#!/bin/bash

set -e

main() {
	if (($#<2)); then
		printf "usage: %s <webroot> <domains ...>\n" "${0##*/}"
		exit 1
	fi

	local webroot=$1; shift;
	local -a domains=("$@")

	local cert="/etc/letsencrypt/live/${domains[0]}/cert.pem"

	# renew if expires within 8 weeks
	if ! openssl x509 -noout -checkend $((8*7*86400)) -in "${cert}"; then
		certbot certonly --email bluewind@xinu.at --agree-tos --renew-by-default --webroot -w "$webroot" "${domains[@]/#/-d }"
		return 0
	fi

	# exit 1 so that scripts using this can check we the cert has been updated
	# (certrenew .. && systemctl reload ..)
	return 1
}

main "$@"