sudo true

cd /var/qmail/control || cat >&2

echo control/cert.pem > smtpcert

sudo chgrp staff Makefile
sudo chmod g+w Makefile

sed 's/^  */\t/g' >> Makefile <<EOF

PRIVKEY=/etc/letsencrypt/live/$(hostname -f)/privkey.pem
FULLCHAIN=/etc/letsencrypt/live/$(hostname -f)/fullchain.pem

cert.pem: \$(PRIVKEY) \$(FULLCHAIN)
    touch cert.pem.tmp
    chmod 440 cert.pem.tmp
    chown qmaild:qmail cert.pem.tmp
    cat \$(PRIVKEY) \$(FULLCHAIN) > cert.pem.tmp
    mv cert.pem.tmp cert.pem
EOF

sudo make cert.pem