#!/usr/bin/bash
# Automate certificate renewal for a given domain, assuming all necessary config parameters are set in /etc/letsencrypt/domain.tld.cnf
# Usage: /etc/letsencrypt/renew.sh domain.tld

DOMAIN=${1?"No argument given! Please provide the domain which should be renewed"}
EMAIL=$(awk '/email/ {print $3}' /etc/letsencrypt/$DOMAIN.cnf)

if [ ! -f /etc/letsencrypt/$DOMAIN.cnf ]; then
        echo "Config file /etc/letsencrypt/$DOMAIN.cnf does not exist!"
        exit 1;
fi

# Renew Let's Encrypt SSL cert
mkdir -p /tmp/letsencrypt
certbot certonly -c /etc/letsencrypt/$DOMAIN.cnf

if [ $? -ne 0 ]; then
        ERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`
        echo -e "The Lets Encrypt Cert has not been renewed!\n\n" $ERRORLOG | mail -s "Lets Encrypt Cert Alert" $EMAIL
else
        systemctl restart nginx
fi

rm -rf /tmp/letsencrypt

exit 0