cb601/dyntls
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restore SELinux context for newly deployed certificate files when possible

Browse Source
This commit is contained in:
Stephan Düsterhaupt
2026-04-25 10:17:16 +02:00
parent 79ea4d50af
commit c0bd9bd02f
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dyntls.sh
+10 -1
View File
@@ -1214,9 +1214,18 @@ _create_cert() {
cat "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" > "$fullchain_path" cat "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" > "$fullchain_path"
# Adjust the permission(s) # Adjust the permission(s)
chmod 640 "$chain_path" "$fullchain_path" chmod 640 "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" "$fullchain_path"
#chmod 640 "$DYNTLS_PKI_HTTP_CERT_DIR"/*.pem* #chmod 640 "$DYNTLS_PKI_HTTP_CERT_DIR"/*.pem*
# Restore SELinux context(s) if restorecon is available
if command -v restorecon >/dev/null 2>&1; then
_log "Restoring SELinux context(s) for certificate files via restorecon." 1
restorecon -Rv "$DYNTLS_DOMAIN_TARGET_CERT" "$chain_path" "$fullchain_path" >/dev/null 2>&1 || \
_log "restorecon reported an error while relabeling certificate files." 3
else
_log "restorecon not found; skipping SELinux context restore for certificate files." 2
fi
# Remove temporary file(s) # Remove temporary file(s)
_log "Removing ACME chain file: $DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" 1 _log "Removing ACME chain file: $DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" 1
rm -f "$DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" rm -f "$DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX"