if [ $1 = "deploy_cert" ]; then
  # and now deploy our LE cert to Unifi controller !
{  # in case we rely on scl again
  #. /opt/rh/rh-mongodb34/service-environment
  #. scl_source enable \$RH_MONGODB34_SCLS_ENABLED
}
  # To automatically detect DOMAIN (thanks to @SprockTech):
  DOMAIN=$(mongo --quiet --port 27117 --eval 'db.getSiblingDB("ace").setting.find(\{"key": "super_identity"\}).forEach(function(document)\{ print(document.hostname) \})')
  
  # Backup previous keystore
  cp /opt/UniFi/data/keystore  /opt/UniFi/data/keystore.backup.$(date +%F_%R)
 
  # Convert cert to PKCS12 format
  # Ignore warnings
  #openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -name unifi -password pass:unifi
  openssl pkcs12 -export -inkey `/sbin/e-smith/config getprop modSSL key` -in `/sbin/e-smith/config getprop modSSL crt` -out /opt/UniFi/data/fullchain.p12 -name unifi -password pass:unifi 2>/dev/null
  
  # Install certificate
  # Ignore warnings
  #keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
  keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore  /opt/UniFi/data/keystore -srckeystore /opt/UniFi/data/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt

  #Restart UniFi controller
  /usr/bin/systemctl restart unifi.service
fi