#!/bin/sh

base_dir="/etc/ssl/nginx"
_EUID="$(id -u)"

die() {
	echo "$@" >&2
	exit 1
}


openssl x509 -checkend 2678400 -noout -in $base_dir/$1.crt
if [ $? = 0 ]; then
        exit 1
else
	mv $base_dir/$1.crt $base_dir/$1.crt.bak-$(date +%F)
	mv $base_dir/$1.chained.crt \
		$base_dir/$1.chained.crt-$(date +%F)
	certbot certonly \
		--csr $base_dir/$1.csr \
		--cert-path $base_dir/$1.crt \
		--chain-path $base_dir/$1.chained.crt \
		--webroot \
		-w /usr/local/www/le-challenges/ \
		--agree-tos \
		--register-unsafely-without-email || die "Error while signing certificate"
	mv 0000_chain.pem $base_dir/$1-chained.crt
	sudo service nginx reload
fi