Add --force-cert-ownership-to flag to __recycledcloud_nginx

type/__recycledcloud_nginx/manifest

@@ -28,9 +28,14 @@ __recycledcloud_nginx_vhost "301-to-https-$domain" \
 	--domain "$domain" --to-https
 
 # Obtaining TLS cert.
+cert_owner=$nginx_user
+if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
+	cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to")
+fi
+
 __uacme_account
 require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
-	__uacme_obtain "$domain" --owner $nginx_user \
+	__uacme_obtain "$domain" --owner $cert_ownership \
 		--install-key-to "$nginx_certdir/$domain/privkey.pem" \
 		--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
 		--renew-hook "service nginx reload"

type/__recycledcloud_nginx/parameter/optional

@@ -1,2 +1,3 @@
 config
 domain
+force-cert-ownership-to

type/__uacme_obtain/man.rst

@@ -40,6 +40,9 @@ install-key-to
 renew-hook
   Renew hook executed on certificate renewal (e.g. `service nginx reload`).
 
+force-cert-ownership-to
+  Override default ownership for TLS certificate, passed as argument to chown.
+
 OPTIONAL MULTIPLE PARAMETERS
 -------------------
 altdomains