Fix LE cert issue

scripts/install-wordpress.sh

@@ -771,6 +771,22 @@ fi
 # --- Let's Encrypt SSL Certificate Setup ---
 info "Setting up Let's Encrypt SSL certificate..."
 
+# Validate domain is properly set before proceeding
+if [[ -z "$DOMAIN" ]]; then
+    error_exit "Domain variable is empty. Cannot proceed with SSL certificate generation."
+fi
+if [[ "$DOMAIN" == "localhost" || "$DOMAIN" == "localdomain" ]]; then
+    warning "Domain is '$DOMAIN' which is not suitable for SSL certificates. Skipping SSL setup."
+    info "You can manually configure SSL later or re-run with --domain=your-actual-domain.com"
+    # Skip SSL section entirely
+    SSL_SKIPPED=true
+else
+    info "Using domain for SSL certificate: $DOMAIN"
+    SSL_SKIPPED=false
+fi
+
+# Only proceed with SSL setup if domain is valid
+if [[ "$SSL_SKIPPED" != "true" ]]; then
     # Install certbot if not present
     if ! command_exists certbot; then
         info "Installing certbot for Let's Encrypt certificate management..."
@@ -806,16 +822,38 @@ if command_exists certbot; then
         
         # Try webroot method first (non-interactive)
         info "Attempting SSL certificate generation using webroot method..."
+        # Check if certificate already exists
+        if [[ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then
+            info "SSL certificate already exists for $DOMAIN. Checking if renewal is needed..."
+            if sudo certbot renew --cert-name="$DOMAIN" --dry-run 2>/dev/null; then
+                info "Existing SSL certificate is valid and not due for renewal."
+                SSL_SUCCESS=true
+            else
+                info "Existing certificate needs renewal. Attempting to renew..."
+                if sudo certbot renew --cert-name="$DOMAIN" --force-renewal 2>/dev/null; then
+                    SSL_SUCCESS=true
+                else
+                    warning "Failed to renew existing SSL certificate."
+                    SSL_SUCCESS=false
+                fi
+            fi
+        else
+            # Generate new certificate
             if sudo certbot certonly \
                 --webroot \
                 --webroot-path="$WEBROOT_PATH" \
                 --email="$WP_ADMIN_EMAIL" \
                 --agree-tos \
                 --non-interactive \
-        --domains="$DOMAIN" \
-        --expand; then
+                --domains="$DOMAIN"; then
+                SSL_SUCCESS=true
+            else
+                SSL_SUCCESS=false
+            fi
+        fi
         
-        success "SSL certificate generated successfully for $DOMAIN"
+        if [[ "$SSL_SUCCESS" == "true" ]]; then
+            success "SSL certificate is ready for $DOMAIN"
             
             # Set up automatic renewal
             info "Setting up automatic SSL certificate renewal..."
@@ -823,22 +861,38 @@ if command_exists certbot; then
             # Create renewal cron job if it doesn't exist
             CRON_JOB="0 12 * * * /usr/bin/certbot renew --quiet --post-hook \"systemctl reload lshttpd || systemctl reload apache2 || systemctl reload nginx\""
             if ! sudo crontab -l 2>/dev/null | grep -q "certbot renew"; then
-            (sudo crontab -l 2>/dev/null; echo "$CRON_JOB") | sudo crontab -
+                if (sudo crontab -l 2>/dev/null; echo "$CRON_JOB") | sudo crontab - 2>/dev/null; then
                     success "Automatic SSL renewal configured (daily check at 12:00 PM)"
+                else
+                    warning "Failed to configure automatic SSL renewal cron job"
+                fi
             else
                 info "SSL renewal cron job already exists."
             fi
             
             # For LiteSpeed, we need to restart the service to pick up new certificates
             info "Restarting LiteSpeed web server to apply SSL certificate..."
+            LITESPEED_RESTARTED=false
             if sudo systemctl is-active lshttpd &>/dev/null; then
-            sudo systemctl restart lshttpd || warning "Failed to restart lshttpd service"
-            success "LiteSpeed restarted successfully"
-        elif sudo systemctl is-active litespeed &>/dev/null; then
-            sudo systemctl restart litespeed || warning "Failed to restart litespeed service"  
-            success "LiteSpeed restarted successfully"
+                if sudo systemctl restart lshttpd 2>/dev/null; then
+                    success "LiteSpeed (lshttpd) restarted successfully"
+                    LITESPEED_RESTARTED=true
                 else
-            warning "LiteSpeed service not detected or not running. You may need to manually configure SSL in LiteSpeed admin panel."
+                    warning "Failed to restart lshttpd service"
+                fi
+            elif sudo systemctl is-active litespeed &>/dev/null; then
+                if sudo systemctl restart litespeed 2>/dev/null; then
+                    success "LiteSpeed (litespeed) restarted successfully"
+                    LITESPEED_RESTARTED=true
+                else
+                    warning "Failed to restart litespeed service"
+                fi
+            else
+                warning "LiteSpeed service not detected or not running."
+            fi
+            
+            if [[ "$LITESPEED_RESTARTED" != "true" ]]; then
+                warning "LiteSpeed service restart failed or not attempted. You may need to manually configure SSL in LiteSpeed admin panel."
                 info "SSL certificate location: /etc/letsencrypt/live/$DOMAIN/"
                 info "Certificate file: /etc/letsencrypt/live/$DOMAIN/fullchain.pem"
                 info "Private key file: /etc/letsencrypt/live/$DOMAIN/privkey.pem"
@@ -853,6 +907,9 @@ else
         warning "Certbot not available. SSL certificate not generated."
         info "Please install certbot manually and run: sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN'"
     fi
+else
+    info "SSL certificate setup skipped due to invalid domain."
+fi
 
 # --- Final Summary ---
 success "WordPress setup process completed!"