[exim] Dynamic certificate paths

Top Page
Delete this message
Reply to this message
Author: Lance Lovette
Date:  
To: exim-users
Subject: [exim] Dynamic certificate paths
I'd like my TLS certificate paths to be dynamic and based on
primary_hostname. They're currently defined as such:

    tls_privatekey = /etc/letsencrypt/live/${primary_hostname}/privkey.pem


This works fine *if* primary_hostname is defined with a string literal.

    primary_hostname = smtp.mydomain.com


But I need primary_hostname to be dynamic, say read from a file.

    primary_hostname = ${readfile{/etc/mailname}{}}


But when configured this way, TLS connections fail because the readfile is
included in the certificate path, so it's not actually a path. TLS
connection failure error messages include:

    key=/etc/letsencrypt/live/${readfile{/etc/mailname}}/privkey.pem


Is what I'm trying to achieve possible? Like, is there a way to force
immediate expansion of the ${readfile{/etc/mailname}{}} assignment so
primary_hostname is considered a string literal by the rest of the
configuration?

My environment:

    $ exim --version
    Exim version 4.95 #2 built 23-Nov-2022 15:53:26


    $ exim -be '${primary_hostname}'
    ${readfile{/etc/mailname}{}}


    $ exim -be '${readfile{/etc/mailname}{}}'
    smtp.mydomain.com


Thanks!
Lance