web: install acme certs to persistent storage

web/rootfs/defaults/ssl.conf

@@ -5,8 +5,8 @@ ssl_session_tickets off;
 
 # ssl certs
 {{ if .Env.ENABLE_LETSENCRYPT | default "0" | toBool }}
-ssl_certificate /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem;
+ssl_certificate /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem;
-ssl_certificate_key /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem;
+ssl_certificate_key /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem;
 {{ else }}
 ssl_certificate /config/keys/cert.crt;
 ssl_certificate_key /config/keys/cert.key;

web/rootfs/etc/cont-init.d/10-config

@@ -16,7 +16,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
             sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
             popd
         fi
-        if [[ ! -f /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
+        if [[ ! -f /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
             STAGING=""
             if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
                 STAGING="--staging"
@@ -37,11 +37,11 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
                 echo "Exiting."
                 exit 1
             fi
-            mkdir -p /etc/nginx/acme/$LETSENCRYPT_DOMAIN
+            mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
             if ! /config/acme.sh/acme.sh \
                     --install-cert -d $LETSENCRYPT_DOMAIN \
-                    --key-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/key.pem  \
+                    --key-file /config/acme-certs/$LETSENCRYPT_DOMAIN/key.pem  \
-                    --fullchain-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
+                    --fullchain-file /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
                 echo "Failed to install certificate."
                 # this tries to get the user's attention and to spare the
                 # authority's rate limit: