From 90f9254fc3eb906fda27404b71523bcc37796d84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Kr=C3=BCger?= <zauguin@gmail.com>
Date: Fri, 29 Jan 2016 18:25:50 +0100
Subject: [PATCH 1/2] Fix multiple snakeoil certs for nginx

---
 letsencrypt-nginx/letsencrypt_nginx/configurator.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/letsencrypt-nginx/letsencrypt_nginx/configurator.py b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
index 691688969..0da12d143 100644
--- a/letsencrypt-nginx/letsencrypt_nginx/configurator.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
@@ -310,11 +310,11 @@ class NginxConfigurator(common.Plugin):
         key = OpenSSL.crypto.load_privatekey(
             OpenSSL.crypto.FILETYPE_PEM, le_key.pem)
         cert = acme_crypto_util.gen_ss_cert(key, domains=[socket.gethostname()])
-        cert_path = os.path.join(tmp_dir, "cert.pem")
         cert_pem = OpenSSL.crypto.dump_certificate(
             OpenSSL.crypto.FILETYPE_PEM, cert)
-        with open(cert_path, 'w') as cert_file:
-            cert_file.write(cert_pem)
+        cert_file, cert_path = le_util.unique_file(os.path.join(tmp_dir, "cert.pem"))
+        cert_file.write(cert_pem)
+        cert_file.close()
         return cert_path, le_key.file
 
     def _make_server_ssl(self, vhost):

From 52894206927477fbc054f18b655c8c4dc81d6e7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Kr=C3=BCger?= <zauguin@gmail.com>
Date: Fri, 29 Jan 2016 20:40:28 +0100
Subject: [PATCH 2/2] Protect opened files against IO-exceptions

---
 letsencrypt-nginx/letsencrypt_nginx/configurator.py | 4 ++--
 letsencrypt/crypto_util.py                          | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/letsencrypt-nginx/letsencrypt_nginx/configurator.py b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
index 0da12d143..3d48d100f 100644
--- a/letsencrypt-nginx/letsencrypt_nginx/configurator.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
@@ -313,8 +313,8 @@ class NginxConfigurator(common.Plugin):
         cert_pem = OpenSSL.crypto.dump_certificate(
             OpenSSL.crypto.FILETYPE_PEM, cert)
         cert_file, cert_path = le_util.unique_file(os.path.join(tmp_dir, "cert.pem"))
-        cert_file.write(cert_pem)
-        cert_file.close()
+        with cert_file:
+            cert_file.write(cert_pem)
         return cert_path, le_key.file
 
     def _make_server_ssl(self, vhost):
diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py
index 730c32398..76265a739 100644
--- a/letsencrypt/crypto_util.py
+++ b/letsencrypt/crypto_util.py
@@ -53,8 +53,8 @@ def init_save_key(key_size, key_dir, keyname="key-letsencrypt.pem"):
                                config.strict_permissions)
     key_f, key_path = le_util.unique_file(
         os.path.join(key_dir, keyname), 0o600)
-    key_f.write(key_pem)
-    key_f.close()
+    with key_f:
+        key_f.write(key_pem)
 
     logger.info("Generating key (%d bits): %s", key_size, key_path)