From ddad272b9893cef30a2818341d929f0387b91e42 Mon Sep 17 00:00:00 2001
From: Derek Smith <derek@farscapian.com>
Date: Sat, 5 Nov 2022 19:45:00 -0400
Subject: [PATCH] Updated letsencrypt cert renewal logic.

---
 deployment/www/generate_certs.sh | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/deployment/www/generate_certs.sh b/deployment/www/generate_certs.sh
index 13b0f98..4653633 100755
--- a/deployment/www/generate_certs.sh
+++ b/deployment/www/generate_certs.sh
@@ -21,13 +21,23 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
 
     ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs"
 
-    docker run -it --rm \
-        --name certbot \
-        -p 80:80 \
-        -p 443:443 \
-        -v "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME":/etc/letsencrypt \
-        -v /var/lib/letsencrypt:/var/lib/letsencrypt \
-        -v "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs":/var/log/letsencrypt \
-        certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$WWW_FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
+    # this is minimum required; www and btcpay.
+    DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"
+    if [ "$DEPLOY_NEXTCLOUD" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NEXTCLOUD_FQDN"; fi
+    if [ "$DEPLOY_GITEA" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $GITEA_FQDN"; fi
+    if [ "$DEPLOY_NOSTR" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NOSTR_FQDN"; fi
+    
+    # if BTCPAY_ALT_NAMES has been set by the admin, iterate over the list
+    # and append the domain names to the certbot request
+    if [ -n "$BTCPAY_ALT_NAMES" ]; then
+        # let's stub out the rest of our site definitions, if any.
+        for ALT_NAME in ${BTCPAY_ALT_NAMES//,/ }; do
+            DOMAIN_STRING="$DOMAIN_STRING -d $ALT_NAME.$DOMAIN_NAME"
+        done
+    fi
+    
+    GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"
 
+    # execute the certbot command that we dynamically generated.
+    eval "$GENERATE_CERT_STRING"
 done