From 5bcb1956a80b48591463cadf88cab583f2abb32f Mon Sep 17 00:00:00 2001
From: JrCs <90z7oey02@sneakemail.com>
Date: Sun, 22 Nov 2015 13:20:29 +0100
Subject: [PATCH 1/2] Fix multi-domain support

---
 letsencrypt_service | 49 +++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/letsencrypt_service b/letsencrypt_service
index 5ac5864..17c74d3 100755
--- a/letsencrypt_service
+++ b/letsencrypt_service
@@ -1,4 +1,5 @@
 #!/bin/bash
+
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 echo 'Waiting'
@@ -6,9 +7,10 @@ sleep 10
 
 # Wait some amount of time
 seconds_to_wait=3600
+
 while true; do
   # Load relevant container settings
-  source $DIR/letsencrypt_service_data
+  source "$DIR"/letsencrypt_service_data
 
   for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
     # Derive host and email variable names
@@ -17,31 +19,30 @@ while true; do
     hosts_array=$host_varname[@]
     email_varname="LETSENCRYPT_${cid}_EMAIL"
 
-    domain_params=""
     for domain in "${!hosts_array}"; do
-      domain_params+="-d $domain "
+
+        # Create the domain directory
+        mkdir -p /etc/nginx/certs/$domain
+        cd /etc/nginx/certs/$domain
+
+        /opt/simp_le/venv/bin/simp_le \
+         -d "$domain" \
+         -f fullchain.pem -f key.pem \
+         --email "${!email_varname}" \
+         --server=https://acme-v01.api.letsencrypt.org/directory \
+         --default_root /usr/share/nginx/html/
+
+        simp_le_return=$?
+
+        if [[ $simp_le_return -eq 0 ]]; then
+            # Symlink to created certificate and key.
+            ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
+            ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
+        fi
+
+        # TODO: Regenerate nginx config if simp_le created a certificate and key
+        #if [ "$simp_le_return" -eq 0 ]; then nginx -s reload; fi
     done
-
-    # Use the first domain to create the directory
-    primary_domain=${!host_varname}
-    mkdir -p /etc/nginx/certs/$primary_domain
-    cd /etc/nginx/certs/$primary_domain
-    /opt/simp_le/venv/bin/simp_le $domain_params -f fullchain.pem -f key.pem --email ${!email_varname} \
-        --server=https://acme-v01.api.letsencrypt.org/directory \
-        --default_root /usr/share/nginx/html/
-    simp_le_return=$?
-    cd /app
-
-    # Symlink to created certificate and key.
-    for domain in "${!hosts_array}"; do
-      ln -sf ./$primary_domain/fullchain.pem /etc/nginx/certs/$domain".crt"
-      ln -sf ./$primary_domain/key.pem /etc/nginx/certs/$domain".key"
-    done
-
-    # TODO: Regenerate nginx config if simp_le created a certificate and key
-    #if [ "$simp_le_return" -eq 0 ]; then nginx -s reload; fi
-
-    unset $host_varname; unset $email_varname; unset $hosts_array
   done
   unset LETSENCRYPT_CONTAINERS
 

From 1a4422ecb37ecc10db351528783fce79f05c23f6 Mon Sep 17 00:00:00 2001
From: JrCs <90z7oey02@sneakemail.com>
Date: Sun, 22 Nov 2015 16:34:28 +0100
Subject: [PATCH 2/2] Enhance update of certificates

Update or create the certificates as soon as possible
---
 Procfile            |  5 ++-
 letsencrypt_service | 78 ++++++++++++++++++++++++---------------------
 update_certs        |  3 ++
 update_nginx        |  8 +++++
 4 files changed, 55 insertions(+), 39 deletions(-)
 create mode 100755 update_certs
 create mode 100755 update_nginx

diff --git a/Procfile b/Procfile
index e18d1d3..e76aad9 100644
--- a/Procfile
+++ b/Procfile
@@ -1,4 +1,3 @@
-nginx: nginx
-dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
-letsencrypt_dockergen: docker-gen -watch -only-exposed /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
+nginx: /usr/sbin/nginx
+dockergen: /usr/local/bin/docker-gen -watch -only-exposed -notify "/app/update_nginx" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
 letsencrypt: /app/letsencrypt_service
diff --git a/letsencrypt_service b/letsencrypt_service
index 17c74d3..b0f240b 100755
--- a/letsencrypt_service
+++ b/letsencrypt_service
@@ -2,50 +2,56 @@
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-echo 'Waiting'
-sleep 10
-
-# Wait some amount of time
 seconds_to_wait=3600
 
