--- a/README.md
+++ b/README.md
@@ -1 +1 @@
-Some scripts to automate VPS setup
+Scripts to automate VPS setup and maintenance
--- a/cert/clientRenew
+++ b/cert/clientRenew
@@ -0,0 +1,7 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/renewCertbot
--- a/cert/clientSetup
+++ b/cert/clientSetup
@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
 brew install certbot
--- a/cert/vpsRenew
+++ b/cert/vpsRenew
@@ -0,0 +1,23 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+ACME_FILE=$1
+ACME_VALUE=$2
+
+if [ -z "$ACME_FILE" ] || [ -z "$ACME_VALUE" ]; then
+  echo "Usage: $0 ACME_FILE ACME_VALUE"
+  exit 1
+fi
+
+ACME_DIR="/var/www/html/.well-known/acme-challenge"
+
+STEP=0
+source $T/ensureRootUser
+source $T/copyNginxACMEConfig
+source $T/restartNginx
+source $T/createACMEChallenge
+source $T/waitForReturnKey
+source $T/deleteACMEChallenge
+source $T/copyNginxProdConfig
+source $T/restartNginx
--- a/nginx.setup
+++ b/nginx.setup
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-apt install nginx
-cp nginx/cfg /etc/nginx/sites-enabled/default
-systemctl restart nginx
--- a/nginx/acme.cfg
+++ b/nginx/acme.cfg
@@ -0,0 +1,10 @@
+# Serve only through HTTP while updating the certificate
+server {
+  listen 80;
+  server_name kornerr.ru;
+  root /var/www/html;
+
+  location / {
+    try_files $uri $uri/ =404;
+  }
+}
--- a/nginx/prod.cfg
+++ b/nginx/prod.cfg
@@ -5,6 +5,7 @@ server {
  return 301 https://$server_name$request_uri;
 }

+# Serve through HTTPS only
 server {
  listen 443 ssl;
  server_name kornerr.ru;
--- a/nginx/setup
+++ b/nginx/setup
@@ -0,0 +1,9 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/installNginx
+source $T/copyNginxProdConfig
+source $T/restartNginx
--- a/publish.dbg
+++ b/publish.dbg
@@ -15,7 +15,9 @@ fi
 # Get the latest changes
 cd $REPO_DIR
 git checkout -f $MAIN_BRANCH
+git clean -fd
 git fetch --all
+git pull

 # Find out the latest commit in the whole repo
 #git branch -av --sort=-committerdate
@@ -47,4 +49,5 @@ function replace {

 # Rename references
 replace $DST_DIR/bank.html "$kmpWas" "$kmpNow"
+replace $DST_DIR/budget.html "$kmpWas" "$kmpNow"
 replace $DST_DIR/quiz.html "$kmpWas" "$kmpNow"
--- a/publish.prod
+++ b/publish.prod
@@ -13,3 +13,4 @@ rsync -aivc --delete $DBG_DIR/ $DST_DIR
 cd $DST_DIR
 ln -s ../cbr
 ln -s ../dbg
+ln -s ../vid
--- a/publish.setup
+++ b/publish.setup
@@ -1,4 +1,4 @@
 #!/bin/bash
-CMD="0 20 * * * kornerr /home/kornerr/vps/publish.dbg"
+CMD="0 20 * * * root /home/kornerr/vps/publish.dbg"
 CRON_FILE=/etc/cron.d/dbg
 echo "$CMD" > $CRON_FILE
--- a/step/copyNginxACMEConfig
+++ b/step/copyNginxACMEConfig
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME"
+cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default
--- a/step/copyNginxProdConfig
+++ b/step/copyNginxProdConfig
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx"
+cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default
--- a/step/createACMEChallenge
+++ b/step/createACMEChallenge
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Создаём файл проверки для ACME"
+mkdir -p $ACME_DIR
+echo "$ACME_VALUE" > "$ACME_DIR/$ACME_FILE"
--- a/step/deleteACMEChallenge
+++ b/step/deleteACMEChallenge
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Удаляем файл проверки для ACME"
+rm $ACME_DIR/$ACME_FILE
+rmdir $ACME_DIR
--- a/step/ensureRootUser
+++ b/step/ensureRootUser
@@ -0,0 +1,9 @@
+#!/bin/bash
+# https://askubuntu.com/a/15856
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root"
+if [[ $EUID -ne 0 ]]; then
+   echo "ОШИБКА: Перезапустите как root"
+   exit 1
+fi
--- a/step/installNginx
+++ b/step/installNginx
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx"
+apt install nginx
--- a/step/renewCertbot
+++ b/step/renewCertbot
@@ -1,3 +1,6 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Просим certbot обновить"
 certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
--- a/step/restartNginx
+++ b/step/restartNginx
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx"
+systemctl restart nginx
--- a/step/waitForReturnKey
+++ b/step/waitForReturnKey
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Ожидаем нажатия клавиши Return"
+read -p "Нажмите Return..."