#!/bin/sh set -eu domain="${LETSENCRYPT_DOMAIN:-azionelab.org}" email="${LETSENCRYPT_EMAIL:-}" staging="${LETSENCRYPT_STAGING:-0}" renew_interval="${LETSENCRYPT_RENEW_INTERVAL_SECONDS:-43200}" retry_interval="${LETSENCRYPT_RETRY_SECONDS:-300}" case "$domain" in "" | *[!A-Za-z0-9.-]* | .* | *. | *..* | -* | *- | *.-* | *-.*) echo "Invalid LETSENCRYPT_DOMAIN: $domain" >&2 exit 1 ;; esac case "$domain" in *.*) ;; *) echo "LETSENCRYPT_DOMAIN must be a fully qualified domain name." >&2 exit 1 ;; esac if [ -z "$email" ]; then echo "LETSENCRYPT_EMAIL is required when Let's Encrypt is enabled." >&2 exit 1 fi case "$staging" in 0 | 1) ;; *) echo "LETSENCRYPT_STAGING must be 0 or 1." >&2 exit 1 ;; esac case "$renew_interval:$retry_interval" in *[!0-9:]* | :* | *:) echo "Certbot intervals must be positive integers." >&2 exit 1 ;; esac if [ "$renew_interval" -eq 0 ] || [ "$retry_interval" -eq 0 ]; then echo "Certbot intervals must be positive integers." >&2 exit 1 fi staging_argument="" if [ "$staging" = "1" ]; then staging_argument="--staging" fi trap 'exit 0' TERM INT while :; do if certbot certonly \ --webroot \ --webroot-path /var/www/certbot \ --preferred-challenges http \ --cert-name "$domain" \ --domain "$domain" \ --email "$email" \ --agree-tos \ --non-interactive \ --keep-until-expiring \ $staging_argument; then delay="$renew_interval" else echo "Certificate request failed; retrying after ${retry_interval}s." >&2 delay="$retry_interval" fi sleep "$delay" & wait $! || true done