#!/bin/bash
#
# letsencrypt-tools
# https://git.stack-source.com/msb/letsencrypt-tools
# Copyright (c) 2023 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# must be root
if [ "$USER" != "root" ]; then
  exec sudo -u root $0 $@
fi

if [[ -d /var/tmp/letsencrypt/ ]]; then
  domainArray=(`ls -1 /var/tmp/letsencrypt/`)
  for domain in "${domainArray[@]}"
  do
    rm /var/tmp/letsencrypt/$domain
    if /usr/local/bin/letsencrypt-certonly.sh -d $domain ; then
      # check for Mail domain
      if [[ "$domain" =~ ^mail.* ]]; then
        vmaildomain="${domain/mail./}"
        if [[ -d /var/vmail/$vmaildomain ]]; then
          /usr/local/bin/vmail-dovecot-enable.sh -d $vmaildomain
          /usr/local/bin/vhost-enable.sh -d $domain -m VMailHTTPS
        fi
      # check for VHost
      elif [[ -d /srv/www/$domain ]]; then
        /usr/local/bin/vhost-enable.sh -d $domain -m VHostHTTPS
      # check for configured VHostAliasHTTP, RedirectHTTP, VHostSubdomainHTTP
      elif [[ -f /etc/apache2/sites-available/$domain.conf ]]; then
        if head -n 1 /etc/apache2/sites-available/$domain.conf |grep --quiet "^Use .*HTTP "; then
          sed -i "s|HTTP |HTTPS |g" /etc/apache2/sites-available/$domain.conf
          if [[ -h /etc/apache2/sites-enabled/$domain.conf ]]; then
            # modify timestamp on existing symlink to trigger apache restart
            touch --no-dereference /etc/apache2/sites-enabled/$domain.conf
          else
            # Alias/Redirect/Subdomain site was configured but not enabled, enable now
            a2ensite --quiet $domain.conf
          fi
        fi
      fi
    fi
    # run once and exit, script will be restarted if additional domains are still queued for cert deployment
    exit 0
  done
fi