revised approach

mattermost/scripts/issue-certificate.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+usage() {
+  cat <<EOF
+Usage: $0 [-h] <-d DOMAIN> <-o PATH>
+
+Options
+  -h Print this help
+  -o Output path (e.g. \${PWD}/certs)
+  -d Domain certificate is issued for (e.g. mm.example.com)
+
+EOF
+}
+
+issue_cert_standalone() {
+  docker run -it --rm --name certbot -p 80:80 \
+    -v "${1}/etc/letsencrypt:/etc/letsencrypt" \
+    -v "${1}/lib/letsencrypt:/var/lib/letsencrypt" \
+    certbot/certbot certonly --standalone -d "${2}"
+}
+
+authenticator_to_webroot() {
+  sed -i 's/standalone/webroot/' "${1}"/etc/letsencrypt/renewal/"${2}".conf
+  tee -a "${1}"/etc/letsencrypt/renewal/"${2}".conf >/dev/null <<EOF
+webroot_path = /usr/share/nginx/html,
+[[webroot_map]]
+EOF
+}
+
+# become root (keeping environment) and make script executable
+if [ $EUID != 0 ]; then
+  chmod +x "$0"
+  sudo -E ./"$0" "$@"
+  exit $?
+fi
+
+while getopts d:o:h opt; do
+  case "$opt" in
+    d)
+      domain=$OPTARG
+      ;;
+    o)
+      output=$OPTARG
+      ;;
+    h)
+      usage
+      exit 0
+      ;;
+    \?)
+      usage >&2
+      exit 64
+      ;;
+  esac
+done
+
+shift $((OPTIND - 1))
+
+if [ -z "$domain" ]; then
+  echo "-d is required" >&2
+  usage >&2
+  exit 64
+fi
+
+if [ -z "$output" ]; then
+  echo "-o is required" >&2
+  usage >&2
+  exit 64
+fi
+
+if ! which docker 1>/dev/null; then
+  echo "Can't find Docker command" >&2
+  exit 64
+fi
+
+issue_cert_standalone "${output}" "${domain}"
+authenticator_to_webroot "${output}" "${domain}"