#!/bin/bash

# Build list of domains and subdomains we need a certificate for
d=""
for domain in {{ virtual_domains | json_query('[*].name') | join(' ') }}; do
  # domain itself - foo.com
  # only add if the DNS entry for the domain does actually exist
  if (getent hosts $domain > /dev/null); then
    if [ -z "$d" ]; then
      d="$domain";
    else
      d="$d,$domain";
    fi
  fi

  # subdomains - www.foo.com mail.foo.com ...
  for sub in {{ subdomains | join(' ') }}; do
    # only add if the DNS entry for the subdomain does actually exist
    if (getent hosts $sub.$domain > /dev/null); then
      if [ -z "$d" ]; then
        d="$sub.$domain";
      else
        d="$d,$sub.$domain";
      fi
    fi
  done
done

# We are using the "standalone" letsencrypt plugin, which runs its own
# webserver, so we need to temporarily free up the HTTP(S) ports by stopping
# our own Apache.
service apache2 stop
certbot certonly --standalone -c /etc/letsencrypt/cli.conf --domains $d
service apache2 start