#!/bin/bash

echo "======================================"
echo "Let's Encrypt 证书批量申请脚本"
echo "======================================"

# 检查 certbot
if ! command -v certbot &> /dev/null; then
    echo "❌ certbot 未安装，请先安装"
    exit 1
fi

# 停止 nginx 释放 80 端口
echo "⏸️  临时停止 nginx..."
systemctl stop nginx

# 批量申请证书
echo "📝 开始申请证书..."
certbot certonly --standalone \
  -d music.liupeizhi.top \
  -d frps.liupeizhi.top \
  -d liupeizhi.top -d www.liupeizhi.top \
  -d rss.liupeizhi.top \
  -d blog.liupeizhi.top \
  -d webdav.liupeizhi.top \
  -d tag.liupeizhi.top \
  -d hot.liupeizhi.top

# 检查申请结果
if [ $? -eq 0 ]; then
    echo "✅ 证书申请成功！"
    
    # 重启 nginx
    echo "🔄 重启 nginx..."
    systemctl start nginx
    
    # 显示证书信息
    echo ""
    echo "📋 已申请的证书："
    certbot certificates
else
    echo "❌ 证书申请失败"
    echo "🔄 恢复 nginx 服务..."
    systemctl start nginx
    exit 1
fi

echo ""
echo "======================================"
echo "下一步："
echo "1. 更新 nginx 配置文件中的 ssl_certificate 路径"
echo "2. 测试配置：/usr/sbin/nginx -t"
echo "3. 重载 nginx: systemctl reload nginx"
echo "======================================"