#!/bin/sh

. cert-sh-functions

old_hostname="$1"
new_hostname="$2"

current_hostname="$(hostname)"
new_hostname="${new_hostname:-$current_hostname}"

keys_dir="/var/lib/ssl/private"
certs_dir="/var/lib/ssl/certs"

new_domain="${new_hostname#*.}"

# Check each service certificate and recreate it fith new hostname
for key in $keys_dir/*.key
do
    c="${key##*/}"
    cert="${c/.key/}"
    cert_domain="$(openssl x509 -text -in $certs_dir/$cert.cert | sed -n 's/^.*Issuer:.*CN[[:space:]]*=[[:space:]]*[^.]\+\.\([^,]*\),.*$/\1/p')"
    if [ "$cert_domain" != "$new_domain" ]
    then
	HOSTNAME="$new_hostname"
        SSL_CHECK_EXPIRED_INTERVAL=9000d
        SSL_RENEW_SELFSIGNED=1
        ssl_generate "$cert"
    fi
done
