From 8e58255bdb1f46ef06f5a02d237e6afd50a3716b Mon Sep 17 00:00:00 2001
From: daditto <daditto@gmail.com>
Date: Thu, 10 Dec 2015 13:17:40 +0200
Subject: [PATCH] Add support for alternative names

---
 letsencrypt_service | 40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/letsencrypt_service b/letsencrypt_service
index a1a24e2..bbb7f88 100755
--- a/letsencrypt_service
+++ b/letsencrypt_service
@@ -18,29 +18,37 @@ update_certs() {
         hosts_array=$host_varname[@]
         email_varname="LETSENCRYPT_${cid}_EMAIL"
 
+        params_d_str=""
+        hosts_array_expanded=("${!hosts_array}")
+        # First domain will be our base domain
+        base_domain="${hosts_array_expanded[0]}"
+
+        # Create directorty for the first domain
+        mkdir -p /etc/nginx/certs/$base_domain
+        cd /etc/nginx/certs/$base_domain
+
         for domain in "${!hosts_array}"; do
-
-            # Create the domain directory
-            mkdir -p /etc/nginx/certs/$domain
-            cd /etc/nginx/certs/$domain
-
-            echo "Creating/renewal $domain certificates..."
-            /usr/local/bin/simp_le \
-             -d "$domain" \
+            # Add all the domains to certificate
+            params_d_str+=" -d $domain"
+        done
+        echo "Creating/renewal $base_domain certificates... (${hosts_array_expanded[*]})"
+        /usr/local/bin/simp_le \
              -f account_key.json -f key.pem -f fullchain.pem \
+             $params_d_str \
              --email "${!email_varname}" \
              --server=https://acme-v01.api.letsencrypt.org/directory \
              --default_root /usr/share/nginx/html/
 
-            simp_le_return=$?
+        simp_le_return=$?
 
-            if [[ $simp_le_return -eq 0 ]]; then
-                # Symlink to created certificate and key.
-                ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
-                ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
-                reload_nginx='true'
-            fi
-        done
+        if [[ $simp_le_return -eq 0 ]]; then
+            for domain in "${!hosts_array}"; do
+                # Symlink all alternative names to base domain certificate
+                ln -sf ./$base_domain/fullchain.pem /etc/nginx/certs/$domain".crt"
+                ln -sf ./$base_domain/key.pem       /etc/nginx/certs/$domain".key"
+            done
+            reload_nginx='true'
+        fi
     done
     unset LETSENCRYPT_CONTAINERS
     if [[ "$reload_nginx" == 'true' ]]; then