# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1586527869 -7200
# Node ID fcf7f50ccdd051f875673e14d27147c1980cf84d
# Parent  c4b49939b471556d7ed7ff98f2e6771ce07a201e
core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526)

This makes
`prosodyctl cert import example.com /path/to/example.com/fullchain.pem`
work. This was never intended to, yet users commonly tried this and got
problems.

diff -r c4b49939b471 -r fcf7f50ccdd0 core/certmanager.lua
--- a/core/certmanager.lua	Fri Apr 03 22:35:47 2020 +0200
+++ b/core/certmanager.lua	Fri Apr 10 16:11:09 2020 +0200
@@ -73,13 +73,15 @@
 		local key_path = certs .. key_try[i]:format(name);
 
 		if stat(crt_path, "mode") == "file" then
-			if key_path:sub(-4) == ".crt" then
-				key_path = key_path:sub(1, -4) .. "key";
-				if stat(key_path, "mode") == "file" then
-					log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
-					return { certificate = crt_path, key = key_path };
+			if crt_path == key_path then
+				if key_path:sub(-4) == ".crt" then
+					key_path = key_path:sub(1, -4) .. "key";
+				elseif key_path:sub(-13) == "fullchain.pem" then
+					key_path = key_path:sub(1, -14) .. "privkey.pem";
 				end
-			elseif stat(key_path, "mode") == "file" then
+			end
+
+			if stat(key_path, "mode") == "file" then
 				log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
 				return { certificate = crt_path, key = key_path };
 			end