#!/usr/bin/env sh
set -eu

# Request Let's Encrypt certificates for DOMAINS. Existing valid certificates
# are kept by certbot because of --keep-until-expiring.

ROOT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)"

cd "$ROOT_DIR"

if [ -z "${DOMAINS:-}" ]; then
    echo "Error: DOMAINS is required." >&2
    exit 1
fi

if [ -z "${CERT_EMAIL:-}" ]; then
    echo "Error: CERT_EMAIL is required." >&2
    exit 1
fi

. "$ROOT_DIR/scripts/lib-compose.sh"

echo "Requesting Let's Encrypt certificates..."
for domain in $DOMAINS; do
    echo "Requesting certificate: $domain"
    compose run --rm --entrypoint certbot certbot \
        certonly --webroot -w /var/www -d "$domain" \
        --email "$CERT_EMAIL" --agree-tos --non-interactive --keep-until-expiring
done

echo "Certificate request step completed."