From c6c5007ebb3be64ebdd85c32daf17d2f161e53fa Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Fri, 10 Mar 2023 10:00:11 +0000
Subject: [PATCH] Added optional variables settings when exist

---
 start.letsencrypt.sh | 58 ++++++++++++++++++++++++++++++++++++--------
 1 file changed, 48 insertions(+), 10 deletions(-)

diff --git a/start.letsencrypt.sh b/start.letsencrypt.sh
index 4a5eb29..9d5927c 100755
--- a/start.letsencrypt.sh
+++ b/start.letsencrypt.sh
@@ -1,7 +1,28 @@
 #!/bin/sh
 
-email=$EMAIL
-LETSENCRYPT_SERVER=$LETSENCRYPT_SERVER
+email="-m $EMAIL"
+
+if [ "$LETSENCRYPT_SERVER" != "" ]; then
+        L_S="--server $LETSENCRYPT_SERVER"
+fi
+
+if [ "$EAB_KID" != "" ]; then
+        EK="--eab-kid $EAB_KID"
+fi
+
+if [ "$EAB_HMAC_KEY" != "" ]; then
+        EHK="--eab-hmac-key $EAB_HMAC_KEY"
+fi
+
+TIMEOUT=$TIMEOUT
+if [[ -z "$TIMEOUT" ]]; then
+	TIMEOUT=5;
+fi
+
+RESTART=$RESTART
+if [[ -z "$RESTART" ]]; then
+	RESTART=5;
+fi
 
 sending_error_msg() {
 
@@ -11,15 +32,32 @@ sending_error_msg() {
 start_letsencrypt() {
 
 	mkdir -p /acme.sh/$DOMAIN/ ;
-
-	/usr/local/bin/acme.sh -m $email --server $LETSENCRYPT_SERVER --issue --standalone --keylength 4096 -d  $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem
 	
-	# Check certificate issuer
-	ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer |  cut -d '=' -f2);
-	SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
-	if [ "$ISSUER" == "$SUBJECT" ]; then
-		echo "Self signed certificate found";
-		/usr/local/bin/acme.sh -m $email --force --server $LETSENCRYPT_SERVER --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem
+	RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d  $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
+	if [[ "$(echo $?)" == "1" ]]; then	
+		for retries in $(seq 0 $((RESTART + 1))); do
+			if [[ $retries -le $RESTART ]] ; then
+				# Check certificate issuer
+				ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer |  cut -d '=' -f2);
+				SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
+				if [ "$ISSUER" == "$SUBJECT" ]; then
+					echo "Self signed certificate found";
+					RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d  $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
+					if [[ "$(echo $?)" != "1" ]]; then
+						sleep $TIMEOUT;
+						echo "Restarting number is only: "$retries" so try again"
+					fi
+				else
+					sleep $TIMEOUT;
+					echo "Restarting number is only: "$retries" so try again"
+				fi
+			else
+				echo "Reached retrying limit: "$RESTART" ,giving up"
+			fi
+
+		done
+	else
+		echo "Created or renew successfuly the certificate for $DOMAIN"
 	fi
 }