From dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 21 Feb 2022 08:54:39 +0100
Subject: core.certmanager: Ensure key exists for fullchain

Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.

Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
---
 core/certmanager.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/certmanager.lua')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 684b240c..b1380ae8 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -130,7 +130,7 @@ local function index_certs(dir, files_by_name, depth_limit)
 			if f then
 				-- TODO look for chained certificates
 				local firstline = f:read();
-				if firstline == "-----BEGIN CERTIFICATE-----" then
+				if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
 					f:seek("set")
 					local cert = ssl.loadcertificate(f:read("*a"))
 					-- TODO if more than one cert is found for a name, the most recently
-- 
cgit v1.2.3