feat: remove certificates for domains not pointing here

certbotd.sh

@@ -8,6 +8,10 @@ not_ok() {
   echo "not ok - $@" >&2
 }
 
+domain_configured() {
+  nslookup "$1" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})"
+}
+
 remove_certificate() {
   rm -rf "/etc/letsencrypt/renewal/${1}.conf" "/etc/letsencrypt/live/${1}" "/etc/letsencrypt/archive/${1}"
 }
@@ -141,8 +145,14 @@ case $1 in
 
           # Skip already existing domains
           if test -s "/etc/letsencrypt/renewal/${domain}.conf"; then
-            ok "${domain} already issued"
-            continue
+            # But check if they still point here
+            if domain_configured "${domain}" ; then
+              ok "${domain} already issued"
+              continue
+            else
+              not_ok "${domain} has a certificate but it's not correctly configured, will remove it for now"
+              remove_certificate "${domain}"
+            fi
           # The file exists but it's empty and it was issued before
           elif test -f "/etc/letsencrypt/renewal/${domain}.conf" && test -d "/etc/letsencrypt/archive/${domain}"; then
             ok "${domain} renewal conf was empty, fixing..."
@@ -159,7 +169,7 @@ case $1 in
           fi
 
           # Ignore non local domains
-          if ! nslookup "${domain}" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})" ; then
+          if ! domain_configured "${domain}" ; then
             ok "${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip"
             continue
           fi