Only print full chain on signcsr command if --full-chain/-fc is set (related to #150)

CHANGELOG

@@ -6,7 +6,7 @@ This file contains a log of major changes in letsencrypt.sh
 - Config is now named `config` instead of `config.sh`!
 - Location of domains.txt is now configurable via DOMAINS_TXT config variable
 - Location of certs directory is now configurable via CERTDIR config variable
-- signcsr command now also outputs chain certificate
+- signcsr command now also outputs chain certificate if --full-chain/-fc is set
 - Location of account-key(s) changed
 - Default WELLKNOWN location is now `/var/www/letsencrypt`
 - New version of Let's Encrypt Subscriber Agreement

letsencrypt.sh

@@ -788,6 +788,13 @@ command_sign_csr() {
   certfile="$(_mktemp)"
   sign_csr "$(< "${csrfile}" )" 3> "${certfile}"
 
+  # print cert
+  echo "# CERT #" >&3
+  cat "${certfile}" >&3
+  echo >&3
+
+  # print chain
+  if [ -n "${PARAM_FULL_CHAIN:-}" ]; then
     # get and convert ca cert
     chainfile="$(_mktemp)"
     http_request get "$(openssl x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${chainfile}"
@@ -796,16 +803,14 @@ command_sign_csr() {
       openssl x509 -inform DER -in "${chainfile}" -outform PEM -out "${chainfile}"
     fi
 
-  # output full chain
-  echo "# CERT #" >&3
-  cat "${certfile}" >&3
-  echo >&3
     echo "# CHAIN #" >&3
     cat "${chainfile}" >&3
 
+    rm "${chainfile}"
+  fi
+
   # cleanup
   rm "${certfile}"
-  rm "${chainfile}"
 
   exit 0
 }
@@ -978,6 +983,12 @@ main() {
         set_command cleanup
         ;;
 
+      # PARAM_Usage: --full-chain (-fc)
+      # PARAM_Description: Print full chain when using --signcsr
+      --full-chain|-fc)
+        PARAM_FULL_CHAIN="1"
+        ;;
+
       # PARAM_Usage: --ipv4 (-4)
       # PARAM_Description: Resolve names to IPv4 addresses only
       --ipv4|-4)