From 02b1ff03e1698344dca6daea8bce2f346be9a4f4 Mon Sep 17 00:00:00 2001
From: beredim <beredim@users.noreply.github.com>
Date: Wed, 6 Jul 2022 18:04:59 +0300
Subject: [PATCH] Pass PKCS12_PASSWORD option to le-renew.sh

---
 root/app/le-renew.sh | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/root/app/le-renew.sh b/root/app/le-renew.sh
index 5c638a5..a9ec318 100644
--- a/root/app/le-renew.sh
+++ b/root/app/le-renew.sh
@@ -10,8 +10,12 @@ echo "Running certbot renew"
 if [ "$ORIGVALIDATION" = "dns" ] || [ "$ORIGVALIDATION" = "duckdns" ]; then
   certbot -n renew \
     --post-hook "if ps aux | grep [n]ginx: > /dev/null; then s6-svc -h /var/run/s6/services/nginx; fi; \
-    cd /config/keys/letsencrypt && \
-    openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && \
+    cd /config/keys/letsencrypt
+    if [[ -z "${PKCS12_PASSWORD}" ]]; then
+        openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:
+    else
+        openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:"${PKCS12_PASSWORD}"
+    fi    
     sleep 1 && \
     cat privkey.pem fullchain.pem > priv-fullchain-bundle.pem && \
     chown -R abc:abc /config/etc/letsencrypt"
@@ -19,8 +23,12 @@ else
   certbot -n renew \
     --pre-hook "if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi" \
     --post-hook "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; \
-    cd /config/keys/letsencrypt && \
-    openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && \
+    cd /config/keys/letsencrypt
+    if [[ -z "${PKCS12_PASSWORD}" ]]; then
+        openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:
+    else
+        openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:"${PKCS12_PASSWORD}"
+    fi
     sleep 1 && \
     cat privkey.pem fullchain.pem > priv-fullchain-bundle.pem && \
     chown -R abc:abc /config/etc/letsencrypt"