#!/bin/bash
# ── Let's Encrypt SSL Certificates — All Bdzoon Domains ──────────────

echo "Step 1: Install Certbot"
sudo apt-get update
sudo apt-get install -y certbot python3-certbot-nginx

echo ""
echo "Step 2: Get certificate for main domains (bdzoon.com + www + api)"
sudo certbot --nginx \
  -d bdzoon.com \
  -d www.bdzoon.com \
  -d api.bdzoon.com \
  --email info@bdzoon.com \
  --agree-tos \
  --no-eff-email \
  --redirect

echo ""
echo "Step 3: Get certificate for admin subdomain"
sudo certbot --nginx \
  -d admin.bdzoon.com \
  --email info@bdzoon.com \
  --agree-tos \
  --no-eff-email \
  --redirect

echo ""
echo "Step 4: Verify auto-renewal"
sudo certbot renew --dry-run
sudo systemctl status certbot.timer

echo ""
echo "Step 5: Deploy Nginx configs"
sudo cp bdzoon.com.conf       /etc/nginx/sites-available/bdzoon.com
sudo cp admin.bdzoon.com.conf /etc/nginx/sites-available/admin.bdzoon.com
sudo ln -sf /etc/nginx/sites-available/bdzoon.com       /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/admin.bdzoon.com /etc/nginx/sites-enabled/

echo ""
echo "Step 6: Test and reload Nginx"
sudo nginx -t && sudo systemctl reload nginx

echo ""
echo "✓ All SSL certificates configured!"
echo "  bdzoon.com     → https://bdzoon.com"
echo "  www.bdzoon.com → https://www.bdzoon.com"
echo "  api.bdzoon.com → https://api.bdzoon.com"
echo "  admin.bdzoon.com → https://admin.bdzoon.com"