From fc5c2ca12937d633a5165d9c8ec0de9be7d45bd8 Mon Sep 17 00:00:00 2001
From: Tobias Herre <tobias.herre@wikimedia.de>
Date: Tue, 31 Oct 2023 17:20:11 +0100
Subject: [PATCH] Reads domains from cert

---
 certbot.cf | 38 +++++++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/certbot.cf b/certbot.cf
index f051d56..21968a7 100644
--- a/certbot.cf
+++ b/certbot.cf
@@ -62,12 +62,15 @@ bundle agent certbot_cert(site,webroot)
 
 vars:
 
+
 	"domain" string => "$(site[domain])";
 	"keytype" string => "rsa";
 	
 	"ds" slist => {"$(site[domain])"};
 
 	"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
+	"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
+
 
 	"site_json" string => storejson(@(site));
 	"args" string => string_mustache(
@@ -79,19 +82,27 @@ vars:
 			"--standalone",
                         "--webroot -w $(webroot)");
 
+	"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem";
+	
+	"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
+		if => isvariable ("site[domain]");
+
 files:
-	"$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created"
-		create => "true",
-		content => "$(args)",
-		classes => if_repaired(certbot_repaired);
+#	"$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created"
+#		create => "true",
+#		content => "$(args)",
+#		classes => if_repaired(certbot_repaired);
 
 classes:
-	"no_cert_file"
-	comment => "run certbot because no cert dir exists",
-	not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
+#	"no_cert_file"
+#	comment => "run certbot because no cert dir exists",
+#	not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
 
-	"run_certbot"
-	or => {no_cert_file, certbot_repaired};
+#	"run_certbot"
+#	or => {no_cert_file, certbot_repaired};
+
+	"run_certbot" 
+	expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)"));
 
 defaults:
 	"webroot" string => "standalone";
@@ -113,6 +124,15 @@ commands:
 		args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
 
 reports:
+#	"CURRENT DOMAINS FOR $(site[domain]) : $(current_domains)";
+#	"EXEC IST: $(cert_test_cmd)";
+
+#	"IS '$(domains_txt)' == '$(current_domains_txt) ' ?";
+	
+#	run_certbot_new::
+#		"WE MUST RUN CERTBOT FOR $(domains_txt)";
+#	!run_certbot_new::
+#		"WE SHOULD NOT RUN CERTBOT FOR $(domains_txt)";
 }