#!/bin/bash

set -e

echo "========================================="
echo "  SSL 证书配置检查"
echo "========================================="

SSL_DIR="./ssl"

if [ ! -d "$SSL_DIR" ]; then
    echo "⚠️  SSL 目录不存在，正在创建..."
    mkdir -p "$SSL_DIR"
fi

if [ ! -f "$SSL_DIR/fullchain.pem" ] || [ ! -f "$SSL_DIR/privkey.pem" ]; then
    echo "⚠️  SSL 证书文件不存在"
    echo ""
    echo "请将 SSL 证书文件放置到 $SSL_DIR 目录："
    echo "  - fullchain.pem (证书链)"
    echo "  - privkey.pem (私钥)"
    echo ""
    echo "获取证书的方式："
    echo "  1. 使用 Let's Encrypt 免费证书："
    echo "     certbot certonly --webroot -w /var/www/certbot -d novalon.cn -d www.novalon.cn"
    echo "  2. 使用商业证书："
    echo "     从证书提供商下载并重命名文件"
    echo ""
    echo "证书文件权限："
    echo "  chmod 644 $SSL_DIR/fullchain.pem"
    echo "  chmod 600 $SSL_DIR/privkey.pem"
    exit 1
fi

echo "✅ SSL 证书文件检查通过"
echo "  - 证书链: $SSL_DIR/fullchain.pem"
echo "  - 私钥: $SSL_DIR/privkey.pem"

echo ""
echo "📋 证书有效期检查..."
openssl x509 -in "$SSL_DIR/fullchain.pem" -noout -dates 2>/dev/null || echo "⚠️  无法读取证书信息"

echo ""
echo "✅ SSL 配置完成"