Add custom SSL certificate priority configuration and update related identifiers

2026-05-24 09:28:37 +00:00 · 2024-12-31 14:04:56 +00:00 · 2024-12-31 14:04:56 +00:00 · 11c6f2635d
commit 11c6f2635d
parent 0fd01af23c
2 changed files with 18 additions and 7 deletions
--- a/src/common/core/customcert/jobs/custom-cert.py
+++ b/src/common/core/customcert/jobs/custom-cert.py
@ -85,13 +85,14 @@ try:

            LOGGER.info(f"Service {first_server} is using custom SSL certificates, checking ...")

+            cert_priority = getenv(f"{first_server}_CUSTOM_SSL_CERT_PRIORITY", getenv("CUSTOM_SSL_CERT_PRIORITY", "file"))
            cert_file = getenv(f"{first_server}_CUSTOM_SSL_CERT", getenv("CUSTOM_SSL_CERT", ""))
            key_file = getenv(f"{first_server}_CUSTOM_SSL_KEY", getenv("CUSTOM_SSL_KEY", ""))
            cert_data = getenv(f"{first_server}_CUSTOM_SSL_CERT_DATA", getenv("CUSTOM_SSL_CERT_DATA", ""))
            key_data = getenv(f"{first_server}_CUSTOM_SSL_KEY_DATA", getenv("CUSTOM_SSL_KEY_DATA", ""))

            if (cert_file or cert_data) and (key_file or key_data):
-                if cert_file:
+                if (cert_priority == "file" or not cert_data) and cert_file:
                    cert_file = Path(cert_file)
                else:
                    try:
@ -102,7 +103,7 @@ try:
                        status = 2
                        continue

-                if key_file:
+                if (cert_priority == "file" or not key_data) and key_file:
                    key_file = Path(key_file)
                else:
                    try:
--- a/src/common/core/customcert/plugin.json
+++ b/src/common/core/customcert/plugin.json
@ -9,16 +9,26 @@
      "context": "multisite",
      "default": "no",
      "help": "Use custom HTTPS certificate.",
-      "id": "use-custom-https",
+      "id": "use-custom-ssl",
      "label": "Use custom certificate",
      "regex": "^(yes|no)$",
      "type": "check"
    },
+    "CUSTOM_SSL_CERT_PRIORITY": {
+      "context": "multisite",
+      "default": "file",
+      "help": "Choose whether to prioritize the certificate from file path or from base64 data. (file | data)",
+      "id": "custom-ssl-cert-priority",
+      "label": "Certificate priority",
+      "regex": "^(file|data)$",
+      "type": "select",
+      "select": ["file", "data"]
+    },
    "CUSTOM_SSL_CERT": {
      "context": "multisite",
      "default": "",
      "help": "Full path of the certificate or bundle file (must be readable by the scheduler).",
-      "id": "custom-https-cert",
+      "id": "custom-ssl-cert",
      "label": "Certificate path",
      "regex": "^(/[\\w. \\-]+)*/?$",
      "type": "text"
@ -27,7 +37,7 @@
      "context": "multisite",
      "default": "",
      "help": "Full path of the key file (must be readable by the scheduler).",
-      "id": "custom-https-key",
+      "id": "custom-ssl-key",
      "label": "Key path",
      "regex": "^(/[\\w. \\-]+)*/?$",
      "type": "text"
@ -36,7 +46,7 @@
      "context": "multisite",
      "default": "",
      "help": "Certificate data encoded in base64.",
-      "id": "custom-https-cert-data",
+      "id": "custom-ssl-cert-data",
      "label": "Certificate data (base64)",
      "regex": "^.*$",
      "type": "text"
@ -45,7 +55,7 @@
      "context": "multisite",
      "default": "",
      "help": "Key data encoded in base64.",
-      "id": "custom-https-key-data",
+      "id": "custom-ssl-key-data",
      "label": "Key data (base64)",
      "regex": "^.*$",
      "type": "text"