#!/bin/bash

SSL_DIR="./ssl"
CERTBOT_DIR="/var/www/certbot"
DOMAIN="novalon.cn"

mkdir -p "$SSL_DIR"
mkdir -p "$CERTBOT_DIR"

echo "🔒 开始配置SSL证书..."

if [ ! -f "$SSL_DIR/fullchain.pem" ] || [ ! -f "$SSL_DIR/privkey.pem" ]; then
    echo "📝 SSL证书不存在，需要手动配置Let's Encrypt证书"
    echo "📋 请按照以下步骤操作："
    echo "1. 在服务器上安装certbot:"
    echo "   sudo apt-get update"
    echo "   sudo apt-get install certbot"
    echo ""
    echo "2. 获取SSL证书:"
    echo "   sudo certbot certonly --webroot -w $CERTBOT_DIR -d $DOMAIN -d www.$DOMAIN"
    echo ""
    echo "3. 复制证书文件到SSL目录:"
    echo "   sudo cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $SSL_DIR/"
    echo "   sudo cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $SSL_DIR/"
    echo ""
    echo "4. 设置证书文件权限:"
    echo "   sudo chmod 644 $SSL_DIR/fullchain.pem"
    echo "   sudo chmod 600 $SSL_DIR/privkey.pem"
    echo ""
    echo "5. 配置自动续期:"
    echo "   添加cron任务: 0 0,12 * * * certbot renew --quiet"
else
    echo "✅ SSL证书已存在"
    echo "📋 证书信息:"
    ls -lh "$SSL_DIR"
fi

echo "🎉 SSL证书配置完成！"