# Uses /ssl             volume to store certificates and read domains.txt on run_once
# Uses /etc/letsencrypt volume to store letsencrypt data
FROM alpine

ARG EMAIL

RUN apk add certbot bash

RUN mkdir -p /etc/letsencrypt /etc/letsencrypt.bak /ssl/.well-known && \
    \
    echo "webroot-path = /ssl/" > /etc/letsencrypt.bak/cli.ini && \
    \
    echo '15 2 */7 * * /run_once' > /etc/crontabs/root && \
    \
    echo "echo 'running with cron'" > /run_with_cron && \
    echo "cp /etc/letsencrypt.bak/cli.ini /etc/letsencrypt/cli.ini" >> /run_with_cron && \
    echo "crond -f" >> /run_with_cron && \
    \
    echo "echo 'running once'" > /run_once && \
    echo "mv /etc/letsencrypt.bak/cli.ini /etc/letsencrypt/cli.ini" >> /run_once && \
    echo "if [ ! -f /ssl/domains.txt ]; then echo 'No domains.txt file found in /ssl, exiting' && exit 1; fi" >> /run_once && \
    echo 'for domain in $(cat /ssl/domains.txt); do case $domain in "#"*) :; ;; *) certbot certonly -n --authenticator webroot -d $domain; ;; esac; done' >> /run_once && \
    echo "cp -rL /etc/letsencrypt/live/* /ssl/" >> /run_once && \
    chmod +x /run_once

RUN certbot register --email $EMAIL --non-interactive --agree-tos

RUN cp -r /etc/letsencrypt /etc/letsencrypt.bak

ENTRYPOINT ["/bin/sh"]
CMD ["/run_with_cron"]