If acme_tiny returns the CA cert as well, use it

webmin/letsencrypt-lib.pl

@@ -329,8 +329,28 @@ else {
 		}
 	-r $cert && -s $cert || return (0, &text('letsencrypt_ecert', $cert));
 
-	# Download the latest chained cert files
+	# Check if the returned cert contains a CA cert as well
 	my $chain = &transname();
+	my @certs = &cert_file_split($cert);
+	my %donecert;
+	if (@certs > 1) {
+		# Yes .. keep the first as the cert, and use the others as
+		# the chain
+		my $orig = shift(@certs);
+		my $fh = "CHAIN";
+		&open_tempfile($fh, ">$chain");
+		foreach my $c (@certs) {
+			&print_tempfile($fh, $c);
+			$donecert{$c}++;
+			}
+		&close_tempfile($fh);
+		my $fh2 = "CERT";
+		&open_tempfile($fh2, ">$cert");
+		&print_tempfile($fh2, $orig);
+		&close_tempfile($fh2);
+		}
+
+	# Download the latest chained cert files
 	foreach my $url (@$letsencrypt_chain_urls) {
 		my $cout;
 		my ($host, $port, $page, $ssl) = &parse_http_url($url);
@@ -344,10 +364,12 @@ else {
 			&cleanup_wellknown($wellknown_new, $challenge_new);
 			return (0, &text('letsencrypt_echain2', $url));
 			}
-		my $fh = "CHAIN";
-		&open_tempfile($fh, ">>$chain");
-		&print_tempfile($fh, $cout);
-		&close_tempfile($fh);
+		if (!$donecert{$cout}++) {
+			my $fh = "CHAIN";
+			&open_tempfile($fh, ">>$chain");
+			&print_tempfile($fh, $cout);
+			&close_tempfile($fh);
+			}
 		}
 
 	# Copy the per-domain files

webmin/webmin-lib.pl

@@ -1919,6 +1919,29 @@ close(OUT);
 return $data;
 }
 
+=head2 cert_file_split(file)
+
+Returns a list of certs in some file
+
+=cut
+sub cert_file_split
+{
+my ($file) = @_;
+my @rv;
+my $lref = &read_file_lines($file, 1);
+foreach my $l (@$lref) {
+	my $cl = $l;
+	$cl =~ s/^#.*//;
+	if ($cl =~ /^-----BEGIN/) {
+		push(@rv, $cl."\n");
+		}
+	elsif ($cl =~ /\S/ && @rv) {
+		$rv[$#rv] .= $cl."\n";
+		}
+	}
+return @rv;
+}
+
 =head2 get_blocked_users_hosts(&miniserv)
 
 Returns a list of blocked users and hosts from the file written by Webmin