diff mbox series

[bug#49213,v2] services: certbot: Add option to use CSR file.

Message ID 20210624191837.6615-1-rg@raghavgururajan.name
State Accepted
Headers show
Series [bug#49213,v2] services: certbot: Add option to use CSR file. | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch success View Laminar job
cbaines/issue success View issue

Commit Message

Raghav Gururajan June 24, 2021, 7:18 p.m. UTC 
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
---
 doc/guix.texi            | 7 +++++++
 gnu/services/certbot.scm | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index 15e8999447..fce72a9fb5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -91,6 +91,7 @@  Copyright @copyright{} 2020 Edgar Vincent@*
 Copyright @copyright{} 2021 Maxime Devos@*
 Copyright @copyright{} 2021 B. Wilson@*
 Copyright @copyright{} 2021 Xinglu Chen@*
+Copyright @copyright{} 2021 Raghav Gururajan@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -25934,6 +25935,12 @@  the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
 and gives Let's Encrypt permission to log the public IP address of the
 requesting machine.
 
+@item @code{csr} (default: @code{#f})
+File name of Certificate Signing Request (CSR) in DER or PEM format.
+If @code{#f} is specified, this argument will not be passed to certbot.
+If a value is provided, certbot will use it to obtain a certificate, instead of
+using a randomly-generated CSR.
+
 @item @code{authentication-hook} (default: @code{#f})
 Command to be run in a shell once for each certificate challenge to be
 answered.  For this command, the shell variable @code{$CERTBOT_DOMAIN}
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 1c67ff63f1..c73142ca81 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -55,6 +55,8 @@ 
                        (default '()))
   (challenge           certificate-configuration-challenge
                        (default #f))
+  (csr                       certificate-configuration-csr
+                       (default #f))
   (authentication-hook certificate-authentication-hook
                        (default #f))
   (cleanup-hook        certificate-cleanup-hook
@@ -95,7 +97,7 @@ 
               (match-lambda
                 (($ <certificate-configuration> custom-name domains challenge
                                                 authentication-hook cleanup-hook
-                                                deploy-hook)
+                                                deploy-hook csr)
                  (let ((name (or custom-name (car domains))))
                    (if challenge
                      (append
@@ -110,6 +112,7 @@ 
                           '("--register-unsafely-without-email"))
                       (if server `("--server" ,server) '())
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+                      (if csr `("--csr" ,csr) '())
                       (if authentication-hook
                           `("--manual-auth-hook" ,authentication-hook)
                           '())
@@ -125,6 +128,7 @@ 
                           '("--register-unsafely-without-email"))
                       (if server `("--server" ,server) '())
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+                      (if csr `("--csr" ,csr) '())
                       (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
               certificates)))
        (program-file