From 620c7eb23e56fb3bdb801fcacc68b4c652ba8354 Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.so>
Date: Thu, 26 May 2016 15:41:25 +0200
Subject: [PATCH] output CA cert for signcsr command (fixes #150)

---
 letsencrypt.sh | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 0b8810b..9529c80 100755
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -667,7 +667,28 @@ command_sign_csr() {
     _exiterr "Could not read certificate signing request ${csrfile}"
   fi
 
-  sign_csr "$(< "${csrfile}" )"
+  # gen cert
+  certfile="$(_mktemp)"
+  sign_csr "$(< "${csrfile}" )" 3> "${certfile}"
+
+  # get and convert ca cert
+  chainfile="$(_mktemp)"
+  http_request get "$(openssl x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${chainfile}"
+
+  if ! grep -q "BEGIN CERTIFICATE" "${chainfile}"; then
+    openssl x509 -inform DER -in "${chainfile}" -outform PEM -out "${chainfile}"
+  fi
+
+  # output full chain
+  echo "# CERT #" >&3
+  cat "${certfile}" >&3
+  echo >&3
+  echo "# CHAIN #" >&3
+  cat "${chainfile}" >&3
+
+  # cleanup
+  rm "${certfile}"
+  rm "${chainfile}"
 
   exit 0
 }
-- 
2.47.3