From 15e94f424341528b2e23fdcf6d4756775903327e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sat, 14 Jan 2023 23:52:29 +0100
Subject: Check for cert by filename prefix.

---
 lib/facter/letsencrypt_bycertname.rb | 23 +++++++++++++++++++++++
 manifests/cert.pp                    | 22 ++++++++++++----------
 2 files changed, 35 insertions(+), 10 deletions(-)
 create mode 100644 lib/facter/letsencrypt_bycertname.rb

diff --git a/lib/facter/letsencrypt_bycertname.rb b/lib/facter/letsencrypt_bycertname.rb
new file mode 100644
index 0000000..56556ff
--- /dev/null
+++ b/lib/facter/letsencrypt_bycertname.rb
@@ -0,0 +1,23 @@
+require 'pathname'
+
+Facter.add(:letsencrypt_bycertname) do
+  confine kernel: ['FreeBSD', 'Linux', 'OpenBSD']
+
+  setcode do
+    certs = {}
+
+    # locate the certificate repository
+    livedir = ['/etc/letsencrypt/live', '/etc/certbot/live']
+              .map { |path| Pathname.new path }
+              .find(&:directory?)
+
+    unless livedir.nil?
+      Pathname.new(livedir).children.select(&:directory?).each do |path|
+        m = path.basename.to_s.match(%r{(.*?)(-\d+)?$})
+        certs[m[1]] = path.to_s
+      end
+    end
+
+    certs
+  end
+end
diff --git a/manifests/cert.pp b/manifests/cert.pp
index 9a34725..ec2baf1 100644
--- a/manifests/cert.pp
+++ b/manifests/cert.pp
@@ -46,11 +46,11 @@ define letsencrypt::cert (
   }
 
   ensure_resource('letsencrypt::domain', $domains, {
-    cert_name => $cert_name,
+      cert_name => $cert_name,
   })
   if $include_self and ! $cert_name in $domains {
     ensure_resource('letsencrypt::domain', $cert_name, {
-      cert_name => $cert_name,
+        cert_name => $cert_name,
     })
   }
 
@@ -61,14 +61,16 @@ define letsencrypt::cert (
   # exists then the new certificate will instead be called
   # ${cert-name}-0001. See
   # https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates
-  exec { "letsencrypt - get initial ${cert_name}":
-    creates => "${letsencrypt::cert_dir}/${cert_name}",
-    command => [$letsencrypt::renew::setup::renew_script, $cert_name],
-    require => [
-      Concat[$domain_file],
-      File[$conf_file],
-      File[$letsencrypt::renew::setup::renew_script],
-    ],
+  if ! $cert_name in $facts['letsencrypt_bycertname'] {
+    exec { "letsencrypt - get initial ${cert_name}":
+      creates => "${letsencrypt::cert_dir}/${cert_name}",
+      command => [$letsencrypt::renew::setup::renew_script, $cert_name],
+      require => [
+        Concat[$domain_file],
+        File[$conf_file],
+        File[$letsencrypt::renew::setup::renew_script],
+      ],
+    }
   }
 
   exec { "letsencrypt - refresh ${cert_name}":
-- 
cgit v1.2.3