#!/bin/bash

# Call script like this:
# letsencrypt-gencert foo.com bar.com baz.com

# Build list of domains and subdomains we need a certificate for
d=""
for domain in "$@"; do
  # domain itself - foo.com
  # only add if the DNS entry for the domain does actually exist
  if (getent hosts $domain > /dev/null); then
    if [ -z "$d" ]; then
      d="$domain";
    else
      d="$d,$domain";
    fi
  fi

  # subdomains - www.foo.com mail.foo.com ...
  for sub in www mail autoconfig stats news cloud git matrix status social comments iot; do
    # only add if the DNS entry for the subdomain does actually exist
    if (getent hosts $sub.$domain > /dev/null); then
      if [ -z "$d" ]; then
        d="$sub.$domain";
      else
        d="$d,$sub.$domain";
      fi
    fi
  done
done

# We are using the "standalone" letsencrypt plugin, which runs its own
# webserver, so we need to temporarily free up the HTTP(S) ports by stopping
# our own Apache.
service apache2 stop
/root/letsencrypt/letsencrypt-auto certonly -c /etc/letsencrypt/cli.conf --domains $d
service apache2 start