#!/bin/ksh
###
# Script:  acme-renew.txt
# Author:  ialokin@bsdbased.net
#
# Example script that reloads services relying on the certificate
# issued through acme-client.
###
# doas wget -O /usr/local/sbin/acme-renew.sh https://ialokin.host.bsdforall.org/scripts/acme-renew.txt
# doas chmod ug+x /usr/local/sbin/acme-renew.sh
#
# then add something like this to crontab:
# ~ 4 * * 0 /usr/local/sbin/acme-renew.sh >> /var/log/acme-renew.log 2>&1
###

# Run acme-client
acme-client ialokin.host.bsdforall.org

# Check if acme-client actually updated anything (exit code 0)
if [ $? -eq 0 ]; then
    echo "Certificates renewed, reloading services..."
    rcctl reload httpd
    rcctl reload smtpd
    rcctl reload dovecot
    # restart ngircd :(
    rcctl restart ngircd
else
    echo "No renewal needed or acme-client failed."
fi