#!/bin/sh

set -e

if [ ! -f /etc/certificates/site.pem ]; then
  # Generate self-signed certificate
  openssl genrsa -out site.key 2048
  openssl req -new -key site.key -out site.csr -batch
  openssl x509 -req -days 365 -in site.csr -signkey site.key -out site.crt
  cat site.key site.crt >> /etc/certificates/site.pem
fi

# check e-mail for letsencrypt notifications
if [ -n "$CERTBOT_EMAIL" ]; then
  CERTBOT_OPTS="--email $CERTBOT_EMAIL"
else
  CERTBOT_OPTS="--register-unsafely-without-email"
fi

if [ -n "$CERTBOT_DOMAIN" ]; then

  # Request certificate
  certbot certonly --standalone \
    --non-interactive --agree-tos --http-01-port=380 \
    "$CERTBOT_OPTS" \
    --cert-name "$CERTBOT_DOMAIN" \
    -d "$CERTBOT_DOMAIN"

  # Concatenate certificates
  . $(dirname $0)/2-concatenate-cert.sh

fi

# Update certificates in HAProxy
. $(dirname $0)/3-update-haproxy-cert.sh