Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for fifth PEM file that contains everything #9917

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Added support for fifth PEM file that contains everything #9917

wants to merge 1 commit into from

Conversation

nagmat84
Copy link

Fixes #5087.

Currently, Certbot creates four PEM files (privkey.pem, cert.pem, chain.pem and fullchain.pem). This PR adds a a fifth PEM file (everything.pem) which includes the private key, the leaf certificate and the chain in that order.

This does not only expand support to some server daemons which require a single, combined PEM file, but also enables some server daemons to obtain a renewed certificate without the need for reloading and/or service interruption. Some server daemons (e.g. Postfix) pick up a new private key and/or certificate as soon as the corresponding file has changed on disk. Hence, it is crucial that the update is "atomic". First, the file (in the archive folder) has to be written and then the symlink (in the live folder) must be updated.

@nagmat84 nagmat84 marked this pull request as draft March 24, 2024 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: combined privkey and fullchain file for jabber servers
1 participant
@nagmat84