From aa97821190b4f5b4aed60e9132cc9f966f97c191 Mon Sep 17 00:00:00 2001
From: Maksim <18454392+silentdigit@users.noreply.github.com>
Date: Tue, 10 Dec 2019 23:38:25 +1100
Subject: [PATCH] email now optional, and wildcard defaults to false

---
 README.md        |  6 +++---
 scripts/cert.sh  | 20 +++++++++++++++-----
 scripts/start.sh | 18 +++++++-----------
 3 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 58ea4be..83b209d 100755
--- a/README.md
+++ b/README.md
@@ -4,10 +4,10 @@ Automatically generates Let's Encrypt certificates using a lightweight Docker co
 
 Variables:
 
-* `DUCKDNS_TOKEN`: Duck DNS Account Token
+* `DUCKDNS_TOKEN`: Duck DNS account token (obtained from [Duck DNS](https://www.duckdns.org))
 * `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`)
 * `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications (optional)
-* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for all subdomains of `DUCKDNS_DOMAIN` (i.e. `*.test.duckdns.org`), or just the main domain (i.e. `test.duckdns.org`)
+* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for all subdomains of `DUCKDNS_DOMAIN` (i.e. `*.test.duckdns.org`), or just the main domain (i.e. `test.duckdns.org`) (default: `false`)
 
 **Note:** The format of `DUCKDNS_DOMAIN` should be the same regardless of the value of `LETSENCRYPT_WILDCARD`.
 
@@ -17,5 +17,5 @@ Volumes:
 
 **Note:** If a hosted volume is used, the volume should be mounted in an unused directory in another container to prevent access conflicts.
 
-#### TODO:
+### TODO:
 * Implement tests so `depends_on` can be used in docker-compose to prevent other containers from initialising until certificates are ready
diff --git a/scripts/cert.sh b/scripts/cert.sh
index 496707e..45fd1da 100755
--- a/scripts/cert.sh
+++ b/scripts/cert.sh
@@ -1,16 +1,26 @@
 #!/bin/sh
 
-# TODO: Make email an optional parameter
-# Check what happens when both -m and registration without email are supplied
+if [ -z "$LETSENCRYPT_EMAIL" ]; then
+  export EMAIL_PARAM="--register-unsafely-without-email"
+else
+  export EMAIL_PARAM="-m ${LETSENCRYPT_EMAIL} --no-eff-email"
+fi
+
+if [ ! -z "$TESTING" ]; then
+  echo NOTICE: Generating staging certificate
+  export TEST_PARAM="--staging"
+fi
 
 # Initial check for certificates
 certbot certonly --manual --preferred-challenges dns --manual-auth-hook \
   /scripts/auth.sh --manual-cleanup-hook /scripts/cleanup.sh \
-  -m "${LETSENCRYPT_EMAIL}" --no-eff-email -d "${LETSENCRYPT_DOMAIN}" \
-  --agree-tos --manual-public-ip-logging-ok --keep
+  "${EMAIL_PARAM}" -d "${LETSENCRYPT_DOMAIN}" \
+  --agree-tos --manual-public-ip-logging-ok --keep ${TEST_PARAM}
 
 # Basic check for successful certificate generation
-if [ ! -d "/etc/letsencrypt/live" ]; then
+if [ ! -d "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN}" ] || \
+   [ ! -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN}/fullchain.pem" ] || \
+   [ ! -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN}/privkey.pem" ]; then
   echo ERROR: Failed to create SSL certificates
   exit 1
 fi
diff --git a/scripts/start.sh b/scripts/start.sh
index e70d277..56b7099 100755
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN, LETSENCRYPT_EMAIL, LETSENCRYPT_WILDCARD
+# Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN
 if [ -z "$DUCKDNS_TOKEN" ]; then
 	echo ERROR: Variable DUCKDNS_TOKEN is unset
 	exit 1
@@ -11,30 +11,26 @@ if [ -z "$DUCKDNS_DOMAIN" ]; then
 	exit 1
 fi
 
-if [ -z "$LETSENCRYPT_WILDCARD" ]; then
-	echo ERROR: Variable LETSENCRYPT_WILDCARD is unset
-	exit 1
-fi
-
+# Print email notice if applicable
 if [ -z "$LETSENCRYPT_EMAIL" ]; then
 	echo NOTICE: You will not receive SSL certificate expiration notices
 fi
 
 # Set certificate url based on LETSENCRYPT_WILDCARD value
 if [ "$LETSENCRYPT_WILDCARD" = "true" ]; then
+  echo NOTICE: A wildcard SSL certificate will be created
   export LETSENCRYPT_DOMAIN=*.${DUCKDNS_DOMAIN}
-elif [ "$LETSENCRYPT_WILDCARD" = "false" ]; then
-  export LETSENCRYPT_DOMAIN=${DUCKDNS_DOMAIN}
+  export WILDCARD_STR="true"
 else
-  echo ERROR: Invalid value for LETSENCRYPT_WILDCARD
-  exit 1
+  export LETSENCRYPT_DOMAIN=${DUCKDNS_DOMAIN}
+  export WILDCARD_STR="false"
 fi
 
 # Print variables
 echo DUCKDNS_TOKEN: $DUCKDNS_TOKEN
 echo DUCKDNS_DOMAIN: $DUCKDNS_DOMAIN
 echo LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL
-echo LETSENCRYPT_WILDCARD: $LETSENCRYPT_WILDCARD
+echo LETSENCRYPT_WILDCARD: $WILDCARD_STR \(Input: \"${LETSENCRYPT_WILDCARD}\"\)
 
 # Start automatic ssl certificate generation
 /bin/sh /scripts/cert.sh