6
0
Fork 0

Add --force-cert-ownership-to flag to __recycledcloud_nginx

This commit is contained in:
Timothée Floure 2020-12-04 11:00:26 +01:00
parent d019b12014
commit 82e01081be
Signed by: tfloure
GPG key ID: 4502C902C00A1E12
3 changed files with 10 additions and 1 deletions

View file

@ -28,9 +28,14 @@ __recycledcloud_nginx_vhost "301-to-https-$domain" \
--domain "$domain" --to-https
# Obtaining TLS cert.
cert_owner=$nginx_user
if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to")
fi
__uacme_account
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
__uacme_obtain "$domain" --owner $nginx_user \
__uacme_obtain "$domain" --owner $cert_ownership \
--install-key-to "$nginx_certdir/$domain/privkey.pem" \
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
--renew-hook "service nginx reload"

View file

@ -1,2 +1,3 @@
config
domain
force-cert-ownership-to

View file

@ -40,6 +40,9 @@ install-key-to
renew-hook
Renew hook executed on certificate renewal (e.g. `service nginx reload`).
force-cert-ownership-to
Override default ownership for TLS certificate, passed as argument to chown.
OPTIONAL MULTIPLE PARAMETERS
-------------------
altdomains