#!/bin/sh
#
# Renew letsencrypt certificates

set -eu

# update non-EC mailhost cert if resolvable and not a certdomain
mailhost=$(cat /etc/local-REDPILL/$(cat /etc/local-ORG/realm)/mailhost) || true
mailname=$(cat /etc/mailname) || true
fqdn=$(hostname --fqdn)
[ -z "$fqdn" ] \
	|| [ "$mailhost" = "$fqdn" ] \
	|| extradomains=${extradomains:+$extradomains }$fqdn
domain=$(hostname --domain)
[ -z "$domain" ] \
	|| [ "$mailhost" = "$domain" ] \
	|| [ "$fqdn" = "$domain" ] \
	|| extradomains=${extradomains:+$extradomains }$domain
[ -z "$mailhost" ] \
	|| [ "$mailhost" != "$mailname" ] \
	|| grep ^"$mailhost" /etc/dehydrated/domains.txt \
	|| dehydrated --cron --domain "$mailhost $extradomains" --algo rsa

# update certdomain certs
dehydrated --cron "$@"