From 644f1ecaaf9489c3f8a5288b74758b2e0aaf209f Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Sun, 30 Apr 2023 22:29:01 -0400
Subject: [PATCH] add option, fix nginx

---
 web-conf | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/web-conf b/web-conf
index 977c8cf..38dce52 100755
--- a/web-conf
+++ b/web-conf
@@ -43,6 +43,7 @@ distro-setup, and log-quiet.
 EXTRA_SETTINGS_FILE can be - for stdin
 -a IPv4_ADDR      IP address to listen on. Default all addresses.
                   ipv6 address support could be added to this script.
+-c CERT_FOLDER    No letsencrypt. use fullchain.pem and privkey.pem in this folder.
 -e EMAIL          Contact address for let's encrypt. Default is
                   root@\$(hostname --fqdn')
                   which is root@$(hostname --fqdn) on this host.
@@ -64,7 +65,7 @@ symlinkarg=-
 ssl=true
 extra_settings=
 port=443
-temp=$(getopt -l help a:e:if:p:r:sh "$@") || usage 1
+temp=$(getopt -l help a:c:e:if:p:r:sh "$@") || usage 1
 vhostip='*'
 eval set -- "$temp"
 while true; do
@@ -73,6 +74,7 @@ while true; do
       listenip="$2:"
       vhostip="$2"
       shift 2 ;;
+    -c) oob_cert_dir="$2"; shift 2 ;;
     -e) email="$2"; shift 2 ;;
     -f) proxy="$2"; shift 2 ;;
     -i) ssl=false; shift ;;
@@ -118,7 +120,11 @@ fi
 ##### end command line parsing ########
 
 se=/etc/$t/sites-enabled
-cert_dir=/etc/letsencrypt/live/$h
+if [[ $oob_cert_dir ]]; then
+  cert_dir="$oob_cert_dir"
+else
+  cert_dir=/etc/letsencrypt/live/$h
+fi
 
 mkdir -p $root
 case $port in
@@ -138,7 +144,7 @@ if [[ $port == 80 ]]; then
 fi
 
 
-if $ssl; then
+if [[ ! $oob_cert_dir ]] && $ssl; then
 
   $this_dir/certbot-setup $t
 
@@ -415,7 +421,7 @@ server {
   server_name $h www.$h;
   listen 80 $http2_arg;
   listen [::]:80 $http2_arg;
-  return 301 https://$server_name$request_uri;
+  return 301 https://\$server_name\$request_uri;
 }
 EOF
     fi
-- 
2.30.2