From: Lukas Schauer <lukas@schauer.so>
Date: Tue, 6 Feb 2018 20:19:33 +0000 (+0100)
Subject: only write csr file if renewal will be requested
X-Git-Tag: v0.6.0~19
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=da67297288c26b32d7354f7986a975b0e6c4f133;p=thirdparty%2Fdehydrated.git

only write csr file if renewal will be requested
---

diff --git a/dehydrated b/dehydrated
index bd0319a..375c907 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1170,14 +1170,16 @@ command_sign_domains() {
     skip="no"
 
     # Allow for external CSR generation
+    local csr=""
     if [[ -n "${HOOK}" ]]; then
-      local csr="$("${HOOK}" "generate_csr" "${domain}" "${certdir}" "${domain} ${morenames}")"
+      csr="$("${HOOK}" "generate_csr" "${domain}" "${certdir}" "${domain} ${morenames}")"
       if grep -q "\-----BEGIN CERTIFICATE REQUEST-----" <<< "${csr}"; then
         altnames="$(extract_altnames "${csr}")"
         domain="$(cut -d' ' -f1 <<< "${altnames}")"
         morenames="$(cut -s -d' ' -f2- <<< "${altnames}")"
         echo " + Using CSR from hook script (real names: ${altnames})"
-        printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr"
+      else
+        csr=""
       fi
     fi
 
@@ -1227,6 +1229,7 @@ command_sign_domains() {
     # Sign certificate for this domain
     if [[ ! "${skip}" = "yes" ]]; then
       update_ocsp="yes"
+      [[ -z "${csr}" ]] || printf "%s" "${csr}" > "${certdir}/cert-${timestamp}.csr"
       if [[ "${PARAM_KEEP_GOING:-}" = "yes" ]]; then
         sign_domain "${certdir}" ${timestamp} ${domain} ${morenames} &
         wait $! || true