From f18885a0ec90cd7cc5ffc41b515bc8ac6ad33b82 Mon Sep 17 00:00:00 2001
From: Lexi Winter <ivy@FreeBSD.org>
Date: Tue, 3 Jun 2025 10:10:34 +0100
Subject: domains.conf: support default options

---
 lfacme-renew.sh | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'lfacme-renew.sh')

diff --git a/lfacme-renew.sh b/lfacme-renew.sh
index ce7c7f2..0a487d8 100644
--- a/lfacme-renew.sh
+++ b/lfacme-renew.sh
@@ -109,7 +109,7 @@ _docert() {
 	local certfile="${dir}/${identifier}-cert.pem"
 
 	# these can be overridden by args
-	local keytype="ec"
+	local keytype=""
 	local altnames=""
 	local hooks=""
 	local domain=""
@@ -144,6 +144,11 @@ _docert() {
 		domain="$identifier"
 	fi
 
+	# Default key type is ec.
+	if [ -z "$keytype" ]; then
+		keytype="ec"
+	fi
+
 	# make sure all the hook scripts are valid.  if the hook name
 	# begins with a '/' it's a full path, otherwise it's related to
 	# ACME_HOOKDIR.
@@ -222,11 +227,18 @@ _docert() {
 }
 
 _exit=0
+_default_args=""
 
 cat "$_DOMAINS" \
 | egrep -v '^(#|[[:space:]]*$)' \
 | while read identifier args; do
-	if ! _docert "$identifier" $args; then
+
+	if [ "$identifier" = "*" ]; then
+		_default_args="$args"
+		continue
+	fi
+
+	if ! _docert "$identifier" $_default_args $args; then
 		_exit=1
 	fi
 done
-- 
cgit v1.2.3