From a7302de7e5a567b68b37a063361a9f9763229735 Mon Sep 17 00:00:00 2001
From: gyurix <gyurix@gmail.com>
Date: Wed, 5 Nov 2025 10:10:00 +0100
Subject: [PATCH] Refactor start.letsencrypt.sh to enhance certificate
 management by adding config-home option in issue and renew commands

---
 start.letsencrypt.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/start.letsencrypt.sh b/start.letsencrypt.sh
index 35f165e..3bcd726 100755
--- a/start.letsencrypt.sh
+++ b/start.letsencrypt.sh
@@ -59,17 +59,17 @@ start_letsencrypt() {
         LETSENCRYPT_INSTALLED=true
     fi
 
-    if [ -f /acme.sh/$DOMAIN/fullchain.pem ]; then
+    if [ -f /acme.sh/$DOMAIN/fullchain.pem ] || [ ! -f /acme.sh/$DOMAIN/$DOMAIN.key ]; then
         ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Issuer | cut -d '=' -f2)
         SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Subject | cut -d '=' -f2)        
         if [ "$ISSUER" == "$SUBJECT" ]; then
             echo "Self signed certificate found"
-            sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1   
+            sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --config-home /acme.sh --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1   
         else  
-            sh /acme.sh/acme.sh $L_S $EK $EHK --renew --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
+            sh /acme.sh/acme.sh $L_S $EK $EHK --renew --standalone --config-home /acme.sh --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
         fi
     else
-        sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
+        sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --config-home /acme.sh --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
     fi
 
     RESPONSE=$?
@@ -78,7 +78,7 @@ start_letsencrypt() {
     if [ "$(echo $RESPONSE)" == "1" ]; then
         for retries in $(seq 0 $((RESTART + 1))); do
             if [[ $retries -le $RESTART ]]; then
-                sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >>$LOG_FILE 2>&1
+                sh /acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --config-home /acme.sh --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >>$LOG_FILE 2>&1
                 RESPONSE=$?
                 if [[ "$(echo $RESPONSE)" == "1" && "$(cat $LOG_FILE | grep force)" == "" ]]; then
                     sleep $TIMEOUT