From 82e01081be700a88658f7e5938c4ebd94f38fe70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 4 Dec 2020 11:00:26 +0100 Subject: [PATCH] Add --force-cert-ownership-to flag to __recycledcloud_nginx --- type/__recycledcloud_nginx/manifest | 7 ++++++- type/__recycledcloud_nginx/parameter/optional | 1 + type/__uacme_obtain/man.rst | 3 +++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/type/__recycledcloud_nginx/manifest b/type/__recycledcloud_nginx/manifest index b9b5c1d..d7432c7 100644 --- a/type/__recycledcloud_nginx/manifest +++ b/type/__recycledcloud_nginx/manifest @@ -28,9 +28,14 @@ __recycledcloud_nginx_vhost "301-to-https-$domain" \ --domain "$domain" --to-https # Obtaining TLS cert. +cert_owner=$nginx_user +if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then + cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") +fi + __uacme_account require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \ - __uacme_obtain "$domain" --owner $nginx_user \ + __uacme_obtain "$domain" --owner $cert_ownership \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ --renew-hook "service nginx reload" diff --git a/type/__recycledcloud_nginx/parameter/optional b/type/__recycledcloud_nginx/parameter/optional index 24c953e..979afef 100644 --- a/type/__recycledcloud_nginx/parameter/optional +++ b/type/__recycledcloud_nginx/parameter/optional @@ -1,2 +1,3 @@ config domain +force-cert-ownership-to diff --git a/type/__uacme_obtain/man.rst b/type/__uacme_obtain/man.rst index 344c4fb..4063107 100644 --- a/type/__uacme_obtain/man.rst +++ b/type/__uacme_obtain/man.rst @@ -40,6 +40,9 @@ install-key-to renew-hook Renew hook executed on certificate renewal (e.g. `service nginx reload`). +force-cert-ownership-to + Override default ownership for TLS certificate, passed as argument to chown. + OPTIONAL MULTIPLE PARAMETERS ------------------- altdomains