#!/bin/bash -e

#
# Get the encryption certs and install-ish them.
#

eval "$(cli-shezargs $@)"

[[ -n $sub_domain ]] || die "Must have --sub-domain="
[[ -n $domain     ]] || die "Must have --domain="

#sudo mkdir -p /etc/nginx/certs
#sudo aws s3 cp s3://mobilewebprint-deploy/buildout/config/certs/serverassist_client_ca.crt /etc/nginx/certs/

mkdir -p ~/www/${sub_domain}
#sudo certbot certonly --register-unsafely-without-email --webroot -w www/${sub_domain}/ -d ${sub_domain}.${domain}
sudo certbot --test-cert certonly --register-unsafely-without-email --webroot -w www/${sub_domain}/ -d ${sub_domain}.${domain}