+init_system() {
+ # Check for config in various locations
+ if [[ -z "${CONFIG:-}" ]]; then
+ for check_config in "${HOME}/.letsencrypt.sh" "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
+ if [[ -e "${check_config}/config.sh" ]]; then
+ BASEDIR="${check_config}"
+ CONFIG="${check_config}/config.sh"
+ break
+ fi
+ done
+ fi
+
+ if [[ -z "${CONFIG:-}" ]]; then
+ echo "WARNING: No config file found, using default config!" >&2
+ sleep 2
+ elif [[ -e "${CONFIG}" ]]; then
+ if [[ ! "${COMMAND}" = "env" ]]; then
+ echo "Using config file ${CONFIG}"
+ fi
+ BASEDIR="$(dirname "${CONFIG}")"
+ # shellcheck disable=SC1090
+ . "${CONFIG}"
+ else
+ echo "ERROR: Specified config file doesn't exist." >&2
+ exit 1
+ fi
+
+ # Remove slash from end of BASEDIR. Mostly for cleaner outputs, doesn't change functionality.
+ BASEDIR="${BASEDIR%%/}"
+
+ # Check BASEDIR and set default variables
+ if [[ ! -d "${BASEDIR}" ]]; then
+ echo "ERROR: BASEDIR does not exist: ${BASEDIR}" >&2
+ exit 1
+ fi
+ set_defaults
+
+ if [[ "${COMMAND}" = "env" ]]; then
+ return
+ fi
+
+ # Lockfile handling (prevents concurrent access)
+ set -o noclobber
+ if ! { date > "${LOCKFILE}"; } 2>/dev/null; then
+ echo " + ERROR: Lock file '${LOCKFILE}' present, aborting." >&2
+ LOCKFILE="" # so remove_lock doesn't remove it
+ exit 1
+ fi
+ set +o noclobber
+
+ remove_lock() {
+ if [[ -n "${LOCKFILE}" ]]; then
+ rm -f "${LOCKFILE}"
+ fi
+ }
+ trap 'remove_lock' EXIT
+
+ # Export some environment variables to be used in hook script
+ export WELLKNOWN
+ export BASEDIR
+ export CONFIG
+
+ # Get CA URLs
+ CA_DIRECTORY="$(_request get "${CA}")"
+ CA_NEW_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-cert)" &&
+ CA_NEW_AUTHZ="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-authz)" &&
+ CA_NEW_REG="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-reg)" &&
+ # shellcheck disable=SC2015
+ CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revoke-cert)" ||
+ (echo "Error retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint." >&2; exit 1)
+
+
+ # check private key ...
+ register="0"
+ if [[ -n "${PARAM_PRIVATE_KEY:-}" ]]; then
+ # a private key was specified from the command line so use it for this run
+ echo "Using private key ${PARAM_PRIVATE_KEY} instead of account key"
+ PRIVATE_KEY="${PARAM_PRIVATE_KEY}"
+ if ! openssl rsa -in "${PRIVATE_KEY}" -check 2>/dev/null > /dev/null; then
+ echo " + ERROR: private key is not valid, can not continue" >&2
+ exit 1
+ fi
+ else
+ # Check if private account key exists, if it doesn't exist yet generate a new one (rsa key)
+ if [[ ! -e "${PRIVATE_KEY}" ]]; then
+ echo "+ Generating account key..."
+ _openssl genrsa -out "${PRIVATE_KEY}" "${KEYSIZE}"
+ register="1"
+ fi
+ fi