#!/usr/bin/env bash

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cd /etc/ssl/custom-certbot/live/
TEMP=`mktemp -d`
NOW_SECONDS=`date '+%s'`
NEEDTORELOAD=0

for i in * ; do
	END_DATE=`openssl x509 -dates -noout -in ${i}/cert.pem 2>/dev/null | sed -n 's/ *notAfter=*//p'`
	END_DATE_SECONDS=`date '+%s' --date "$END_DATE"`
	REMAINING_DAYS=`echo "($END_DATE_SECONDS-$NOW_SECONDS)/24/3600" | bc`
	if [ "$REMAINING_DAYS" -lt "30" ]; then
		NEEDTORELOAD=1
		echo "Renewing $i"
		mkdir ${TEMP}/${i}
		/usr/bin/certbot certonly --webroot -w /var/www/letsencrypt/  -d $i --csr ${i}/csr.pem --cert-path ${TEMP}/${i}/cert.pem --chain-path ${TEMP}/${i}/chain.pem --fullchain-path ${TEMP}/${i}/fullchain.pem
		EXITCODE=$?
		if [ "$EXITCODE" -eq "0" ]; then
			if [ ! -d "/etc/ssl/custom-certbot/archive/${i}" ]; then
				mkdir /etc/ssl/custom-certbot/archive/${i}
			fi
			mv ${i}/cert.pem  /etc/ssl/custom-certbot/archive/${i}/cert.pem
			mv ${i}/chain.pem  /etc/ssl/custom-certbot/archive/${i}/chain.pem
			mv ${i}/fullchain.pem  /etc/ssl/custom-certbot/archive/${i}/fullchain.pem
			mv ${TEMP}/${i}/* ${i}/
		fi
	else
		if [ -t 1 ] ; then
			echo "Nothing to do on $i ($REMAINING_DAYS days left)"
		fi
	fi

done

if [ "$NEEDTORELOAD" -eq "1" ]; then
	echo "Reloading services"
	systemctl reload nginx
fi
rm -r $TEMP