From 2506bc3a7fe25909e86791740214c73f7f9604a5 Mon Sep 17 00:00:00 2001 From: lub Date: Sun, 6 Sep 2020 18:16:48 +0200 Subject: [PATCH] keep key during certificate renewal --- core/nginx/letsencrypt.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py index 993e7f9f..85d9721d 100755 --- a/core/nginx/letsencrypt.py +++ b/core/nginx/letsencrypt.py @@ -36,6 +36,12 @@ command2 = [ "--post-hook", "/config.py" ] +# if dane is used we recommend pinning to the key, so it should not change +# ('true','yes') to be consistent with the logic in configuration.py +if os.environ.get("TLS_REUSE_KEY", "false").lower() in ('true','yes'): + command.append("--reuse-key") + command2.append("--reuse-key") + # Wait for nginx to start time.sleep(5)