#!/bin/bash
#
# Create/renew multi-domain SAN certificate 

#HOST=$(/bin/hostname --fqdn)
HOST=bacasable.microlinux.eu
CERTBOT="/usr/bin/certbot"
CHGRP="/usr/bin/chgrp"
CHMOD="/usr/bin/chmod"
CERTGRP="certs"
EMAIL="info@microlinux.fr"
OPTIONS="certonly \
         --preferred-challenges tls-sni-01 \
         --email $EMAIL \
         --renew-by-default \
         --agree-tos \
         --text \
         --standalone"

# Create $CERTGRP group 
if ! grep -q "^$CERTGRP:" /etc/group ; then
  groupadd -g 240 $CERTGRP
  echo ":: Added $CERTGRP group."
  sleep 3
fi

# Stop Apache
echo ":: Stopping Apache."
if ps ax | grep -v grep | grep httpd > /dev/null ; then
  /etc/rc.d/rc.httpd stop 1 > /dev/null 2>&1
  sleep 5
fi

$CERTBOT $OPTIONS \
  --webroot-path /srv/httpd/vhosts/default/htdocs \
  -d $HOST \
  --webroot-path /srv/httpd/vhosts/slackbox-secure/htdocs \
  -d www.slackbox.fr -d slackbox.fr \
  --webroot-path /srv/httpd/vhosts/slackbox-webmail/htdocs \
  -d mail.slackbox.fr \
  --webroot-path /srv/httpd/vhosts/unixbox-secure/htdocs \
  -d www.unixbox.fr -d unixbox.fr \
  --webroot-path /srv/httpd/vhosts/unixbox-webmail/htdocs \
  -d mail.unixbox.fr 

# Fix permissions
echo ":: Setting permissions."
$CHGRP -R $CERTGRP /etc/letsencrypt
$CHMOD -R g=rx /etc/letsencrypt

# Start Apache
echo ":: Starting Apache."
/etc/rc.d/rc.httpd start