#!/usr/bin/env bash

# For use with acme.sh <https://github.com/acmesh-official/acme.sh> dns-01 verification, on linode, with nginx
# This is somewhat more reliable than the cron job that acme.sh attempts to create, but not by much.
# We have since switched to dehydrated <https://github.com/dehydrated-io/dehydrated> http-01 challenges
# which is much more reliable at actually renewing certs.
acme_home=/srv/plural.cafe/.acme.sh
domain=$1

$acme_home/acme.sh --issue --force --debug 2 \
	-d "$domain" \
	-d "*.$domain" \
	--cert-home $acme_home \
	--server letsencrypt \
	--preferred-chain dst \
	-k 4096 \
	--dns dns_linode_v4 \
	--dnssleep 90 \
	> "$HOME/$domain.acme.log"

nginx -s reload