From ae138da91622113a523f2784b98eda3a9a0fa4b0 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 27 Sep 2022 12:18:47 -0700
Subject: [PATCH] Set ACME CA bundle for revocation

---
 root/etc/cont-init.d/50-certbot | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot
index 76661b3..37bfdf6 100644
--- a/root/etc/cont-init.d/50-certbot
+++ b/root/etc/cont-init.d/50-certbot
@@ -222,6 +222,10 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "
     fi
     if [ "$ORIGCERTPROVIDER" = "custom" ]; then
 		REV_ACMESERVER=$ORIGACMEURL
+		if [ -n "$ORIGACMECABUNDLE" ]; then
+			echo "$ORIGACMECABUNDLE" | base64 -d - > /config/origcabundle.pem
+			export REQUESTS_CA_BUNDLE="/config/origcabundle.pem"
+		fi
     elif [ "$ORIGCERTPROVIDER" = "zerossl" ] && [ -n "$ORIGEMAIL" ]; then
         REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ORIGEMAIL")
         REV_ZEROSSL_EAB_KID=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")