+local global_certificates = configmanager.get("*", "certificates") or "certs";
+
+local crt_try = { "", "/%s.crt", "/%s/fullchain.pem", "/%s.pem", };
+local key_try = { "", "/%s.key", "/%s/privkey.pem", "/%s.pem", };
+
+local function find_cert(user_certs, name)
+ local certs = resolve_path(config_path, user_certs or global_certificates);
+ for i = 1, #crt_try do
+ local crt_path = certs .. crt_try[i]:format(name);
+ local key_path = certs .. key_try[i]:format(name);
+
+ if stat(crt_path, "mode") == "file" then
+ if key_path:sub(-4) == ".crt" then
+ key_path = key_path:sub(1, -4) .. "key";
+ if stat(key_path, "mode") == "file" then
+ return { certificate = crt_path, key = key_path };
+ end
+ elseif stat(key_path, "mode") == "file" then
+ return { certificate = crt_path, key = key_path };
+ end
+ end
+ end
+end
+
+local function find_host_cert(host)
+ if not host then return nil; end
+ return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$"));
+end
+
+local function find_service_cert(service, port)
+ local cert_config = configmanager.get("*", service.."_certificate");
+ if type(cert_config) == "table" then
+ cert_config = cert_config[port] or cert_config.default;
+ end
+ return find_cert(cert_config, service);
+end
+
+-- Built-in defaults