added transfer command; delete files if acme.sh --install-cert ... failes

cm.sh

@@ -20,6 +20,7 @@
 # 2021-03-22  <axel.hahn@iml.unibe.ch>  for haproxy: use chained cert instead of server cert
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  reject multiple usage of fqdn in cli params
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  optional: force excecution with a given user only
+# 2021-06-24  <axel.hahn@iml.unibe.ch>  added transfer command; delete files if acme.sh --install-cert ... failes
 # ======================================================================
 
 
@@ -99,9 +100,13 @@ function _certTransfer(){
 		-d ${CM_fqdn} \
 		--cert-file       ${CM_outfile_cert}  \
 		--fullchain-file  ${CM_outfile_chain} \
-		--ca-file         ${CM_outfile_ca} \
-		|| exit 1
-		# --key-file        ${CM_dircerts}/${CM_fqdn}.key.pem  \
+		--ca-file         ${CM_outfile_ca}
+    if [ $? -ne 0 ]; then
+        echo "ERROR occured during transfer. Removing files in ${CM_dircerts} to prevent strange effects..."
+        rm -f "${CM_dircerts}/*"
+        exit
+    fi
+	echo "OK."
 	
 	_wd "--- copy key to ${CM_dircerts}"
 	cp ${CM_filekey} ${CM_outfile_key}
@@ -506,12 +511,22 @@ function public_show(){
 	echo CSR $CM_filecsr
 	openssl req -noout -text -in $CM_filecsr | grep -E "(Subject:|DNS:)" | sed "s#^\ *##g"
 
+	for myfile in ${CM_outfile_cert} ${CM_outfile_haproxy}
+	do
         echo $line
-	echo Cert ${CM_outfile_cert}
+        echo Cert ${myfile}
         # openssl x509 -noout -text -in ${CM_outfile_cert}
-	openssl x509 -noout -text -in ${CM_outfile_cert} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+        openssl x509 -noout -text -in ${myfile} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+    done
 }
 
+# Transfer cert from acme.sh internal cache to our output dir again
+function public_transfer(){
+	_requiresFqdn
+	_certExists
+
+	_certTransfer
+}
 
 # ----------------------------------------------------------------------
 #
@@ -607,6 +622,10 @@ The ACTIONs for SINGLE certificate handlings are:
                 show place of csr + certificate data and show basic certificate data
                 (issuer, subject, aliases, ending date)
 
+        transfer FQDN
+                Transfer cert from acme.sh internal cache to our output dir again.
+                It is done during add or renew. With transfer command you can repeat it.
+
 ACTIONs for ALL certs
 
         list

readme.md

@@ -42,10 +42,14 @@ A suggested structure is having acme.sh and this wrapper below the same parent d
 
 ## Usage
 
-Without any parameter it shows a help.
+### Selftest
 
 Verify a new setup (or changes in the config) with ``./cm.sh selftest``.
 
+### Show help
+
+Without any parameter it shows a help.
+
 ```text
 
 ./cm.sh 
@@ -96,6 +100,10 @@ The ACTIONs for SINGLE certificate handlings are:
                 show place of csr + certificate data and show basic certificate data
                 (issuer, subject, aliases, ending date)
 
+        transfer FQDN
+                Transfer cert from acme.sh internal cache to our output dir again.
+                It is done during add or renew. With transfer command you can repeat it.
+
 ACTIONs for ALL certs
 
         list