#!/bin/sh
CERTFILE=/etc/letsencrypt/archive/domain.jp/cert1.pem
KEYFILE=/etc/letsencrypt/archive/domain.jp/privkey1.pem
NEWCERT=/etc/cockpit/ws-certs.d/cockpit.cert

update=0
if [ -e ${NEWCERT} ]
then
  fp1=`openssl x509 -fingerprint -noout -in ${CERTFILE}`
  fp2=`openssl x509 -fingerprint -noout -in ${NEWCERT}`
  if [ "${fp1}" != "${fp2}" ]
  then
    update=1
  fi
else
  update=1
fi

if [ ${update} -eq 1 ]
then
  cat ${CERTFILE} ${KEYFILE} > ${NEWCERT}
  chmod 640 ${NEWCERT}
  chown root:cockpit-ws ${NEWCERT}
fi