#!/bin/sh

if [ ! -f "/etc/certmgmt.conf" ]; then
        echo "config file '/etc/certmgmt/certmgmt.conf' not found"
        exit 1
fi
. /etc/certmgmt.conf

if [ -z "${ACCOUNT_FILE}" ]; then
        echo "ACCOUNT_FILE was not found in config file"
        exit 1
fi
if [ ! -f "${ACCOUNT_FILE}" ]; then
        echo "account file was not found"
        exit 1
fi

if [ -z "$1" ]; then
        echo "no domain given to check"
        exit 1
fi

if [ ! -f "/opt/certmgmt/certs/${1}/csr" ]; then
        echo "certificate request is missing"
        exit 1
fi

age="$(find "/opt/certmgmt/certs/${1}/crt" -mtime -60 | wc -l)"
if [ "${age}" -gt "0" ]; then
        echo "certificate exists and is not old enough for renewal"
        exit 0
fi

acme-tiny \
        --account-key "${ACCOUNT_FILE}" \
        --csr "/opt/certmgmt/certs/${1}/csr" \
        --acme-dir '/opt/certmgmt/challenges' \
        > "/opt/certmgmt/certs/${1}/crt"
        #--directory-url https://acme-staging-v02.api.letsencrypt.org/directory \
if [ "$?" -gt "0" ]; then
        rm "/opt/certmgmt/certs/${1}/crt"
        exit 1
fi