#!/bin/bash
#
# Create Lets Encrypt Cert for {{ item.item.name }}
# If the Cert is already created, it will just perform a quiet "certbot renew".
#
# Linux-Server-Admin.com
#
{{ certbot_message | default (admin_message ) | comment }}
#
#
# /usr/local/bin/certbot-{{ item.item.name }}.sh
#

CERT="/etc/letsencrypt/live/{{ item.item.name }}/"

if [ ! -d "$CERT" ]; then
{%  if certbot_webserver is defined and certbot_webserver_plugin_install | default(true) | bool %}

	echo "### Start Creating Cert {{ item.item.name }} or renew it";

	certbot certonly --{{ certbot_webserver }} --noninteractive --agree-tos --expand \
		--email {{ certbot_admin_email | default('root@localhost') }} \
		-d {{ item.item.name }} {%  if item.item.alias is defined %}\
		{% for altname in item.item.alias %} -d {{ altname }} {% endfor %}

		{%  endif %}

{%  else %}

{% if certbot_freeipa | default (false) %}
	systemctl stop httpd
{%  endif %}

	echo "### Start Creating Cert {{ item.item.name }} or renew it";

	certbot certonly --standalone --noninteractive --agree-tos --expand \
		--email {{ certbot_admin_email | default('root@localhost') }} \
		-d {{ item.item.name }} {%  if item.item.alias is defined %}\
		{% for altname in item.item.alias %} -d {{ altname }} {% endfor %}

		{%  endif %}

{% if certbot_freeipa | default (false) %}
	systemctl start httpd
{% endif %}
{% endif %}

else
{%  if certbot_webserver is defined %}
	certbot renew --quiet --{{ certbot_webserver }}
{%  else %}
	certbot renew --quiet
{%  endif %}
fi

exit