#!/bin/sh
#
# Renew letsencrypt certificates

set -eu

# update certdomain certs
dehydrated --cron

# update non-EC maildomain cert if resolvable and not clashing with certdomain
maildomain=$(cat /etc/local-REDPILL/$(cat /etc/local-ORG/realm)/mailhost)
fqdn=$(hostname --fqdn)
[ -z "$fqdn" ] \
	|| [ "$maildomain" = "$fqdn" ] \
	|| extradomains=${extradomains:+$extradomains }$fqdn
domain=$(hostname --domain)
[ -z "$domain" ] \
	|| [ "$maildomain" = "$domain" ] \
	|| [ "$fqdn" = "$domain" ] \
	|| extradomains=${extradomains:+$extradomains }$domain
[ -z "$maildomain" ] \
	|| grep ^"$maildomain" /etc/dehydrated/domains.txt \
	|| dehydrated --cron --domain "$maildomain $extradomains" --algo rsa