From e47ac322ecde6d66e92271b0e5ba55cbcb39431e Mon Sep 17 00:00:00 2001
From: John Doe <kitoy@kitoy.me>
Date: Thu, 20 Nov 2025 23:27:48 +0100
Subject: [PATCH] Exercice for automate generate let's encrypt cartification
 what acme-client, OpenBSD and nginx

---
 add_domain_with_acme.sh | 43 ++++++++++++++++++++++++++++++-----------
 myserver.conf           |  5 +++++
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/add_domain_with_acme.sh b/add_domain_with_acme.sh
index 137c514..ef84179 100755
--- a/add_domain_with_acme.sh
+++ b/add_domain_with_acme.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 
+. ./myserver.conf
+
+
+check_ssl_folder()
+{
+    [ -d "$FOLDER_CONF/ssl" ] || mkdir -p "$FOLDER_CONF/ssl"
+}
 
 gen_nginx_acme_conf(){
     domain=$1
@@ -26,12 +33,18 @@ EOF
 
 }
 
+
+# Generate part of acme client for the domain
 gen_acme_client_conf(){
     domain=$1
     alt_domain=$2
-    acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
+    acme_conf_file="$FOLDER_CONF/ssl/acme-client-$1.conf"
     # If the file exist, do nothing
-    [ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
+    if [ -f $acme_conf_file ]
+    then
+	echo "Domain already configured !";
+	exit 1;
+    fi
 
     if [ "$alt_domain" == "" ]; then
         cat >> $acme_conf_file <<EOF
@@ -56,36 +69,39 @@ domain $domain {
 EOF
     fi
 
+    echo "on est passé dans gen_acme_client_conf "
 }
 
 add_acme_domain_to_conf(){
-    domain=$1
-    egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
+    domain="domain $1 {"
+    acme_conf="$FOLDER_CONF/ssl/acme-client-$1.conf"
+    sed "/$domain/,/}/d" /etc/acme-client.conf > /tmp/acme-client.conf
     cp -v /etc/acme-client.conf /etc/acme-client.conf.old
+    cat $acme_conf >> /tmp/acme-client.conf
     cp -v /tmp/acme-client.conf /etc/acme-client.conf
 }
 
 install_utils(){
-    cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
+
+    [ -f  /usr/local/bin/renew_https_certificate ] || cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
     chmod u+x /usr/local/bin/renew_https_certificate
 }
 
 get_certificate()
 {
     domain=$1
-    /usr/local/bin/renew_https_certificate $domain
+    /usr/local/bin/renew_https_certificate "$domain"
 }
 
 usage()
 {
-    print "This program ask 3 arguments : \n"
-    print "First is email with domain name the second is list of alternatives domains with \" \"  \n"
-    print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
+    print "This program ask 2 arguments : \n"
+    print "First is  domain name the second is list of alternatives domains with \" \"  \n"
     print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
 }
 
 
-if [ -z $1 ];
+if [ -z $1 ] || [ $1 == "-h" ] || [ $1 == "--help" ];
 then
     usage
     exit 3;
@@ -94,4 +110,9 @@ fi
 domain=$1
 alt_domain=$2
 
-gen_nginx_acme_conf $domain
+check_ssl_folder
+gen_acme_client_conf $domain $alt_domain
+gen_nginx_acme_conf $domain $alt_domain
+add_acme_domain_to_conf $domain
+install_utils
+get_certificate $domain
diff --git a/myserver.conf b/myserver.conf
index 2708ca7..2b8688b 100644
--- a/myserver.conf
+++ b/myserver.conf
@@ -2,10 +2,15 @@
 ## Par défault le domain est le nom d'hote de la machine mais il est possible de le personnaliser
 ## comme l'exemple ce-dessous
 # DOMAIN="example.com"
+
+FOLDER_CONF="./my_configuration"
 DOMAIN=`hostname`
 SSL="manual"
 SERVICE_MAIL="yes"
 SERVICE_XMPP="yes"
+
+
+
 xmpp_passphrase_for_filesuploads='Changez cette valeur'
 postresql_root_password='Changez cette valeur'
 # Laissez le port ssh par défault (22) est en général une mauvaise idée