only write csr file if renewal will be requested

diff --git a/dehydrated b/dehydrated
index bd0319a0b9882acb9138c47292046548e965318e..375c90714b334fe7a738b7c0e2f9c4ef3537723f 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -1170,14 +1170,16 @@ command_sign_domains() {
     skip="no"
 
     # Allow for external CSR generation
+    local csr=""
     if [[ -n "${HOOK}" ]]; then
-      local csr="$("${HOOK}" "generate_csr" "${domain}" "${certdir}" "${domain} ${morenames}")"
+      csr="$("${HOOK}" "generate_csr" "${domain}" "${certdir}" "${domain} ${morenames}")"
       if grep -q "\-----BEGIN CERTIFICATE REQUEST-----" <<< "${csr}"; then
         altnames="$(extract_altnames "${csr}")"
         domain="$(cut -d' ' -f1 <<< "${altnames}")"
         morenames="$(cut -s -d' ' -f2- <<< "${altnames}")"
         echo " + Using CSR from hook script (real names: ${altnames})"
-        printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr"
+      else
+        csr=""
       fi
     fi
 
@@ -1227,6 +1229,7 @@ command_sign_domains() {
     # Sign certificate for this domain
     if [[ ! "${skip}" = "yes" ]]; then
       update_ocsp="yes"
+      [[ -z "${csr}" ]] || printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr"
       if [[ "${PARAM_KEEP_GOING:-}" = "yes" ]]; then
         sign_domain "${certdir}" ${timestamp} ${domain} ${morenames} &
         wait $! || true