#!/bin/bash

CERTBOT_VER=v1.30.0
CNT=keycloak_nginx_proxy
DOM=acceso.txs.es
NGINX=/opt/nginx-proxy

cd /opt/certbot
docker run --rm \
	-v $(pwd)/conf:/etc/letsencrypt \
	-v $(pwd)/var:/var/lib/letsencrypt \
	-v $(pwd)/log:/var/log/letsencrypt \
	-v $NGINX/acme:/acme \
	certbot/certbot:$CERTBOT_VER certonly -n --webroot -w /acme -d $DOM

## Check if the Certbot execution modified the certificate in the expected path, then
## copy the new one to the NGINX install folder and restart its container.
cmp $NGINX/certs/keycloak-cert.pem conf/live/$DOM/fullchain.pem </dev/null >&0 2>&0
if [ $? -ne 0 ]; then
	echo "Updating certificate in $CNT container"
	cp -afL conf/live/$DOM/fullchain.pem $NGINX/certs/keycloak-cert.pem
	cp -afL conf/live/$DOM/privkey.pem $NGINX/certs/keycloak-key.pem
	docker restart -t 2 $CNT
else
	echo "No new certificates detected: omitting installation in $CNT container"
fi