#!/bin/bash

install_snapd(){
  echo "install snap..."
  yum install -y snapd
}

install_snapd_core(){
  if [ $(systemctl status snapd.service | grep -c '(running)') -lt 1 ];then
    systemctl restart snapd.service
  fi
  echo "install snap core..."
  snap install core && snap refresh core
}

install_certbot(){
  
 
echo "install certbot..."
  ln -s /var/lib/snapd/snap /snap
  snap install --classic certbot
  if [ $(whereis certbot | grep -c '/') -lt 1 ];then
    ln -s /var/lib/snapd/snap/bin/certbot /usr/bin/certbot
  fi
}

if [ $(yum list installed | grep -c "snapd.x86_64") -lt 1 ];then
  echo "正在安裝依賴包..."
  install_snapd
  
 
sleep 1
  install_snapd_core
  sleep 1
  install_certbot
fi

case $1 in
'list')
  certbot certificates
  ;;
'add')
  echo "請輸入網站根目錄："
  read webroot
  echo "請輸入網站對應的域名,多個域名用逗號隔開："
  read domain
  certbot certonly --webroot -w ${webroot} -d ${domain}
  ;;
'update')
  echo "正在更新所有已安裝證書..."
  certbot renew
  ;;
 
'cron')
  echo "安裝定時更新證書任務"
  user=`who am i | awk '{print $1}'`
  cron_path=/var/spool/cron/${user}
  if [ ! -f ${cron_path} ];then
    echo "${cron_path} 定時任務檔案不存在"
    exit 0
  fi
  if [ $(cat ${cron_path} | grep -c 'certbot renew') -lt 1 ];then
    command="certbot renew -q --deploy-hook '/usr/local/openresty/nginx/sbin/nginx -s reload'"
    echo "30 5 1 * * ${command}" >> ${cron_path}
  fi
  echo "安裝完成"
  ;;
*)
  echo "list    檢視所有已安裝的證書"
  echo "add     安裝證書"
  echo "update  更新所有已安裝且30天內到期的證書"
  echo "cron    安裝定時更新證書任務"
  echo "更多certbot命令請訪問：https://certbot.eff.org/docs/using.html#certbot-commands"
  ;;
esac

在certbot certonly --webroot時，如果發現 http://你的域名/.well-known/acme-challenge/HGr8U1IeTW4kY_Z6UIyaakzOkyQgPr_7ArlLgtZE8SX驗證失敗，需要在網站的配置檔案裡，設定.well-known資料夾下允許訪問。

#nginx

listen 80;
...

location ~ /.well-known {
    allow all;
}