#! /bin/sh

EMAIL=$CERTBOT_EMAIL
if [ -z "$EMAIL" ]; then
  echo "CERTBOT_EMAIL is not set. A valid email has to be defined in the env variable. Exiting."
  exit 1
fi

OUTPUT_PATH=$CERT_FILES_OUTPUT_PATH
if [ -z "$OUTPUT_PATH" ]; then
  echo "CERT_FILES_OUTPUT_PATH is not set. A valid path has to be defined in the env variable. Exiting."
  exit 1
fi

DOMAIN=$DOMAIN

certbot certonly -v --dns-route53 -d $DOMAIN -d *.$DOMAIN -i nginx --non-interactive --agree-tos --email $EMAIL
if [ $? -ne 0 ]; then
  echo "Failed to obtain certificate. Exiting."
  exit 1
fi

if [ -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem ]; then
  echo "Certificate obtained successfully. Copying files to output path."
  cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $OUTPUT_PATH/fullchain.pem
  cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $OUTPUT_PATH/privkey.pem
  if [ -n "$REGULAR_USER_UID" ] && [ -n "$REGULAR_USER_GID" ]; then
    echo "Changing owner of files to $REGULAR_USER_UID:$REGULAR_USER_GID"
    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/fullchain.pem
    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/privkey.pem
  fi
else
  echo "Certificate not found. Exiting."
  exit 1
fi