use httpd password file if one exists

thinkmassive · Sep 6, 2020 · b682c6e · b682c6e
1 parent f4904f1
commit b682c6e
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/renew-le.sh b/renew-le.sh
@@ -24,7 +24,9 @@ rm -f "$WORKDIR"/*.pem
 rm -f "$WORKDIR"/httpd-csr.*
 
 # generate CSR
-openssl req -new -sha256 -config "$WORKDIR/ipa-httpd.cnf"  -key /var/lib/ipa/private/httpd.key -out "$WORKDIR/httpd-csr.der"
+OPENSSL_PASSWD_FILE="/var/lib/ipa/passwds/$HOSTNAME-443-RSA"
+[ -f "$OPENSSL_PASSWD_FILE" ] && OPENSSL_EXTRA_ARGS="-passin file:$OPENSSL_PASSWD_FILE" || unset OPENSSL_EXTRA_ARGS
+openssl req -new -sha256 -config "$WORKDIR/ipa-httpd.cnf"  -key /var/lib/ipa/private/httpd.key -out "$WORKDIR/httpd-csr.der" $OPENSSL_EXTRA_ARGS
 
 # httpd process prevents letsencrypt from working, stop it
 service httpd stop