#!/bin/sh

set -e

get_certificate() {
  local LIVE_DIR_PATH="/etc/letsencrypt/live"

  if [ -z "$CERT_DOMAINS" ]; then
    return
  fi

  if [ ! -d "$LIVE_DIR_PATH" ]; then
    mkdir -p $LIVE_DIR_PATH
  fi

  # Certificates are separated by semi-colon (;). Domains on each certificate are
  # separated by comma (,).
  local CERT_TARGETS=${CERT_DOMAINS//;/ }
  local RESULT_CODE=

  echo "Cerbot start to generate certificate."

  # Create or renew certificates. Don't exit on error. It's likely that certbot
  # will fail on first run, if HAproxy is not running.
  for DOMAINS in $CERT_TARGETS; do
    local FIRST_DOMAIN=${DOMAINS//,*/ } # read first domain
    echo "Certificating of $DOMAINS is start."

    if [[ ! -d "$LIVE_DIR_PATH/$FIRST_DOMAIN" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/fullchain.pem" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/privkey.pem" ]]; then
      certbot certonly \
          --agree-tos \
          --email "$CERT_EMAIL" \
          --domains "$DOMAINS" \
          --rsa-key-size $CERT_RSA_KEY_SIZE \
          --expand \
          --noninteractive \
          --logs-dir /var/log/letsencrypt/ \
          --webroot \
          --webroot-path /usr/share/nginx/html/ \
          $CERT_OPTIONS || true

      RESULT_CODE=$?
      echo "certbot exit code $RESULT_CODE"

      if [ $RESULT_CODE -ne 0 ]; then
        echo "Cerbot failed for $DOMAINS. Check the logs for details."
      fi
    else
      echo "Certificating of $DOMAINS is exist already."
    fi

  done

  echo "Cerbot ended to generate certificate."
}

get_certificate

update_crt_list.sh