#!/bin/bash

# Status check script for monitoring
set -e

DOMAIN="${DOMAIN:-dev.uggla.uamils.com}"
LOG_FILE="/var/log/certbot/status.log"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}

check_certificate_status() {
    local cert_path="/etc/letsencrypt/live/$DOMAIN/cert.pem"
    
    if [[ ! -f "$cert_path" ]]; then
        log "STATUS: No certificate found for $DOMAIN"
        return 1
    fi
    
    # Get certificate details
    local expiry_date=$(openssl x509 -in "$cert_path" -noout -enddate | cut -d= -f2)
    local expiry_epoch=$(date -d "$expiry_date" +%s)
    local current_epoch=$(date +%s)
    local days_until_expiry=$(( (expiry_epoch - current_epoch) / 86400 ))
    
    # Get certificate subject
    local subject=$(openssl x509 -in "$cert_path" -noout -subject | sed 's/subject=//')
    
    log "STATUS: Certificate for $DOMAIN"
    log "  Subject: $subject"
    log "  Expires: $expiry_date"
    log "  Days until expiry: $days_until_expiry"
    
    if [[ $days_until_expiry -le 10 ]]; then
        log "  WARNING: Certificate expires soon!"
    elif [[ $days_until_expiry -le 30 ]]; then
        log "  NOTICE: Certificate expires in less than 30 days"
    else
        log "  OK: Certificate is valid"
    fi
}

# Check certificate status
check_certificate_status