Restore SELinux context for newly deployed certificate files when possible

dyntls.sh

@@ -1214,9 +1214,18 @@ _create_cert() {
                 cat "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" > "$fullchain_path"
 
                 # Adjust the permission(s)
-                chmod 640 "$chain_path" "$fullchain_path"
+                chmod 640 "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" "$fullchain_path"
                 #chmod 640 "$DYNTLS_PKI_HTTP_CERT_DIR"/*.pem*
 
+                # Restore SELinux context(s) if restorecon is available
+                if command -v restorecon >/dev/null 2>&1; then
+                    _log "Restoring SELinux context(s) for certificate files via restorecon." 1
+                    restorecon -Rv "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" "$fullchain_path" >/dev/null 2>&1 || \
+                        _log "restorecon reported an error while relabeling certificate files." 3
+                else
+                    _log "restorecon not found; skipping SELinux context restore for certificate files." 2
+                fi
+
                 # Remove temporary file(s)
                 _log "Removing ACME chain file: $DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" 1
                 rm -f "$DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX"