#!/bin/bash

set -e

main() {
	if [[ ! -d /etc/letsencrypt/live ]]; then
		die "no letsencrypt dir found"
	fi

	if (($#<2)); then
		printf "usage: %s <webroot> <domains ...>\n" "${0##*/}"
		exit 1
	fi

	local webroot=$1; shift;
	local -a domains=("$@")

	local cert="/etc/letsencrypt/live/${domains[0]}/cert.pem"

	# renew if expires within 8 weeks
	if ! openssl x509 -noout -checkend $((8*7*86400)) -in "${cert}"; then
		letsencrypt certonly --email bluewind@xinu.at --agree-tos --renew-by-default --webroot -w "$webroot" "${domains[@]/#/-d }"
	fi

	return 0
}

die() {
	printf "%s\n" "$1" >&2
	exit 1
}

main "$@"