#!/bin/bash

DOMAIN=$1

if [ -z "$DOMAIN" ]; then
    echo "用法: $0 <subdomain>.novalon.cn"
    echo "示例: $0 product-a.novalon.cn"
    exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
NGINX_DIR="$(dirname "$SCRIPT_DIR")"
CERTBOT_DIR="/home/novalon/docker-app/certbot"
SSL_DIR="${NGINX_DIR}/ssl"

mkdir -p "${SSL_DIR}/${DOMAIN}"

echo "正在为 ${DOMAIN} 申请 SSL 证书..."
echo ""

docker run --rm \
    -v "${CERTBOT_DIR}:/var/www/certbot" \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    certbot/certbot certonly \
    --webroot \
    --webroot-path /var/www/certbot \
    -d "${DOMAIN}" \
    --email admin@novalon.cn \
    --agree-tos \
    --no-eff-email

if [ $? -eq 0 ]; then
    echo ""
    echo "证书申请成功，正在复制到 Nginx SSL 目录..."
    
    cp "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" "${SSL_DIR}/${DOMAIN}/"
    cp "/etc/letsencrypt/live/${DOMAIN}/privkey.pem" "${SSL_DIR}/${DOMAIN}/"
    
    echo ""
    echo "✅ ${DOMAIN} 证书申请完成"
    echo ""
    echo "后续步骤："
    echo "  1. 验证配置: docker exec novalon-nginx-secure nginx -t"
    echo "  2. 重载 Nginx: docker exec novalon-nginx-secure nginx -s reload"
    echo "  3. 验证访问: curl -I https://${DOMAIN}"
else
    echo ""
    echo "❌ 证书申请失败"
    echo ""
    echo "请检查："
    echo "  1. DNS 解析是否正确: ${DOMAIN} -> 服务器IP"
    echo "  2. Nginx 配置是否正确加载"
    echo "  3. certbot 目录权限是否正确"
    exit 1
fi