place certs into subdirs by service type

[tooling/letool.git] / bin / newcert

diff --git a/bin/newcert b/bin/newcert
index 6817b704518de9bb13519a83b2535018c9d8bb0c..5b5f9a050c18676afea42bcff5d47c93495c9848 100755 (executable)
--- a/bin/newcert
+++ b/bin/newcert
@@ -93,11 +93,11 @@ def authorize(sans):
             return new_authorizations
 
 
-def get_certificate(cname, sans):
+def get_certificate(servicetype, cname, sans):
     registration, acme_client, account_key = get_client()    
     authorizations = authorize(sans)
     
-    with open(os.path.join("certs", cname, "key.pem"), "rb") as keyfd:
+    with open(os.path.join("certs", servicetype, cname, "key.pem"), "rb") as keyfd:
         private_key = serialization.load_pem_private_key(
             keyfd.read(),
             password=None,
@@ -120,7 +120,7 @@ def get_certificate(cname, sans):
     cert = acme_client.request_issuance(jrequest, authorizations)
     certs = acme_client.fetch_chain(cert)
 
-    with open(os.path.join("certs", cname, "cert.pem"), "wb") as certfd:
+    with open(os.path.join("certs", servicetype, cname, "cert.pem"), "wb") as certfd:
         certfd.write(cert.body._dump(OpenSSL.crypto.FILETYPE_PEM))
         for cert in certs:
             certfd.write(cert._dump(OpenSSL.crypto.FILETYPE_PEM))
@@ -143,10 +143,10 @@ def main():
     certificate_list = inventory[getfqdn()][args.servicetype]
     if type(certificate_list) is list:
         if args.certificate in certificate_list:
-            get_certificate(args.certificate, [args.certificate])
+            get_certificate(args.servicetype, args.certificate, [args.certificate])
     elif type(certificate_list) is dict:
         if args.certificate in certificate_list.keys():
-            get_certificate(args.certificate, certificate_list[args.certificate])
+            get_certificate(args.servicetype, args.certificate, certificate_list[args.certificate])
     else:
         print("unexpected type: %s", type(certificate_list))