#!/bin/sh

# New cert
DOM=${1}
KEY=${2}
CRT=${3}
CHAIN=${4}
/sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
# There's a new ssl-udpate event which update everything in a single event
# fallback to manual operations if this event doesn't exist
if [ -d /etc/e-smith/events/ssl-update ]; then
  /sbin/e-smith/signal-event ssl-update
else
  /sbin/e-smith/expand-template /home/e-smith/db/ssl.pem/pem
  /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
  /sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/cert.pem
  /usr/bin/sv 1 /service/httpd-e-smith
  /usr/bin/sv h /service/ldap
  /usr/bin/sv 1 /service/pop3s
  /usr/bin/sv h /service/qpsmtpd
  /usr/bin/sv h /service/sqpsmtpd
  if [ -d /service/dovecot ]; then
    /usr/bin/sv 1 /service/dovecot
    /usr/bin/sv h /service/dovecot
  else
    /usr/bin/sv 1 /service/imaps
  fi
fi
# Now revoke old certificates
CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem)
for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do
  if [[ "$cert" != "$CUR_CRT" ]]; then
    /usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert
  fi
done