From f27f491765b1d2e4edff7ac71ac801a4be7a323c Mon Sep 17 00:00:00 2001
From: VirtuBox <thomas@virtubox.net>
Date: Tue, 14 Jan 2020 16:30:08 +0100
Subject: [PATCH] Additional check for existant SSL certificates

---
 CHANGELOG.md    | 1 +
 wo/core/acme.py | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41cf92f..a1305c2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 #### Added
 
 - Backported Nano editor package for Debian/Ubuntu/Raspbian (which support syntax highlighting with `--nanorc`)
+- Protect Easy Digital Download files from being accessed directly (PR [#222](https://github.com/WordOps/WordOps/pull/222))
 
 #### Changed
 
diff --git a/wo/core/acme.py b/wo/core/acme.py
index 75c4bf9..aceef28 100644
--- a/wo/core/acme.py
+++ b/wo/core/acme.py
@@ -216,8 +216,13 @@ class WOAcme:
             if wo_domain_name == row[0]:
                 # check if cert expiration exist
                 if not row[3] == '':
-                    return True
+                    acme_cert = True
         certfile.close()
+        if acme_cert is True:
+            if os.path.exists(
+                '/etc/letsencrypt/live/{0}/fullchain.pem'
+                    .format(wo_domain_name)):
+                return True
         return False
 
     def removeconf(self, domain):