#!/bin/bash
set -euo pipefail

source $1

logger -t letsencrypt "Checking certificate ${LETSENCRYPT_CRT}"
daysleft=$(/usr/local/bin/acme-primitives.py remaining_days "${LETSENCRYPT_CRT}" || echo "0") 2>/dev/null
[ "$daysleft" -lt "$LETSENCRYPT_REMAININGDAYS" ] || { logger -t letsencrypt "Cert has ${LETSENCRYPT_REMAININGDAYS} days remaining, not renewing" exit 0; }

folder="$(mktemp -d)"
cd "${folder}"
logger -t letsencrypt "Renewing certificate"
/usr/local/bin/acme-primitives.py get_cert --directory 'https://acme-v02.api.letsencrypt.org/directory' --acc /etc/ssl/letsencrypt_account.key --csr "${LETSENCRYPT_CSR}" /usr/local/bin/letsencrypt_deploy_challenge.sh > chained.pem

cat chained.pem "$LETSENCRYPT_KEY" > full.pem
openssl x509 -in chained.pem > cert.pem

chown -R root:ssl-cert .
chmod 0644 chained.pem
chmod 0644 cert.pem
chmod 0640 full.pem

mv chained.pem "$LETSENCRYPT_CHAIN"
mv cert.pem "$LETSENCRYPT_CRT"
mv full.pem "$LETSENCRYPT_FULL"

cd
rm -r "$folder"

logger -t letsencrypt "Success, restarting services ( ${LETSENCRYPT_SERVICES} )..."

for i in ${LETSENCRYPT_SERVICES}; do
	/bin/systemctl "${i}" restart
done

logger -t letsencrypt "done"