Working product.

2 files changed, 36 insertions, 2 deletions

diff --git a/files/letsencrypt-renew.service b/files/letsencrypt-renew.service
index 253f260..f8f2c18 100644
--- a/files/letsencrypt-renew.service
+++ b/files/letsencrypt-renew.service
@@ -4,5 +4,4 @@ Documentation=man:certbot(1)
 
 [Service]
 Type=oneshot
-EnvironmentFile=/etc/letsencrypt/env/%i
-ExecStart=certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4086 --cert-name '%i' -a $AUTHENTICATOR $DOMAINS --post-hook $POST_HOOK --quiet --keep-until-expiring
+ExecStart=/etc/letsencrypt/renew_cert %i
diff --git a/files/run_certbot.py b/files/run_certbot.py
new file mode 100644
index 0000000..f81f707
--- /dev/null
+++ b/files/run_certbot.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+"""
+Gathers domain names to give to certbot, and then execs
+certbot. "Required" to send multiple domain names
+
+File managed by Puppet
+"""
+
+# Script should be compatible with both Python2 and Python3
+
+from __future__ import print_function
+import sys
+import os
+
+if len(sys.argv) != 2:
+    print('Takes exactly one argument: the certificates name',
+          file=sys.stderr)
+    os.exit(1)
+
+
+cert_name = sys.argv[1]
+here = os.path.dirname(sys.argv[0])
+
+cmdline = ['certbot', '--config', os.path.join(here, cert_name + ".ini")]
+with open(os.path.join(here, cert_name + '.domains')) as f:
+    for line in f:
+        if not line:
+            continue
+        if line[0] == '#':
+            continue
+        cmdline += ['-d', line.strip()]
+cmdline += ['certonly']
+
+os.execvp('certbot', cmdline)