#!/bin/bash

if [ "$#" -ne 4 ] ; then
	echo "Usage: $0 <service_name> <workdir> <cert_dir> <rfc2136_file>" >&2
	exit 1
fi

service="$1"
workdir="$2"
certs_dir="$3"
rfc2136_file="$4"
certbotopt="--non-interactive --config-dir $certs_dir --work-dir $workdir/work --logs-dir $workdir/logs --agree-tos -m contact@jean-cloud.org"

. /docker/$service/.env

echo "== acme for $service"
[ -z "$JC_DOMAINS" ] && exit 0

domains="$(echo "$JC_DOMAINS" | resolvable.sh ns.jean-cloud.org)"
#domains="$JC_DOMAINS"

[ -z "$domains" ] && exit 0

# Detect letsencrypt duplicates
if ls "$certs_dir/live/" | grep -q "^$service-" ; then
	echo "letsencrypt deplucate found for '$service'"
	exit 1
fi

if [ -e "$certs_dir/live/$service/cert.pem" ] ; then
	echo Cert already exists
	current_domains="$(openssl x509 -text -in "$certs_dir/live/$service/cert.pem" | grep  'DNS:' | sed -e 's/, /\n/g' -e 's/DNS://g' -e 's/ //g' | sort -u | tr '\n' ' ' | sed 's/ $//' )"
	if [ "$current_domains" = "$domains" ] ; then
		echo "Existing cert got the same domains, preserving"
		exit 0
	
	else
		echo "New domains, removing old cert for $service"
		certbot delete $certbotopt --cert-name "$service" --reason superseded
	fi
fi
[ -z "$domains" ] && exit 0
domains="$(echo -n "$domains" | tr '\n' ' ' | sed -e 's/ / -d /g' )"
echo "--------------- -d $domains"
certbot certonly $certbotopt --cert-name "$service" --dns-rfc2136 --dns-rfc2136-credentials "$rfc2136_file" -d $domains