Add option save to crt file

[RemiZOffAlex]

This option for save crt data to file.

Example Usage:

python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /usr/share/nginx/html/.well-known/acme-challenge/ --crt-file signed_chain.crt

[olmari]

What benefit does this give instead of using python acme_tiny.py --options > signed.crt?

[felixfontein]

I guess the main difference is that on error, you are not left with a zero byte long signed.crt file.

[olmari]

You should only copy signed cert onto production system when acme-tiny has worked successfully anyway, no?

[felixfontein]

Obviously not. I was just pointing out that this is the main difference from my POV :)

[RemiZOffAlex]

What benefit does this give instead of using python acme_tiny.py --options > signed.crt?

Redirect stdout not work for others shells. Example IPython. IPython returned result as list

['Parsing account key...', 'Parsing CSR...', 'Registering account...', 'Already registered!', 'Verifying www.domain.com...', 'www.domain.com verified!', 'Verifying domain.com...', 'domain.com verified!', 'Signing certificate...', 'Certificate signed!', '-----BEGIN CERTIFICATE-----', ...]

[andreasscherbaum]

Then you specify a different output file, and check the file size before proceeding. I don't really see the problem this PR is solving ...

[RemiZOffAlex]

Then you specify a different output file, and check the file size before proceeding. I don't really see the problem this PR is solving ...

You can check for a problem by reproducing it yourself.

[andreasscherbaum]

You can check for a problem by reproducing it yourself.

Not necessary. The script which handles the renewal does specify a tmp filename, and then checks for the size of the certificate.

[olmari]

Here is script I made how I utilize acme-tiny on my envirovent... All the dile permissioning is still not documented, but script itself is there (and one should know who is allowed to use what file but anyway, hopefully helps somebody :) )

https://github.com/olmari/SSL-updater

[diafygi]

I think that printing the end cert to stdout is okay for now. If you need the certificate not dumped to stdout, I'd recommend calling acme_tiny.get_crt(...) (which returns the cert as a result) from inside your own script.