From 2c5f9771173a76219aea392ccead35a6635a741b Mon Sep 17 00:00:00 2001 From: Dario Ernst Date: Sat, 19 Jan 2019 10:35:13 +0100 Subject: [PATCH] Make certdumper output fullchain-pems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before it only outputted a pem-file with the server-certificate — however, it seems some clients want the fullchain delivered, as it’s common with letsencrypt. closes #847 --- optional/traefik-certdumper/run.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/optional/traefik-certdumper/run.sh b/optional/traefik-certdumper/run.sh index 78d20a84..5d643670 100755 --- a/optional/traefik-certdumper/run.sh +++ b/optional/traefik-certdumper/run.sh @@ -4,20 +4,16 @@ function dump() { echo "$(date) Dumping certificates" bash dumpcerts.sh /traefik/acme.json /tmp/work/ || return - for crt_file in $(ls /tmp/work/certs/*); do - pem_file=$(echo $crt_file | sed 's/certs/pem/g' | sed 's/.crt/-public.pem/g') - echo "openssl x509 -inform PEM -in $crt_file > $pem_file" - openssl x509 -inform PEM -in $crt_file > $pem_file - done + # private-keys are rsa, we need pem though for key_file in $(ls /tmp/work/private/*); do pem_file=$(echo $key_file | sed 's/private/pem/g' | sed 's/.key/-private.pem/g') - echo "openssl rsa -in $key_file -text > $pem_file" openssl rsa -in $key_file -text > $pem_file done echo "$(date) Copying certificates" cp -v /tmp/work/pem/${DOMAIN}-private.pem /output/key.pem - cp -v /tmp/work/pem/${DOMAIN}-public.pem /output/cert.pem + # the .crt is a chained-pem, as common for letsencrypt + cp -v /tmp/work/certs/${DOMAIN}.crt /output/cert.pem } mkdir -p /tmp/work/pem /tmp/work/certs