Hi! On Sun, Jan 31, 2021 at 05:48:25AM -0800, Michel Lespinasse wrote: > Dehydrated supports two locations for config settings: > - The main config file, /etc/dehydrated/config by default > - Per-certificate config files, i.e. certs/*/config > > Settings defined in the per-certificate config files are expected to > only affect that particular certificate. But, this doesn't seem to be > the case - in particular, I noticed that PRIVATE_KEY_ROLLOVER was also > affecting certificates that are processed later in the run. > > Looking at the code, I think I found the root cause.
Could I ask if you'd be willing to forward this issue directly upstream at https://github.com/dehydrated-io/dehydrated/issues ? > The store_configvars() and reset_configvars() are expected to save the > canonical (as per the global config file) settings and restore them > before processing each certificate. But, the set of variables that are > saved by these functions is only a subset of those that can be set in > per-certificate config files; in particular the OCSP_FETCH, OCSP_DAYS, > and PRIVATE_KEY_ROLLOVER settings are missing. So, only from reading your report, this might be as trivial as you say. If you tried to patch it and it works you might as well also propose this in the form of a merge request in the above github repository :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
