From 4cb181c1b2e01d97a0e8ba3b0147872f03783fe1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <s@saghul.net>
Date: Fri, 4 Dec 2020 15:17:48 +0100
Subject: [PATCH] web: install acme certs to persistent storage

---
 web/rootfs/defaults/ssl.conf         | 4 ++--
 web/rootfs/etc/cont-init.d/10-config | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/rootfs/defaults/ssl.conf b/web/rootfs/defaults/ssl.conf
index a52503d..f5f903f 100644
--- a/web/rootfs/defaults/ssl.conf
+++ b/web/rootfs/defaults/ssl.conf
@@ -5,8 +5,8 @@ ssl_session_tickets off;
 
 # ssl certs
 {{ if .Env.ENABLE_LETSENCRYPT | default "0" | toBool }}
-ssl_certificate /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem;
-ssl_certificate_key /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem;
+ssl_certificate /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem;
+ssl_certificate_key /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem;
 {{ else }}
 ssl_certificate /config/keys/cert.crt;
 ssl_certificate_key /config/keys/cert.key;
diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config
index 6b774df..abe1949 100644
--- a/web/rootfs/etc/cont-init.d/10-config
+++ b/web/rootfs/etc/cont-init.d/10-config
@@ -16,7 +16,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
             sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
             popd
         fi
-        if [[ ! -f /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
+        if [[ ! -f /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
             STAGING=""
             if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
                 STAGING="--staging"
@@ -37,11 +37,11 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
                 echo "Exiting."
                 exit 1
             fi
-            mkdir -p /etc/nginx/acme/$LETSENCRYPT_DOMAIN
+            mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
             if ! /config/acme.sh/acme.sh \
                     --install-cert -d $LETSENCRYPT_DOMAIN \
-                    --key-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/key.pem  \
-                    --fullchain-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
+                    --key-file /config/acme-certs/$LETSENCRYPT_DOMAIN/key.pem  \
+                    --fullchain-file /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
                 echo "Failed to install certificate."
                 # this tries to get the user's attention and to spare the
                 # authority's rate limit: