renew.sh: allow renewing a single certificate

2 files changed, 22 insertions, 1 deletions

diff --git a/lfacme-renew.8.in b/lfacme-renew.8.in
index e2f7904..b25f307 100644
--- a/lfacme-renew.8.in
+++ b/lfacme-renew.8.in
@@ -10,6 +10,7 @@
 .Op opts
 .Cm renew
 .Op Fl f
+.Op Ar certificate
 .Sh DESCRIPTION
 The
 .Nm
@@ -19,12 +20,17 @@ If a certificate was previously issued and is still valid for longer than 30
 days, it will be ignored.
 Otherwise, the certificate will be issued or renewed and any configured hook
 scripts will be invoked.
-.Pp
 An ACME account must be created using
 .Xr lfacme-setup 8
 before running
 .Nm .
 .Pp
+If the
+.Ar certificate
+argument is provided, only the certificate with the given identifier will
+be renewed.
+Otherwise, all elegible certificates will be renewed.
+.Pp
 The follow options are accepted:
 .Bl -tag -width indent
 .It Fl f
diff --git a/renew.sh.in b/renew.sh.in
index 689f992..cecf52a 100644
--- a/renew.sh.in
+++ b/renew.sh.in
@@ -240,11 +240,17 @@ _docert() {
 	return $?
 }
 
+_whichcert="$1"; shift
+if ! [ -z "$1" ]; then
+	_fatal "unexpected argument: $1"
+fi
+
 cat "$_DOMAINS" \
 | egrep -v '^(#|[[:space:]]*$)' \
 | (
 	_default_args=""
 	_exit=0
+	_didany=0
 
 	while read identifier args; do
 		if [ "$identifier" = "*" ]; then
@@ -252,11 +258,20 @@ cat "$_DOMAINS" \
 			continue
 		fi
 
+		if ! [ -z "$_whichcert" ] && [ "$_whichcert" != "$identifier" ]; then
+			continue
+		fi
+
 		if ! _docert "$identifier" $_default_args $args; then
 			_exit=1
 		fi
+		_didany=1
 	done
 
+	if [ "$_didany" -eq 0 ] && ! [ -z "$_whichcert" ]; then
+		_fatal "certificate not found: %s" "$_whichcert"
+	fi
+
 	exit $_exit
 )