cdist/cdist/conf/type/__letsencrypt_cert/explorer/certificate-data

#!/bin/sh -e
certbot_path="$(command -v certbot 2>/dev/null || true)"
# Defaults
certificate_exists="no"
certificate_is_test="no"

if [ -n "${certbot_path}" ]; then
	# Find python executable that has access to certbot's module
	python_path=$(sed -n '1s/^#! *//p' "${certbot_path}")

	# Use a lock for cdist due to certbot not exiting with failure
	# or having any flags for concurrent use.
	_certbot() {
		${python_path} - 2>/dev/null <<EOF
from certbot.main import main
import fcntl
lock_file = "/tmp/certbot.cdist.lock"
timeout=60
with open(lock_file, 'w') as fd:
    for i in range(timeout):
        try:
            # Get exclusive lock
            fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
            break
        except:
            # Wait if that fails
            import time
            time.sleep(1)
    else:
        # Timed out, exit with failure
        import sys
        sys.exit(1)
    # Do list certificates
    main(["certificates", "--cert-name", "${__object_id:?}"])
EOF
	}


	_certificate_exists() {
		if grep -q "  Certificate Name: ${__object_id:?}$"; then
			echo yes
		else
			echo no
		fi
	}

	_certificate_is_test() {
		if grep -q 'INVALID: TEST_CERT'; then
			echo yes
		else
			echo no
		fi
	}

	_certificate_domains() {
		grep '    Domains: ' | cut -d ' ' -f 6- | tr ' ' '\n'
	}

	# Get data about all available certificates
	certificates="$(_certbot)"

	# Check whether or not the certificate exists
	certificate_exists="$(echo "${certificates}" | _certificate_exists)"

	# Check whether or not the certificate is for testing
	certificate_is_test="$(echo "${certificates}" | _certificate_is_test)"

	# Get domains for certificate
	certificate_domains="$(echo "${certificates}" | _certificate_domains)"
fi

# Return received data
cat <<EOF
certbot_path:${certbot_path}
certificate_exists:${certificate_exists}
certificate_is_test:${certificate_is_test}
${certificate_domains}
EOF