From 1f781ccf99b0ce52393aa09d523db5c162799a77 Mon Sep 17 00:00:00 2001
From: Beth <ejparker@actcur.com>
Date: Sat, 29 Mar 2025 22:02:27 -0500
Subject: [PATCH 1/4] added freeipa handling

---
 files/certbot-renewal.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/files/certbot-renewal.sh b/files/certbot-renewal.sh
index f035826..3e9bd99 100644
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@@ -1,10 +1,25 @@
 #! /bin/bash
+#should probably add logic to only halt/reload once (and only if necessary)
+function halt() {
+    #stop services if necessary
+    if [ -d /var/lib/ipa/ ]
+        #stop httpd
+        systemctl stop httpd
+    fi
+}
 function reload() {
     #reload/restart relevant services
     if [ -d /etc/nginx/certs/ ]
     then
         systemctl reload nginx
     fi
+    if [ -d /var/lib/ipa/ ]
+        #restart httpd
+        /scripts/install_cacerts.sh
+        systemctl start httpd
+        #load cert
+    fi
+
 }
 
 dom=`date +%d`
@@ -21,6 +36,7 @@ do
     if [[ $today > $expires ]]
     then
         echo Certificate for $f is expired, renewing >> $log
+        halt()
         certbot renew --cert-name $f >> /var/log/certbot-renewal.log
         reload()
         continue
@@ -34,6 +50,7 @@ do
         if [[ $dom -eq $rdate ]]
         then
             echo Date falls within renewal window for $f, attempting renewal >> $log
+            halt()
             certbot renew --cert-name $f >> $log
             reload()
             break
-- 
2.49.0


From f0226d69c62c57ca1e93eac0a0c2c22e13d5a417 Mon Sep 17 00:00:00 2001
From: Beth <ejparker@actcur.com>
Date: Sat, 29 Mar 2025 22:05:36 -0500
Subject: [PATCH 2/4] changed script name

---
 files/certbot-renewal.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/certbot-renewal.sh b/files/certbot-renewal.sh
index 3e9bd99..0f995ef 100644
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@@ -15,7 +15,7 @@ function reload() {
     fi
     if [ -d /var/lib/ipa/ ]
         #restart httpd
-        /scripts/install_cacerts.sh
+        /scripts/setup-le.sh
         systemctl start httpd
         #load cert
     fi
-- 
2.49.0


From 2236128a8d84cf5dfc2863a369a6d8ec225b1209 Mon Sep 17 00:00:00 2001
From: Beth <ejparker@actcur.com>
Date: Sat, 29 Mar 2025 23:10:16 -0500
Subject: [PATCH 3/4] added httpd restart before running setup-le

---
 files/certbot-renewal.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/certbot-renewal.sh b/files/certbot-renewal.sh
index 0f995ef..04599ee 100644
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@@ -15,8 +15,8 @@ function reload() {
     fi
     if [ -d /var/lib/ipa/ ]
         #restart httpd
-        /scripts/setup-le.sh
         systemctl start httpd
+        /scripts/setup-le.sh
         #load cert
     fi
 
-- 
2.49.0


From 5164b327f2230369bc2f473ea030a139cfc90791 Mon Sep 17 00:00:00 2001
From: Beth <ejparker@actcur.com>
Date: Sat, 29 Mar 2025 23:10:51 -0500
Subject: [PATCH 4/4] added httpd restart before running setup-le

---
 files/certbot-renewal.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/certbot-renewal.sh b/files/certbot-renewal.sh
index 04599ee..01f3b23 100644
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@@ -17,6 +17,7 @@ function reload() {
         #restart httpd
         systemctl start httpd
         /scripts/setup-le.sh
+        systemctl restart httpd
         #load cert
     fi
 
-- 
2.49.0