2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Allow only Single CERTHOME to avoid issues in edge conditions

Browse Source
This commit is contained in:
Samuel Huang
2023-09-10 19:14:03 +10:00
parent 5c37620ceb
commit 79c2d05e33
11 changed files with 104 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -77,7 +77,7 @@ server-xray <server-options>
-u|--user <global-user-options> u=id0[:level[:email]][,u=id1][...]
-k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit
-r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert
-c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/
-c|--cert-home <cert-home-dir> [Optional] Reading TLS certs from folder <cert-home-dir>/<domain-name>/
-i|--stdin [Optional] Read config from stdin instead of auto generation
-d|--debug [Optional] Start in debug mode with verbose output
```

23
run.sh
View File

@@ -1,7 +1,10 @@
#!/bin/bash
#while :; do sleep 2073600; done
DIR=`dirname $0`
DIR="$(cd $DIR; pwd)"
CERTHOME="/root/.acme.sh"
XCONF=/tmp/server-xray.json
usage() {
@@ -25,12 +28,12 @@ usage() {
echo " -u|--user <global-user-options> u=id0[:level[:email]][,u=id1][...]"
echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit"
echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert"
echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/"
echo " -c|--cert-home <cert-home-dir> [Optional] Reading TLS certs from folder <cert-home-dir>/<domain-name>/"
echo " -i|--stdin [Optional] Read config from stdin instead of auto generation"
echo " -d|--debug [Optional] Start in debug mode with verbose output"
}
TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-path:,ltx:,ltt:,lttw:,ltpw:,mtt:,mttw:,mtpw:,ttt:,tttw:,ttpw:,lttg:,ltpg:,ssa:,sst:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@`
TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-home:,ltx:,ltt:,lttw:,ltpw:,mtt:,mttw:,mtpw:,ttt:,tttw:,ttpw:,lttg:,ltpg:,ssa:,sst:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@`
if [ $? != 0 ] ; then usage; exit 1 ; fi
eval set -- "$TEMP"
@@ -44,8 +47,8 @@ while true ; do
CERTDOMAIN+=("$2")
shift 2
;;
-c|--cert-path)
CERTPATH+=("$2")
-c|--cert-home)
CERTHOME="$2"
shift 2
;;
-i|--stdin)
@@ -100,10 +103,11 @@ if [ -n "${CERTDOMAIN}" ]; then
for DOMAIN in "${CERTDOMAIN[@]}"
do
TRY=0
while [ ! -f "/root/.acme.sh/${DOMAIN}/fullchain.cer" ] || [ ! -f "/root/.acme.sh/${DOMAIN}/${DOMAIN}.key" ]
while [ ! -f "/${CERTHOME}/${DOMAIN}/fullchain.cer" ] || [ ! -f "/${CERTHOME}/${DOMAIN}/${DOMAIN}.key" ]
do
echo "Requesting TLS cert for ${DOMAIN} ..."
/root/acme.sh/acme.sh --issue --standalone -d ${DOMAIN} --debug
echo "/root/acme.sh/acme.sh --cert-home ${CERTHOME} --issue --standalone -d ${DOMAIN} --debug"
/root/acme.sh/acme.sh --cert-home "${CERTHOME}" --issue --standalone -d ${DOMAIN} --debug
((TRY++))
if [ "${TRY}" -ge 3 ]; then
echo "Requesting TLS cert for ${DOMAIN} failed. Check log please."
@@ -118,11 +122,7 @@ fi
echo '{"log":{"loglevel":"warning"}, "inbounds":[], "outbounds":[{"protocol":"freedom"}]}' |jq .|sponge $XCONF
xopt="xconf=$XCONF"
CERTPATH+=("/root/.acme.sh")
for cp in "${CERTPATH[@]}"
do
xopt="$xopt,certpath=$cp"
done
xopt="$xopt,certhome=$CERTHOME"
for uopt in "${UOPT[@]}"
do
xopt="$xopt,$uopt"
@@ -158,6 +158,7 @@ if [ -n "${SVCMD}" ]; then
ngcmd="${ngcmd} --ng-proxy ${ngproxy}"
done
$ngcmd
ret=$?; if [ $ret != 0 ] ; then echo "\nNon-zero result $ret from the following cmd:\n$ngcmd"; exit $ret ; fi
nginx;
fi

19
server-ltt.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-ltt <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-ltt <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -30,8 +30,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-lttg.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-lttg <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<service=svcname>"
echo "Usage: server-lttg <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<service=svcname>"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -30,8 +30,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -100,14 +100,11 @@ cat $XCONF |jq --arg port "${port}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/2"]}} ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-lttw.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-lttw <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-lttw <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -33,8 +33,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-ltx.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-ltx <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-ltx <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -30,8 +30,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-mtt.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-mtt <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-mtt <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -30,8 +30,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-mttw.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-mttw <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-mttw <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -33,8 +33,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

29
server-nginx.sh
View File

@@ -2,10 +2,11 @@
DIR=`dirname $0`
DIR="$(cd $DIR; pwd)"
TPL="site-ssl.conf.tpl"
usage() {
echo "server-nginx --ng-opt <c=certpath,d=domain>[,p=443] --ng-proxy <p=xport,l=location,n=grpc|ws>[,h=127.0.0.1]"
echo " --ng-opt <c=cert-path-root,d=host-domain>[,p=443]"
echo "server-nginx --ng-opt <c=certhome,d=domain>[,p=443] --ng-proxy <p=xport,l=location,n=grpc|ws>[,h=127.0.0.1]"
echo " --ng-opt <c=cert-home-dir,d=host-domain>[,p=443]"
echo " --ng-proxy <p=port-backend,l=location-path,n=grpc|ws>[,h=127.0.0.1][,d=host-domain]"
}
@@ -48,14 +49,14 @@ fi
for ngopt in "${NGOPT[@]}"
do
unset certpath
unset certhome
options=(`echo $ngopt |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -67,28 +68,19 @@ do
esac
done
if [ -z "${certpath}" ]; then echo "Error: certpath undefined."; usage; exit 1; fi
if [ -z "${certhome}" ]; then echo "Error: certhome undefined."; usage; exit 1; fi
if [ -z "${domain}" ]; then echo "Error: domain undefined."; usage; exit 1; fi
if [ -z "${port}" ]; then port=443; fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "${domain} TLS cert missing?"
echo "Abort."
exit 2
fi
TPL="site-ssl.conf.tpl"
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
@@ -152,3 +144,4 @@ do
sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf
done
done
exit 0

19
server-ttt.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-ttt <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=password[:level[:email]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-ttt <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=password[:level[:email]]>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -30,8 +30,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"

19
server-tttw.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
usage() {
echo "Usage: server-tttw <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=password[:level[:email]],<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
echo "Usage: server-tttw <xconf=xray-config-file>,<certhome=cert-home-dir>,<port=443>,<domain=mydomain.com>,<user=password[:level[:email]],<path=websocket-path>[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]"
}
options=(`echo $1 |tr ',' ' '`)
@@ -12,8 +12,8 @@ do
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
c|certhome)
certhome="${kv[1]}"
;;
p|port)
port="${kv[1]}"
@@ -33,8 +33,8 @@ do
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
if [ -z "${certhome}" ]; then
echo "Error: certhome undefined."
usage
exit 1
fi
@@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \
'( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then
fullchain="${certhome}/${domain}/fullchain.cer"
prvkey="${certhome}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"