#!/bin/bash
# Certbot renewal script for Forgejo SSL certificates
# Automatically created by Ansible

# Set up logging
LOG_FILE="/var/log/certbot-renewal.log"
echo "$(date): Starting certificate renewal" >> $LOG_FILE

# Stop Nginx to free up port 80
echo "$(date): Stopping Nginx" >> $LOG_FILE
systemctl stop nginx
if [ $? -ne 0 ]; then
  echo "$(date): Failed to stop Nginx" >> $LOG_FILE
  exit 1
fi

# Run Certbot renewal
echo "$(date): Running Certbot renewal" >> $LOG_FILE
docker run --rm -p 80:80 -p 443:443 \
  -v /etc/letsencrypt:/etc/letsencrypt \
  -v /var/lib/letsencrypt:/var/lib/letsencrypt \
  certbot/certbot renew --standalone --non-interactive

if [ $? -ne 0 ]; then
  echo "$(date): Certbot renewal failed" >> $LOG_FILE
  # Even if renewal fails, we should restart Nginx
fi

# Start Nginx again
echo "$(date): Starting Nginx" >> $LOG_FILE
systemctl start nginx
if [ $? -ne 0 ]; then
  echo "$(date): Failed to start Nginx" >> $LOG_FILE
  exit 1
fi

echo "$(date): Certificate renewal completed successfully" >> $LOG_FILE