#!/usr/bin/bash

# Must run as root
if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit 1
fi

DOMAIN=$(hostname -f)

echo "Using domain: $DOMAIN"

# Install repos
dnf install -y epel-release
dnf config-manager --set-enabled crb 2>/dev/null || true

# Install packages
dnf install -y mod_ssl certbot python3-certbot-apache

# Start Apache
systemctl enable httpd
systemctl restart httpd

# Open firewall
if systemctl is-active --quiet firewalld; then
    firewall-cmd --permanent --add-service=http
    firewall-cmd --permanent --add-service=https
    firewall-cmd --reload
fi

# Get SSL (FULLY AUTOMATIC)
certbot --apache -d "$DOMAIN" \
--non-interactive \
--agree-tos \
--email admin@$DOMAIN \
--no-eff-email \
--redirect

# Enable auto renew
systemctl enable --now certbot-renew.timer

# Restart Apache
systemctl restart httpd

echo "SSL installed successfully!"
echo "https://$DOMAIN is now live"