1b6cfd9796
Attempting to reuse keys on a basis different to the cert (AKA, storing the key in a directory with a hashed name different to the cert it is associated with) was ineffective since when "lego run" is used it will ALWAYS generate a new key. This causes issues when you revert changes since your "reused" key will not be the one associated with the old cert. As such, I tore out the whole keyDir implementation. As for the race condition, checking the mtime of the cert file was not sufficient to detect changes. In testing, selfsigned and full certs could be generated/installed within 1 second of each other. cmp is now used instead. Also, I removed the nginx/httpd reload waiters in favour of simple retry logic for the curl-based tests |
||
|---|---|---|
| .. | ||
| wrappers | ||
| acme.nix | ||
| acme.xml | ||
| apparmor-suid.nix | ||
| apparmor.nix | ||
| audit.nix | ||
| auditd.nix | ||
| ca.nix | ||
| chromium-suid-sandbox.nix | ||
| dhparams.nix | ||
| doas.nix | ||
| duosec.nix | ||
| google_oslogin.nix | ||
| hidepid.nix | ||
| hidepid.xml | ||
| lock-kernel-modules.nix | ||
| misc.nix | ||
| oath.nix | ||
| pam.nix | ||
| pam_mount.nix | ||
| pam_usb.nix | ||
| polkit.nix | ||
| rngd.nix | ||
| rtkit.nix | ||
| sudo.nix | ||
| systemd-confinement.nix | ||
| tpm2.nix | ||