-while true; do
-  # Load relevant container settings
-  source "$DIR"/letsencrypt_service_data
+update_certs() {
+    [[ ! -f "$DIR"/letsencrypt_service_data ]] && return
 
-  for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
-    # Derive host and email variable names
-    host_varname="LETSENCRYPT_${cid}_HOST"
-    # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
-    hosts_array=$host_varname[@]
-    email_varname="LETSENCRYPT_${cid}_EMAIL"
+    # Load relevant container settings
+    source "$DIR"/letsencrypt_service_data
 
-    for domain in "${!hosts_array}"; do
+    for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
+        # Derive host and email variable names
+        host_varname="LETSENCRYPT_${cid}_HOST"
+        # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
+        hosts_array=$host_varname[@]
+        email_varname="LETSENCRYPT_${cid}_EMAIL"
 
-        # Create the domain directory
-        mkdir -p /etc/nginx/certs/$domain
-        cd /etc/nginx/certs/$domain
+        for domain in "${!hosts_array}"; do
 
-        /opt/simp_le/venv/bin/simp_le \
-         -d "$domain" \
-         -f fullchain.pem -f key.pem \
-         --email "${!email_varname}" \
-         --server=https://acme-v01.api.letsencrypt.org/directory \
-         --default_root /usr/share/nginx/html/
+            # Create the domain directory
+            mkdir -p /etc/nginx/certs/$domain
+            cd /etc/nginx/certs/$domain
 
-        simp_le_return=$?
+            /opt/simp_le/venv/bin/simp_le \
+             -d "$domain" \
+             -f fullchain.pem -f key.pem \
+             --email "${!email_varname}" \
+             --server=https://acme-v01.api.letsencrypt.org/directory \
+             --default_root /usr/share/nginx/html/
 
-        if [[ $simp_le_return -eq 0 ]]; then
-            # Symlink to created certificate and key.
-            ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
-            ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
-        fi
+            simp_le_return=$?
 
-        # TODO: Regenerate nginx config if simp_le created a certificate and key
-        #if [ "$simp_le_return" -eq 0 ]; then nginx -s reload; fi
+            if [[ $simp_le_return -eq 0 ]]; then
+                # Symlink to created certificate and key.
+                ln -sf ./$domain/fullchain.pem /etc/nginx/certs/$domain".crt"
+                ln -sf ./$domain/key.pem       /etc/nginx/certs/$domain".key"
+            fi
+        done
     done
-  done
-  unset LETSENCRYPT_CONTAINERS
+    unset LETSENCRYPT_CONTAINERS
+}
 
-  date
-  echo "Waiting $seconds_to_wait seconds"; sleep $seconds_to_wait
-done
+pid=
+trap '[[ $pid ]] && kill $pid; exec $0' EXIT
+trap 'trap - EXIT' INT TERM
+
+echo 'Waiting 10s before updating certs...'
+sleep 10
+
+update_certs
+
+# Wait some amount of time
+sleep $seconds_to_wait & pid=$!
+wait
+pid=
diff --git a/update_certs b/update_certs
new file mode 100755
index 0000000..40fc0e6
--- /dev/null
+++ b/update_certs
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pkill -f -SIGUSR1 /app/letsencrypt_service
diff --git a/update_nginx b/update_nginx
new file mode 100755
index 0000000..91c10e9
--- /dev/null
+++ b/update_nginx
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+docker-gen \
+ -only-exposed \
+ -notify '/app/update_certs' \
+ /app/letsencrypt_service_data.tmpl /app/letsencrypt_service_data
+
+nginx -s reload