From 2fb47d8aa5a9ccb2ab6df89736aae8ed10f39324 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20D=C3=BCsterhaupt?= <me@stephanduesterhaupt.de>
Date: Sun, 26 Apr 2026 10:46:31 +0200
Subject: [PATCH] Drop legacy LE_CA chain configuration variables

---
 dyntls.sh    | 13 ++++---------
 vars.example |  8 --------
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/dyntls.sh b/dyntls.sh
index 1281942..b6f12de 100644
--- a/dyntls.sh
+++ b/dyntls.sh
@@ -455,14 +455,11 @@ _vars_setup() {
     set_var DYNTLS_PKI_CHAIN_SUFFIX         "chain.pem"
     set_var DYNTLS_PKI_FULLCHAIN_SUFFIX     "fullchain.pem"
     set_var DYNTLS_PKI_KEY_SUFFIX           "key.pem"
-    #set_var DYNTLS_PKI_LECA_CHAIN_FILE      "LE_CA.chain.pem"
-    #set_var DYNTLS_PKI_LECA_CHAIN           "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_CHAIN_FILE"
-    #set_var DYNTLS_PKI_LECA_R12_CHAIN_FILE  "LE_CA-R12.chain.pem"
-    #set_var DYNTLS_PKI_LECA_R12_CHAIN       "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_R12_CHAIN_FILE"
-    #set_var DYNTLS_PKI_LECA_R13_CHAIN_FILE  "LE_CA-R13.chain.pem"
-    #set_var DYNTLS_PKI_LECA_R13_CHAIN       "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_R13_CHAIN_FILE"
+    set_var DYNTLS_PKI_SERVER_BASEKEY_FILE  "base.$DYNTLS_PKI_KEY_SUFFIX"
+    set_var DYNTLS_PKI_SERVER_BASEKEY       "$DYNTLS_PKI_HTTP_KEY_DIR/$DYNTLS_PKI_SERVER_BASEKEY_FILE"
     set_var DYNTLS_PKI_CERT_EXPIRE          30  # Let's Encrypt default: 30 days
     set_var DYNTLS_PKI_KEY_FORCE_RENEW      0
+
     set_var DYNTLS_BACKUP_EXPIRATION        0
 
     set_var DYNTLS_LOG_DIR                  "/var/log/dyntls"
@@ -470,8 +467,6 @@ _vars_setup() {
     set_var DYNTLS_LOG_LEVEL                3
 
     set_var DYNTLS_ENCRYPT_ACCOUNTKEY       "$DYNTLS/private/letsencrypt_account.key"
-    set_var DYNTLS_PKI_SERVER_BASEKEY_FILE  "base.$DYNTLS_PKI_KEY_SUFFIX"
-    set_var DYNTLS_PKI_SERVER_BASEKEY       "$DYNTLS_PKI_HTTP_KEY_DIR/$DYNTLS_PKI_SERVER_BASEKEY_FILE"
     set_var DYNTLS_HTTPD_DEFAULT_DIR        "/var/www/public_html/default"
     set_var DYNTLS_ENCRYPT_TOKEN_DIR        "$DYNTLS_HTTPD_DEFAULT_DIR/.well-known/acme-challenge"
     set_var DYNTLS_DNS_OPTIONS              ""
@@ -486,7 +481,7 @@ _vars_setup() {
     set_var DYNTLS_SEND_MAIL                "false"
 
     set_list DYNTLS_DOMAIN_LIST             "example365.tld:sub1.example365.tld:sub2.example365.tld" 1
-    set_list DYNTLS_DOMAINSERVICE_LIST      "mail02.example365.tld:postfix:root.root:444:postfix:1:restart:Postfix" 1
+    set_list DYNTLS_DOMAINSERVICE_LIST      "mail02.example365.tld:postfix:root.root:444:postfix:root:1:restart:Postfix" 1
 
     set_var DYNTLS_PRODUCTIVE               0
 
diff --git a/vars.example b/vars.example
index 59973f6..5d9cc86 100644
--- a/vars.example
+++ b/vars.example
@@ -67,14 +67,6 @@
 #set_var DYNTLS_ENCRYPT_TOKEN_DIR    "$DYNTLS_HTTPD_DEFAULT_DIR/.well-known/acme-challenge"
 #set_var DYNTLS_HTTPD_DEFAULT_OWNER  "apache:apache"
 
-# Chain CA files for fullchains
-#set_var DYNTLS_PKI_LECA_CHAIN_FILE      "LE_CA.chain.pem"
-#set_var DYNTLS_PKI_LECA_CHAIN           "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_CHAIN_FILE"
-#set_var DYNTLS_PKI_LECA_R12_CHAIN_FILE  "LE_CA-R12.chain.pem"
-#set_var DYNTLS_PKI_LECA_R12_CHAIN       "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_R12_CHAIN_FILE"
-#set_var DYNTLS_PKI_LECA_R13_CHAIN_FILE  "LE_CA-R13.chain.pem"
-#set_var DYNTLS_PKI_LECA_R13_CHAIN       "$DYNTLS_PKI_HTTP_CERT_DIR/$DYNTLS_PKI_LECA_R13_CHAIN_FILE"
-
 # URL of the Let's Encrypt root certificate to download (default: ISRG Root X1)
 #set_var DYNTLS_LE_ROOT_CERT_URL  "https://letsencrypt.org/certs/isrgrootx1.pem"