#!/bin/sh

if test "$(id -u)" -eq 0; then

  echo "Do not run as root!"

  exit 2

fi

DAYS="${1:-7}"

cd /var/lib/acme

if ! test -s private/account.key; then

  touch private/account.key

  chmod 0600 private/account.key

  openssl genrsa 4096 >private/account.key

fi

rc="0"

for csr in csr/*.csr; do

  test -s "$csr" || continue

  test -r "$csr" || continue

  crt="${csr%%.csr}"

  tmp="certs/${crt##csr/}.tmp"

  crt="certs/${crt##csr/}.crt"

  if test -s "$crt" && /usr/sbin/cert-check --days="$DAYS" "$crt"; then

    continue

  fi

  if test -w "$crt" || test ! -e "$crt"; then

    echo acme_tiny --account-key private/account.key --csr "$csr" \

	--acme-dir /var/www/challenges/ --out "$crt"

  else

    echo "Can't write to $crt" 

    rc="1"

    continue

  fi

  if /usr/sbin/acme_tiny --account-key private/account.key --csr "$csr" \

	--acme-dir /var/www/challenges/ > "$tmp"; then

	mv "$tmp" "$crt" || exit 1

  else

	test -e "$tmp" && test ! -s "$tmp" && rm "$tmp"

  fi

  # append intermediate certs

  #cat *.pem >>"$crt"

done

exit "$rc"