Cleanup renew.sh.sh so the output is more elegant.

type/__uacme_obtain/files/renew.sh.sh

@@ -3,34 +3,50 @@
 cat << EOF
 #!/bin/sh
 
-CERT_SOURCE=$CONFDIR/$MAIN_DOMAIN/cert.pem
+UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
-KEY_SOURCE=$CONFDIR/private/$MAIN_DOMAIN/key.pem
+export UACME_CHALLENGE_PATH
-
-export UACME_CHALLENGE_PATH=$CHALLENGEDIR
 
 # Issue certificate.
-uacme issue -c $CONFDIR -h $HOOKSCRIPT $DISABLE_OCSP $MUST_STABLE $KEYTYPE \
+uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\
-$DOMAIN
+	issue -- ${DOMAIN:?}
-if [ $? -eq 2 ]; then
+
 # Note: exit code 0 means that certificate was issued.
 # Note: exit code 1 means that certificate was still valid, hence not renewed.
 # Note: exit code 2 means that something went wrong.
+status=\$?
+
+# All is well: we can stop now.
+if [ \$status -eq 1 ];
+then
+	exit 0
+fi
+
+# An error occured.
+if [ \$status -eq 2 ]; then
 	echo "Failed to renew certificate - exiting." >&2
 	exit 1
 fi
+EOF
 
 # Re-deploy, if needed.
-if [ -n "$KEY_TARGET" ] && [ -n "$CERT_TARGET" ]; then
+if [ -n "${KEY_TARGET?}" ] && [ -n "${CERT_TARGET?}" ];
+then
+cat << EOF
+
+# Deploy newly issued certificate.
 set -e
 
-	mkdir -p $(dirname "$CERT_TARGET") $(dirname "$KEY_TARGET")
+CERT_SOURCE=${CONFDIR:?}/${MAIN_DOMAIN:?}/cert.pem
+KEY_SOURCE=${CONFDIR:?}/private/${MAIN_DOMAIN:?}/key.pem
 
-	if ! cmp \$CERT_SOURCE $CERT_TARGET >/dev/null 2>&1; then
+mkdir -p -- $(dirname "${CERT_TARGET?}") $(dirname "${KEY_TARGET?}")
-		install -m 0640 \$KEY_SOURCE $KEY_TARGET
-		install -m 0644 \$CERT_SOURCE $CERT_TARGET
-		chown $OWNER $KEY_TARGET $CERT_TARGET
 
-		$RENEW_HOOK
+if ! cmp \${CERT_SOURCE:?} ${CERT_TARGET?} >/dev/null 2>&1; then
-	fi
+	install -m 0640 \${KEY_SOURCE:?} ${KEY_TARGET?}
+	install -m 0644 \${CERT_SOURCE:?} ${CERT_TARGET?}
+	chown ${OWNER?} ${KEY_TARGET?} ${CERT_TARGET?}
+
+	${RENEW_HOOK?}
 fi
 EOF
+fi