core.certmanager: Ensure key exists for fullchain

Since 5cd075ed4fd3 any file matching "fullchain" would be considered for use. Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a symlink fullchain.pem pointing at the latest one. However the current rule for finding a corresponding private key would try privkey-1641171024.pem in the same directory, which may not exist.
author: Kim Alvefur <zash@zash.se> 2022-02-21 08:54:39 +0100
committer: Kim Alvefur <zash@zash.se> 2022-02-21 08:54:39 +0100
commit: dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b (patch)
tree: 8d0de2bbfaaea6fb58488908a1c4a786fb5dcee1 /core/certmanager.lua
parent: 0e6391e7367f2cdbb7bdcfe87a105c761a35e456 (diff)
download: prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.tar.gz
prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 684b240c..b1380ae8 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -130,7 +130,7 @@ local function index_certs(dir, files_by_name, depth_limit)
 			if f then
 				-- TODO look for chained certificates
 				local firstline = f:read();
-				if firstline == "-----BEGIN CERTIFICATE-----" then
+				if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
 					f:seek("set")
 					local cert = ssl.loadcertificate(f:read("*a"))
 					-- TODO if more than one cert is found for a name, the most recently
author	Kim Alvefur <zash@zash.se>	2022-02-21 08:54:39 +0100
committer	Kim Alvefur <zash@zash.se>	2022-02-21 08:54:39 +0100
commit	dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b (patch)
tree	8d0de2bbfaaea6fb58488908a1c4a786fb5dcee1 /core/certmanager.lua
parent	0e6391e7367f2cdbb7bdcfe87a105c761a35e456 (diff)
download	prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.tar.gz prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.zip