core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526)

This makes
`prosodyctl cert import example.com /path/to/example.com/fullchain.pem`
work. This was never intended to, yet users commonly tried this and got
problems.

1 files changed, 8 insertions, 6 deletions

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 5282a6f5..40021db6 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -73,13 +73,15 @@ local function find_cert(user_certs, name)
 		local key_path = certs .. key_try[i]:format(name);
 
 		if stat(crt_path, "mode") == "file" then
-			if key_path:sub(-4) == ".crt" then
-				key_path = key_path:sub(1, -4) .. "key";
-				if stat(key_path, "mode") == "file" then
-					log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
-					return { certificate = crt_path, key = key_path };
+			if crt_path == key_path then
+				if key_path:sub(-4) == ".crt" then
+					key_path = key_path:sub(1, -4) .. "key";
+				elseif key_path:sub(-13) == "fullchain.pem" then
+					key_path = key_path:sub(1, -14) .. "privkey.pem";
 				end
-			elseif stat(key_path, "mode") == "file" then
+			end
+
+			if stat(key_path, "mode") == "file" then
 				log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
 				return { certificate = crt_path, key = key_path };
 			end