$2
TARGET_GROUP=$3
BASEDIR=$4
CHAIN=${BASEDIR}/fullchain.pem
PRIVKEY=${BASEDIR}/privkey.pem
CHAINTMP=${BASEDIR}/$(uuidgen)
PRIVKEYTMP=${BASEDIR}/$(uuidgen)
LE_SOURCEDIR=${LE_SOURCEDIR-/etc/letsencrypt/live}
# world-readable directory:
mkdir -p "$BASEDIR"
# containing 0600 files:
umask 077
cp "${LE_SOURCEDIR}/${DOMAIN}/fullchain.pem" "$CHAINTMP"
cp "${LE_SOURCEDIR}/${DOMAIN}/privkey.pem" "$PRIVKEYTMP"
chown "$TARGET_USER:$TARGET_GROUP" "$CHAINTMP" "$PRIVKEYTMP"
# atomicity isn't really possible here; as long as the server ends up doing
# two separate open(2) calls to read the certificate and the private key,
# it is possible for it to see a mismatched cert and key. this is probably why
# LE doesn't seem to care about this. dealwithit.gif
mv "$CHAINTMP" "$CHAIN"
mv "$PRIVKEYTMP" "$PRIVKEY"
exit 0
You can’t perform that action at this time.