#! /bin/sh
set -e
usage=" TAG"
. "${0%/*}/../config.sh"
. "$home/lib/lib.sh"

run_as_user "$@"

## Pick out the certificate tag.
case $# in 0) fail_usage ;; esac
tag=$1; shift
case $# in 0) ;; *) fail_usage ;; esac

prepare_tmp $tag

## Get started.
cert=$home/cert/$tag
cd $cert
openssl req -in req -out $tmp/req.der -outform der
sans=$(openssl req -in req -text -noout |
	sed -n '
	  x
	  /^ *X509v3 Subject Alternative Name: $/ {
	    x
	    s/ *DNS://g
	    s/,/ /g
	    p
	    x
	  }')
make_le_conf $sans

cd $tmp
$home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \
	-a webroot --csr $tmp/req.der certonly

cd $cert
cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new
mv full-chain.new full-chain