#!/bin/bash
# info: update letsencrypt ssl certificates
# options: NONE
#
# The function for renew letsencrypt expired ssl certificate for all users


#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

# Importing system enviroment  as we run this script
# mostly by cron wich not read it by itself
source /etc/profile

# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf


#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

lecounter=0
hostname=$(hostname)

echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log

# Checking user certificates
for user in $($BIN/v-list-users plain |cut -f 1); do
    USER_DATA=$VESTA/data/users/$user

    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
    
        limit_check=1
        fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')

        if [[ "$hostname" = "$domain" ]]; then
            if [[ "$fail_counter" -eq 7 ]]; then
                limit_check=0
            fi
            if [[ "$fail_counter" -eq 8 ]]; then
                fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
            fi
        fi

        if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
            # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
            echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
            continue;
        fi
        crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
        not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
        expiration=$(date -d "$not_after" +%s)
        now=$(date +%s)
        seconds_valid=$((expiration - now))
        days_valid=$((seconds_valid / 86400))
        if [[ "$days_valid" -lt 31 ]]; then
            if [ $lecounter -gt 0 ]; then
                sleep 120
            fi
            ((lecounter++))
            aliases=$(echo "$crt_data" |grep DNS:)
            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
            aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
            aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
            aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
            msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
            if [ $? -ne 0 ]; then
                if [[ $msg == *"is suspended" ]]; then
                    echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                else
                    echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                    echo "$domain $msg"
                    fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                    echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
                    echo "fail_counter = $fail_counter"
                fi
            fi
        fi
    done
done

#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# No Logging
#log_event "$OK" "$EVENT"

exit