#!/bin/bash

# This script is called hourly to check if the certificate
# needs renewal, and renews the cert after that

set -e
set -x

# Source variables from user-data
. /etc/teleport.d/conf

if [ ! -f /etc/teleport.d/role.auth ] && [ ! -f /etc/teleport.d/role.all ]; then
    echo "Not running 'auth' or 'all' role, exiting with success"
    exit 0
fi

# This is called periodically, if renewal is successful
# certs are uploaded to the S3 Bucket
certbot renew --deploy-hook=/usr/bin/teleport-upload-cert
