#!/bin/sh set -eu domain="${LETSENCRYPT_DOMAIN:-azionelab.org}" email="${LETSENCRYPT_EMAIL:-}" staging="${LETSENCRYPT_STAGING:-1}" renew_interval="${LETSENCRYPT_RENEW_INTERVAL_SECONDS:-43200}" retry_interval="${LETSENCRYPT_RETRY_SECONDS:-300}" case "$domain" in "" | *[!A-Za-z0-9.-]* | .* | *. | *..*) echo "Invalid LETSENCRYPT_DOMAIN." >&2; exit 1 ;; esac [ -n "$email" ] || { echo "LETSENCRYPT_EMAIL is required when Let's Encrypt is enabled." >&2; exit 1; } case "$staging" in 0 | 1) ;; *) echo "LETSENCRYPT_STAGING must be 0 or 1." >&2; exit 1 ;; esac case "$renew_interval:$retry_interval" in *[!0-9:]* | :* | *:) echo "Certbot intervals must be positive integers." >&2; exit 1 ;; esac [ "$renew_interval" -gt 0 ] && [ "$retry_interval" -gt 0 ] || { echo "Certbot intervals must be positive." >&2; exit 1; } staging_argument="" [ "$staging" = 0 ] || staging_argument="--staging" trap 'exit 0' TERM INT while :; do if certbot certonly --webroot --webroot-path /var/www/certbot --preferred-challenges http \ --cert-name "$domain" --domain "$domain" --email "$email" --agree-tos --non-interactive \ --keep-until-expiring $staging_argument; then delay="$renew_interval" else echo "Certificate request failed; retrying after ${retry_interval}s." >&2 delay="$retry_interval" fi sleep "$delay" & wait $! || true done