From 623830c910a7fe0635fcde4d2a77dd8519d658c6 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Thu, 29 Aug 2019 14:02:16 +0200
Subject: rotate-keys: make directory of webserver configurable

---
 cb.conf        | 3 +++
 rotate-keys.in | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/cb.conf b/cb.conf
index 21187c3..377067c 100644
--- a/cb.conf
+++ b/cb.conf
@@ -11,3 +11,6 @@ ca_host='user@ca.example.com'
 
 # which user owns the certificates (not root)
 certificate_user='http'
+
+# directory of the webserver - must be reachable via https://$host/.csr/
+webserver_dir='/srv/http/httpdocs/.csr'
diff --git a/rotate-keys.in b/rotate-keys.in
index f965928..0ba3480 100644
--- a/rotate-keys.in
+++ b/rotate-keys.in
@@ -72,7 +72,7 @@ if [ -n "$(trap)" ]; then
   exit 1
 fi
 
-tmp_dir=$(mktemp -d '/srv/http/httpdocs/.csr/tmp.XXXXXXXXXX')
+tmp_dir=$(mktemp -d "${webserver_dir}"'/tmp.XXXXXXXXXX')
 trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
 
 printf '%s\n' "${hosts}" \
-- 
cgit v1.2.3-54-g00ecf