From 7274cab64fd024be94829a2fa5f90d30385e0ef3 Mon Sep 17 00:00:00 2001
From: gyurix <gyurix@gmail.com>
Date: Sat, 29 Mar 2025 22:50:01 +0100
Subject: [PATCH] Refactor start.letsencrypt.sh to improve domain handling and
 installation checks

---
 start.letsencrypt.sh | 44 +++++++++++++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 13 deletions(-)

diff --git a/start.letsencrypt.sh b/start.letsencrypt.sh
index 7379742..97440bb 100755
--- a/start.letsencrypt.sh
+++ b/start.letsencrypt.sh
@@ -54,7 +54,10 @@ create_json() {
 
 start_letsencrypt() {
     cd /root
-    curl https://get.acme.sh | sh -s email=$EMAIL
+    if [ "$LETSENCRYPT_INSTALLED" == "true" ]; then
+        curl https://get.acme.sh | sh -s email=$EMAIL
+        LETSENCRYPT_INSTALLED=true
+    fi
     cd /root/.acme.sh
     chmod a+x ./acme.sh
     RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >$LOG_FILE)
@@ -106,7 +109,9 @@ check_new_cert() {
     fi
 }
 
-LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt)
+LETSENCRYPT_FILES=$(find /etc/ssl/keys/ -type f -name letsencrypt)
+echo "letsencrypt files exist"
+
 if [ "$DOMAIN" != "localhost" ]; then
     if [ ! -f $LETSENCRYPT_OUTPUT ]; then
         install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
@@ -114,29 +119,42 @@ if [ "$DOMAIN" != "localhost" ]; then
     fi
 
     if [ "$DOMAIN" != "" ]; then
-        ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
+        echo "DOMAIN: $DOMAIN"
+        echo "domain exists"
+        ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
         if [ "$DOMAIN" != "localhost" ]; then
             start_letsencrypt
             check_new_cert
         fi
 
-    elif [ -n "$LETSENCRYPT_FILE" ]; then
-        DOMAINS=$(jq -r .DOMAIN $LETSENCRYPT_FILE)
-        for DOMAIN in $(echo $DOMAINS); do
-            ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
-            start_letsencrypt $DOMAIN
-            check_new_cert
+    elif [ -n "$LETSENCRYPT_FILES" ]; then
+        for LETSENCRYPT_FILE in $(echo $LETSENCRYPT_FILES); do
+            DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE)
+            echo "DOMAIN: $DOMAIN"
+            for DOMAIN in $(echo $DOMAIN); do
+                ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
+                start_letsencrypt $DOMAIN
+                check_new_cert
+                DOMAIN=""
+            done
         done
 
     else
-        cd /domains
-        for i in $(ls); do
-            DOMAIN=$(jq -r .DOMAIN $i)
+        DOMAIN_FILE=""
+        echo "no any new created domain exists try renew all"
+        for D in $(ls /domains); do
+            echo "D: $D"
+            DOMAIN_FILE=$(basename $D)
+            echo "DOMAIN_FILE: $DOMAIN_FILE"
+            DOMAIN=$(jq -r .DOMAIN $DOMAIN_FILE)
+            echo "DOMAIN: $DOMAIN"
             if [ "$DOMAIN" != "localhost" ]; then
-                ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
+                ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
                 start_letsencrypt $DOMAIN
                 check_new_cert
             fi
+            DOMAIN=""
+            DOMAIN_FILE=""
         done
     fi
 fi