2 files changed, 31 insertions, 10 deletions

diff --git a/docker/auto-certbot/Dockerfile b/docker/auto-certbot/Dockerfile
index 53ab077..e37057b 100644
--- a/docker/auto-certbot/Dockerfile
+++ b/docker/auto-certbot/Dockerfile
@@ -1,8 +1,14 @@
 FROM certbot/certbot:latest
 ARG CRUPEST_DOMAIN
-ARG CRUPEST_CERTBOT_RENEW_COMMAND=""
+ARG CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES=""
+ARG CRUPEST_AUTO_CERTBOT_POST_HOOK=""
+ARG CRUPEST_AUTO_CERTBOT_RENEW_COMMAND=""
 # install bash
-RUN apk add --no-cache bash
+ENV CRUPEST_DOMAIN=${CRUPEST_DOMAIN}
+ENV CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES=${CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES}
+ENV CRUPEST_AUTO_CERTBOT_POST_HOOK=${CRUPEST_AUTO_CERTBOT_POST_HOOK}
+ENV CRUPEST_AUTO_CERTBOT_RENEW_COMMAND=${CRUPEST_AUTO_CERTBOT_RENEW_COMMAND}
+RUN apk add --no-cache bash ${CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES} 
 COPY daemon.bash /daemon.bash
 VOLUME ["/var/www/certbot", "/etc/letsencrypt", "/var/lib/letsencrypt"]
 ENTRYPOINT [ "/daemon.bash" ]
diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash
index de21ba8..10b2a25 100755
--- a/docker/auto-certbot/daemon.bash
+++ b/docker/auto-certbot/daemon.bash
@@ -1,18 +1,23 @@
 #!/usr/bin/env bash
 
+set -e
+
 # Check I'm root.
 if [[ $EUID -ne 0 ]]; then
     echo "This script must be run as root" 1>&2
     exit 1
 fi
 
-# Check CRUPEST_CERTBOT_RENEW_COMMAND is defined.
-if [ -z "$CRUPEST_CERTBOT_RENEW_COMMAND" ]; then
-    echo "CRUPEST_CERTBOT_RENEW_COMMAND is not defined or empty"
-    CRUPEST_CERTBOT_RENEW_COMMAND="certbot renew --webroot -w /var/www/certbot"
-    printf "Will use:\n%s\n" "$CRUPEST_CERTBOT_RENEW_COMMAND"
+# Check certbot version.
+certbot --version
+
+# Check CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined.
+if [ -z "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then
+    echo "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is not defined or empty"
+    CRUPEST_AUTO_CERTBOT_RENEW_COMMAND="certbot renew --webroot -w /var/www/certbot"
+    printf "Will use:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND"
 else
-    printf "CRUPEST_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_CERTBOT_RENEW_COMMAND"
+    printf "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND"
 fi
 
 # Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem
@@ -20,6 +25,12 @@ if [ -z "$CRUPEST_CERT_PATH" ]; then
     CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem"
 fi
 
+# Check CRUPEST_CERT_PATH exists.
+if [ ! -f "$CRUPEST_CERT_PATH" ]; then
+    echo "Cert file does not exist"
+    exit 1
+fi
+
 function check_and_renew_cert {
     expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH")
     
@@ -48,8 +59,12 @@ function check_and_renew_cert {
     else
         # No, renew now.
         echo "Renewing now..."
-        # Run CRUPEST_CERTBOT_RENEW_COMMAND
-        $CRUPEST_CERTBOT_RENEW_COMMAND
+        # Run CRUPEST_AUTO_CERTBOT_RENEW_COMMAND
+        if [ -n "$CRUPEST_AUTO_CERTBOT_POST_HOOK" ]; then
+            $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND --post-hook "$CRUPEST_AUTO_CERTBOT_POST_HOOK"
+        else
+            $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND
+        fi
     fi
 }