#!/bin/sh

############ FILES

TLS_CERT=/acme/cert/cert.pem
TLS_KEY=/acme/cert/privkey.pem
TLS_CHAIN=/acme/cert/chain.pem

[ ! -f "$TLS_CERT" ] && exit 1
[ ! -f "$TLS_KEY" ] && exit 1
[ ! -f "$TLS_CHAIN" ] && exit 1

############ CHECK CERT KEY ALGO
ALGO=$(openssl x509 -in "$TLS_CERT" -text | sed -n 's/\ *Public Key Algorithm: //p' | tr '\n')

############ UPDATE cert config if needed
if [ "$ALGO" = "id-ecPublicKey" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
  TLSECCertificateFile                    "$TLS_CERT"
  TLSECCertificateKeyFile                 "$TLS_KEY"
  TLSCertificateChainFile                 "$TLS_CHAIN"
</IfModule>
EOF
fi

if [ "$ALGO" = "rsaEncryption" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
  TLSRSACertificateFile                    "$TLS_CERT"
  TLSRSACertificateKeyFile                 "$TLS_KEY"
  TLSCertificateChainFile                  "$TLS_CHAIN"
</IfModule>
EOF
fi

############ RELOAD PROFTPD IF RUNNING
pidof proftpd >/dev/null && killall -HUP proftpd