Manual Authenticator mode: Choose where to save the cert and chain files


#1

Hi all,

I’m able to run letsencrypt using manual mode given the following script. When I do so, it creates a file that contains the cert and the chain in a single file called 0000_chain.pem in the same directory that the csr exists in. Is there a way to (1) generate the cert and chain as two separate files and (2) name the location of those files. I’m wondering because haproxy requires a pem file of the following format cert+privkey+intermediate+dhparam and the letsencrypt-auto command below generates a file that I have to parse out the cert and chain files and inject the key file. It would be much easier to cat each of the pieces together.

/opt/letsencrypt/letsencrypt-auto --email example@gmail.com --text \
--authenticator manual \
--work-dir /tmp/work/ \
--config-dir /tmp/config/ \
--logs-dir /tmp/logs/ auth \
--cert-path /tmp/certs/ \
--chain-path /tmp/chains/ \
--csr example.com.csr

I suspect that there’s a way to generate the cert and chain file as separate files, but can’t seem to find an option in the readme that suggests how to do it. Any ideas? Thanks for reading.


#2

@joejaz, do you end up with live and archive directories in this case?


#3

Today, I also made a certificate with the --csr option and I too ended up with those 0000-files in the current directory I was running the letsencrypt script from.

But I ended up with three pem-files:

  1. 0000_cert.pem: my certificate
  2. 0000_chain.pem: the IdenTrust intermediate certificate
  3. 0001_chain.pem: the two files above concatenated together.

So perhaps you can check again if you’ve got those files to be sure? Because I think you need those two 0000-files I mentioned, right?


#4

I don’t know if it’s the --csr option, but it doesn’t generate anything in the /archive/ nor /live/ directories.


#5

@schoen I didn’t see a live and archive directory. I checked the current directory, the /tmp/ directory, and the /etc/letsencrypt/ directory.


#6

I’m having an issue with this file naming behavior, although I’m using webroot mode rather than manual. I’m instructing the client to save its resultant files to a specific paths, but the client instead saves the files to names with an added prefix of 0000_ (or such).

Command used: ./letsencrypt-auto certonly --webroot --webroot-path /service/www/htdocs --cert-path /custom/path/to/cert.pem --key-path /custom/path/to/key.pem --fullchain-path /custom/path/to/fullchain.pem --chain-path /custom/path/to/chain.pem --csr /custom/path/to/csr.der

Results desired:
/custom/path/to/cert.pem
/custom/path/to/fullchain.pem
/custom/path/to/chain.pem

Results actually obtained:
/custom/path/to/0000_cert.pem
/custom/path/to/0000_fullchain.pem
/custom/path/to/0000_chain.pem

For now I am working working around this by deducing and renaming the files after the fact, but it would be simpler if the client could be relied on to use the exact file names specified for its result files. (And if a file already exists at that path, I’d rather see an error thrown than have to grep the output for a surprise name, but I could guardrail against that myself.)

Is this a bug, or is this behavior required for some reason? If the latter, is there a way to disable it?