#!/bin/bash
set -euo pipefail

source $1

daysleft=$(/usr/local/bin/acme-primitives.py remaining_days "$LETSENCRYPT_CRT" || echo "0") 2>/dev/null
[ "$daysleft" -lt "$LETSENCRYPT_REMAININGDAYS" ] || exit 0

folder="$(mktemp -d)"
cd "$folder"
/usr/local/bin/acme-primitives.py get_cert --directory 'https://acme-v02.api.letsencrypt.org/directory' --acc /etc/ssl/letsencrypt_account.key --csr $LETSENCRYPT_CSR /usr/local/bin/letsencrypt_deploy_challenge.sh > chained.pem

cat chained.pem "$LETSENCRYPT_KEY" > full.pem
openssl x509 -in chained.pem > cert.pem

chown -R root:ssl-cert .
chmod 0644 chained.pem
chmod 0644 cert.pem
chmod 0640 full.pem

mv chained.pem "$LETSENCRYPT_CHAIN"
mv cert.pem "$LETSENCRYPT_CRT"
mv full.pem "$LETSENCRYPT_FULL"

cd
rm -r "$folder"

for i in $LETSENCRYPT_SERVICES; do
	/bin/systemctl "$i" restart
done