#!/bin/bash
# Let's Encrypt 证书自动续期脚本

echo "======================================"
echo "Let's Encrypt 证书续期检查"
echo "======================================"
echo "时间：$(date)"

# 临时停止 nginx 释放 80 端口
systemctl stop nginx

# 续期证书
certbot renew --quiet --deploy-hook "systemctl start nginx"

RESULT=$?

# 无论成功失败都启动 nginx
systemctl start nginx

# 记录日志
if [ $RESULT -eq 0 ]; then
    echo "✅ $(date) - 证书续期成功" >> /var/log/certbot_renew.log
else
    echo "❌ $(date) - 证书续期失败" >> /var/log/certbot_renew.log
fi

echo "详情查看：/var/log/letsencrypt/letsencrypt.log"