From a0fc763a0c9ef43f8e0ee4c046d9aa3dbb4ceb11 Mon Sep 17 00:00:00 2001
From: Alexis Ben Miloud--Josselin <abenmiloud+git@evolix.fr>
Date: Tue, 20 Feb 2024 16:11:59 +0100
Subject: [PATCH] =?UTF-8?q?certbot:=20Utiliser=20pkey=20pour=20tester=20cl?=
 =?UTF-8?q?=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                          | 1 +
 certbot/files/hooks/deploy/hapee.sh   | 4 ++--
 certbot/files/hooks/deploy/haproxy.sh | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f490b48a..552d4dd6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -90,6 +90,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * vrrpd: variable to force update the switch script (default: false)
 * webapps/nextcloud: Add Ceph volume to fstab
 * webapps/nextcloud: Set home directory's mode
+* certbot: Utiliser pkey pour tester clé
 
 ### Fixed
 
diff --git a/certbot/files/hooks/deploy/hapee.sh b/certbot/files/hooks/deploy/hapee.sh
index 89b04452..d39da25b 100644
--- a/certbot/files/hooks/deploy/hapee.sh
+++ b/certbot/files/hooks/deploy/hapee.sh
@@ -39,8 +39,8 @@ concat_files() {
     chown root: "${hapee_cert_file}"
 }
 cert_and_key_mismatch() {
-    hapee_cert_md5=$(openssl x509 -noout -modulus -in "${hapee_cert_file}" | openssl md5)
-    hapee_key_md5=$(openssl rsa -noout -modulus -in "${hapee_cert_file}" | openssl md5)
+    hapee_cert_md5=$(openssl x509 -noout -pubkey -in "${hapee_cert_file}" | openssl md5)
+    hapee_key_md5=$(openssl pkey -noout -pubout -in "${hapee_cert_file}" | openssl md5)
 
     test "${hapee_cert_md5}" != "${hapee_key_md5}"
 }
diff --git a/certbot/files/hooks/deploy/haproxy.sh b/certbot/files/hooks/deploy/haproxy.sh
index 932a3e90..c08fafc2 100644
--- a/certbot/files/hooks/deploy/haproxy.sh
+++ b/certbot/files/hooks/deploy/haproxy.sh
@@ -29,8 +29,8 @@ concat_files() {
     chown root: "${haproxy_cert_file}"
 }
 cert_and_key_mismatch() {
-    haproxy_cert_md5=$(openssl x509 -noout -modulus -in "${haproxy_cert_file}" | openssl md5)
-    haproxy_key_md5=$(openssl rsa -noout -modulus -in "${haproxy_cert_file}" | openssl md5)
+    haproxy_cert_md5=$(openssl x509 -noout -pubkey -in "${haproxy_cert_file}" | openssl md5)
+    haproxy_key_md5=$(openssl pkey -noout -pubout -in "${haproxy_cert_file}" | openssl md5)
 
     test "${haproxy_cert_md5}" != "${haproxy_key_md5}"
 }