#!/bin/sh
#
# Renew letsencrypt certificates

set -eu

# update non-EC mailhost cert if resolvable and not a certdomain
mailhost=$(cat /etc/local-REDPILL/$(cat /etc/local-ORG/realm)/mailhost) || true

fqdn=$(hostname --fqdn)
if [ -n "$fqdn" ] && [ "$mailhost" != "$fqdn" ]; then
	extradomains=${extradomains:+$extradomains }$fqdn
fi

domain=$(hostname --domain)
if [ -n "$domain" ] && [ "$mailhost" != "$domain" ] && [ "$fqdn" != "$domain" ]; then
	extradomains=${extradomains:+$extradomains }$domain
fi

mailname=$(cat /etc/mailname) || true
if [ -n "$mailname" ] && [ "$mailhost" != "$mailname" ] && [ "$fqdn" != "$mailhost" ] && [ "$domain" != "$mailhost" ]; then
	extradomains=${extradomains:+$extradomains }$mailname
fi

if [ -n "$mailhost" ] && ! grep ^"$mailhost" /etc/dehydrated/domains.txt; then
	dehydrated --cron --domain "$mailhost $extradomains" --algo rsa
fi

# update certdomain certs
dehydrated --cron "$@"