Added support for fifth PEM file that contains everything #9917
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #5087.
Currently, Certbot creates four PEM files (
privkey.pem
,cert.pem
,chain.pem
andfullchain.pem
). This PR adds a a fifth PEM file (everything.pem
) which includes the private key, the leaf certificate and the chain in that order.This does not only expand support to some server daemons which require a single, combined PEM file, but also enables some server daemons to obtain a renewed certificate without the need for reloading and/or service interruption. Some server daemons (e.g. Postfix) pick up a new private key and/or certificate as soon as the corresponding file has changed on disk. Hence, it is crucial that the update is "atomic". First, the file (in the archive folder) has to be written and then the symlink (in the live folder) must be updated.