From 235321985bbf41200b6660d074f2c7b7de91b559 Mon Sep 17 00:00:00 2001
From: syoul <syoul@librezo.fr>
Date: Tue, 17 Mar 2026 21:37:00 +0100
Subject: [PATCH] fix: acme.sh --home /etc/acme.sh pour stocker le cert sur le
 volume persistant

Sans --home, acme.sh ecrit dans /root/.acme.sh (non persiste).
Avec --home /etc/acme.sh (volume sonic_acme), le cert survit aux recreations
du container sonic-acme-1 et le chemin de copie vers /host/certs/ est correct.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .woodpecker.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index ae90560..07576f9 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -83,7 +83,9 @@ steps:
         # --- Certificat TLS (acme.sh via sonic-acme-1) ---
         # acme.sh est idempotent : skip si cert valide, renouvelle si proche expiration
         # Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur
+        # --home /etc/acme.sh = volume persistant sonic_acme (sinon /root/.acme.sh non persiste)
         docker exec sonic-acme-1 /app/acme.sh \
+          --home /etc/acme.sh \
           --issue -d "$DOMAIN" \
           --webroot /usr/share/nginx/html \
           --server letsencrypt \