#!/bin/bash
CERTDIR=/etc/nginx/conf.d
RELOAD="/tmp/nginx.reload"

if [ "$1" == "certbot" ]; then
	echo "! WARNING - untested"

	CERTFILE=${CERTDIR}/certbot-cert.ssl
	[ -r ${CERTFILE} ] || exit 1
	[ -d ${CERTDIR}/ssl/letsencrypt ] || mkdir ${CERTDIR}/ssl/letsencrypt

	cat ${CERTFILE} | while read line; do
		echo " - line is [${line}]"
		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
		DOMAINS=$(echo ${line} | cut -d':' -f 2)
		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })

		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}

		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })

		certbot certonly --webroot --config-dir ${CERTDIR}/ssl/letsencrypt/ -w /tmp --agree-tos --email ${LEGO_ACCOUNT_EMAIL} -n${LEGO_CERT_DOMAIN}
		touch ${RELOAD}
	done


elif [ "$1" == "lego" ]; then
	CERTFILE=${CERTDIR}/lego-cert.ssl
	[ -r ${CERTFILE} ] || exit 1
	[ -d ${CERTDIR}/ssl/lego ] || mkdir ${CERTDIR}/ssl/lego

	TLS_PORT=444

	cat ${CERTFILE} | while read line; do
		echo " - line is [${line}]"
		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
		DOMAINS=$(echo ${line} | cut -d':' -f 2)
		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })

		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}

		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })

		lego -m ${LEGO_ACCOUNT_EMAIL} ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego -a --tls --tls.port :${TLS_PORT} run && touch ${RELOAD}
	done

else
	echo "! ERROR: Unknown certbot method [$1]"
fi

if [ -r ${RELOAD} ]; then
	echo "Reloading NGINX"
	/usr/sbin/nginx -s reload
	rm -f ${RELOAD}
fi