#!/usr/bin/env bash

set -eu
set -o pipefail

hostnames=$(grep -l 'authenticator = standalone' /etc/letsencrypt/renewal/*.conf | sed 's/.*\///; s/\.conf$//')

for hostname in $hostnames; do
    # Force a cert renewal to force the config file to update
    /usr/bin/certbot certonly --webroot --webroot-path=/var/lib/zulip/certbot-webroot/ --force-renewal -d "$hostname"
done

# Pick up any updated certs
service nginx reload