#!/bin/sh

set -e

for domain in $RENEWED_DOMAINS; do
  case $domain in
  DOMAIN_NAME_REPLACE)
    nginx_cert_root=DIRINSTALL/nginx/certs

    # Make sure the certificate and private key files are
    # never world readable, even just for an instant while
    # we're copying them into daemon_cert_root.
    umask 077

    cp "$RENEWED_LINEAGE/fullchain.pem" "$nginx_cert_root/fullchain.pem"
    cp "$RENEWED_LINEAGE/privkey.pem" "$nginx_cert_root/privkey.pem"

    # Apply the proper file ownership and permissions for
    # the daemon to read its certificate and key.
    chmod 400 "$nginx_cert_root/fullchain.pem" \
            "$nginx_cert_root/privkey.pem"

    cd DIRINSTALL && docker-compose restart nginx
    ;;
  esac
done

exit 0