#!/bin/sh
# SSL Certificate Initialization Script
# This script obtains the initial SSL certificate using certbot

set -e

DOMAIN_NAME="${DOMAIN_NAME:-}"
SSL_EMAIL="${SSL_EMAIL:-}"
STAGING="${SSL_STAGING:-0}"

if [ -z "$DOMAIN_NAME" ]; then
    echo "ERROR: DOMAIN_NAME environment variable is required"
    echo "Usage: DOMAIN_NAME=yourdomain.com SSL_EMAIL=your@email.com docker-compose -f docker-compose.prod.yml run --rm certbot-init"
    exit 1
fi

if [ -z "$SSL_EMAIL" ]; then
    echo "ERROR: SSL_EMAIL environment variable is required"
    echo "Usage: DOMAIN_NAME=yourdomain.com SSL_EMAIL=your@email.com docker-compose -f docker-compose.prod.yml run --rm certbot-init"
    exit 1
fi

echo "Obtaining SSL certificate for domain: $DOMAIN_NAME"
echo "Email: $SSL_EMAIL"

# Use staging server if SSL_STAGING=1 (for testing)
STAGING_FLAG=""
if [ "$STAGING" = "1" ]; then
    echo "WARNING: Using Let's Encrypt staging server (for testing only)"
    STAGING_FLAG="--staging"
fi

# Obtain certificate using webroot method
certbot certonly \
    --webroot \
    --webroot-path=/var/www/certbot \
    --email "$SSL_EMAIL" \
    --agree-tos \
    --no-eff-email \
    --force-renewal \
    $STAGING_FLAG \
    -d "$DOMAIN_NAME"

echo "SSL certificate obtained successfully!"
echo "Certificate location: /etc/letsencrypt/live/$DOMAIN_NAME/"
echo ""
echo "Next steps:"
echo "1. Restart nginx container: docker-compose -f docker-compose.prod.yml restart nginx"
echo "2. Verify HTTPS is working: curl https://$DOMAIN_NAME/health"