#!/usr/bin/env bash
# This program will install and configure acme, request SSL certificates from Let's Encrypt, and enable them using the cPanel API

# Comment the following line to skip issuing a test certificate
test="true"

unset err 

get_acme() {
    curl https://get.acme.sh | sh
    curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh
    "$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade
}


run_config() {
    if [[ -f "$HOME/.acme.sh/account.conf" ]]; then
        if grep -q "CPANELDNS_AUTH_PASSWORD" "$HOME/.acme.sh/account.conf"; then
            echo "cPanel credentials already present, skipping configuration..."
            echo "To rerun the configuration, first run 'rm \$HOME/.acme.sh/account.conf'"
            return 0
        else
            # Set contact e-mail for ACME failure
            read -rp 'Enter the e-mail address to contact in case of acme failure: ' EMAIL
            echo
            "$HOME/.acme.sh/acme.sh" --update-account --accountemail "$EMAIL"
            # Read in Namecheap API variables from user for acme
            read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID
            echo
            export CPANELDNS_AUTH_ID
            read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD
            echo
            export CPANELDNS_AUTH_PASSWORD
            read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API
            echo
            export CPANELDNS_API
        fi
    else
        touch "$HOME/.acme.sh/account.conf"
        run_config
    fi
}


# Issue certificates
issue_cert() {
    local multisite_file
    for multisite_file in ./multisites/*; do
        echo "Attempting to issue certificates for ${multisite_file##*/} and its multisites..."
        unset sites issue_cmd deploy_cmd
        declare -al sites issue_cmd deploy_cmd
        readarray -t sites < "${multisite_file}"
        issue_cmd=("$HOME/.acme.sh/acme.sh" "--issue" "--dns" "dns_cpaneldns")
        deploy_cmd=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
        for site in "${sites[@]}"; do
            [[ "$site" != "" ]] && issue_cmd+=("-d" "$site")
        done
        # if test enabled, issue test certificate first
        if [[ "${test:-x}" == "true" ]]; then
            "${issue_cmd[@]}" --staging
            read -rp -n 1 "Was the certificate correctly issued without errors? [y/N]: "
            echo
            [[ ! "$REPLY" =~ ^[Yy]$ ]] && err=1 && return 1
        fi
        echo "Running:" "${issue_cmd[@]}"
        if "${issue_cmd[@]}" --force; then
            echo "Running:" "${deploy_cmd[@]}"
            ! "${deploy_cmd[@]}" && \
                echo "Could not deploy" && \
                err=1
        else
            echo "Could not issue"
            err=1
        fi
    done
}


main() {
    get_acme
    run_config
    issue_cert
}

main "$@"

exit "${err:-0}"