Added auto ssl installation

scripts/install-wordpress.sh

@@ -706,6 +706,146 @@ else
     # $SUDO_CMD $WP_EXECUTABLE option update home "https://$DOMAIN" "${WP_RUN_ARGS[@]}" || warning "Failed to update home option"
 fi
 
+# --- Let's Encrypt SSL Certificate Setup ---
+info "Setting up Let's Encrypt SSL certificate..."
+
+# First, validate that the domain is publicly accessible
+info "Validating domain accessibility for SSL certificate..."
+
+# Check if domain resolves to this server
+DOMAIN_VALIDATION_FAILED=false
+
+# Get server's public IP
+SERVER_IP=$(curl -s ifconfig.me 2>/dev/null || curl -s ipinfo.io/ip 2>/dev/null || curl -s icanhazip.com 2>/dev/null)
+if [[ -z "$SERVER_IP" ]]; then
+    warning "Could not determine server's public IP address."
+    DOMAIN_VALIDATION_FAILED=true
+else
+    info "Server public IP: $SERVER_IP"
+fi
+
+# Check if domain resolves
+if [[ "$DOMAIN_VALIDATION_FAILED" == "false" ]]; then
+    DOMAIN_IP=$(dig +short "$DOMAIN" 2>/dev/null | tail -n1)
+    if [[ -z "$DOMAIN_IP" ]]; then
+        warning "Domain '$DOMAIN' does not resolve to any IP address."
+        warning "Domain needs to be publicly accessible and point to this server for SSL to work."
+        DOMAIN_VALIDATION_FAILED=true
+    elif [[ "$DOMAIN_IP" != "$SERVER_IP" ]]; then
+        warning "Domain '$DOMAIN' resolves to $DOMAIN_IP, but server IP is $SERVER_IP."
+        warning "Domain must point to this server for Let's Encrypt validation to work."
+        DOMAIN_VALIDATION_FAILED=true
+    else
+        success "Domain validation passed: $DOMAIN resolves to $SERVER_IP"
+    fi
+fi
+
+# Check if domain is accessible via HTTP
+if [[ "$DOMAIN_VALIDATION_FAILED" == "false" ]]; then
+    info "Testing HTTP accessibility for domain validation..."
+    HTTP_TEST=$(curl -s -o /dev/null -w "%{http_code}" "http://$DOMAIN" --connect-timeout 10 --max-time 30 2>/dev/null)
+    if [[ "$HTTP_TEST" != "200" && "$HTTP_TEST" != "301" && "$HTTP_TEST" != "302" ]]; then
+        warning "Domain '$DOMAIN' is not accessible via HTTP (got status: ${HTTP_TEST:-'timeout/error'})."
+        warning "Let's Encrypt needs HTTP access for domain validation."
+        DOMAIN_VALIDATION_FAILED=true
+    else
+        success "Domain is accessible via HTTP (status: $HTTP_TEST)"
+    fi
+fi
+
+# Proceed with SSL only if domain validation passed
+if [[ "$DOMAIN_VALIDATION_FAILED" == "true" ]]; then
+    warning "Domain validation failed. Skipping SSL certificate generation."
+    info "To get SSL later:"
+    info "1. Ensure your domain '$DOMAIN' points to this server ($SERVER_IP)"
+    info "2. Make sure port 80 is open and accessible from the internet"
+    info "3. Run: sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN' --email '$WP_ADMIN_EMAIL' --agree-tos"
+    info "WordPress will work without SSL, but HTTPS is recommended for production sites."
+else
+    # Install certbot if not present
+    if ! command_exists certbot; then
+        info "Installing certbot for Let's Encrypt certificate management..."
+        if command_exists apt-get; then
+            # Debian/Ubuntu
+            sudo apt-get update -qq
+            sudo apt-get install -y certbot python3-certbot-apache || error_exit "Failed to install certbot via apt-get"
+        elif command_exists yum; then
+            # CentOS/RHEL 7
+            sudo yum install -y epel-release
+            sudo yum install -y certbot python3-certbot-apache || error_exit "Failed to install certbot via yum"
+        elif command_exists dnf; then
+            # CentOS/RHEL 8+/Fedora
+            sudo dnf install -y certbot python3-certbot-apache || error_exit "Failed to install certbot via dnf"
+        else
+            warning "Package manager not detected. Please install certbot manually."
+            info "You can install certbot using: wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto"
+        fi
+    else
+        success "Certbot is already installed."
+    fi
+
+    # Generate SSL certificate
+    if command_exists certbot; then
+        info "Generating Let's Encrypt SSL certificate for domain: $DOMAIN"
+        
+        # Create a simple verification file for webroot authentication
+        WEBROOT_PATH="$WP_ROOT"
+        ACME_CHALLENGE_DIR="$WEBROOT_PATH/.well-known/acme-challenge"
+        sudo mkdir -p "$ACME_CHALLENGE_DIR"
+        sudo chown -R "${WEB_USER}:${WEB_GROUP}" "$WEBROOT_PATH/.well-known"
+        sudo chmod -R 755 "$WEBROOT_PATH/.well-known"
+        
+        # Try webroot method first (non-interactive)
+        info "Attempting SSL certificate generation using webroot method..."
+        if sudo certbot certonly \
+            --webroot \
+            --webroot-path="$WEBROOT_PATH" \
+            --email="$WP_ADMIN_EMAIL" \
+            --agree-tos \
+            --non-interactive \
+            --domains="$DOMAIN" \
+            --expand; then
+            
+            success "SSL certificate generated successfully for $DOMAIN"
+            
+            # Set up automatic renewal
+            info "Setting up automatic SSL certificate renewal..."
+            
+            # Create renewal cron job if it doesn't exist
+            CRON_JOB="0 12 * * * /usr/bin/certbot renew --quiet --post-hook \"systemctl reload lshttpd || systemctl reload apache2 || systemctl reload nginx\""
+            if ! sudo crontab -l 2>/dev/null | grep -q "certbot renew"; then
+                (sudo crontab -l 2>/dev/null; echo "$CRON_JOB") | sudo crontab -
+                success "Automatic SSL renewal configured (daily check at 12:00 PM)"
+            else
+                info "SSL renewal cron job already exists."
+            fi
+            
+            # For LiteSpeed, we need to restart the service to pick up new certificates
+            info "Restarting LiteSpeed web server to apply SSL certificate..."
+            if sudo systemctl is-active lshttpd &>/dev/null; then
+                sudo systemctl restart lshttpd || warning "Failed to restart lshttpd service"
+                success "LiteSpeed restarted successfully"
+            elif sudo systemctl is-active litespeed &>/dev/null; then
+                sudo systemctl restart litespeed || warning "Failed to restart litespeed service"  
+                success "LiteSpeed restarted successfully"
+            else
+                warning "LiteSpeed service not detected or not running. You may need to manually configure SSL in LiteSpeed admin panel."
+                info "SSL certificate location: /etc/letsencrypt/live/$DOMAIN/"
+                info "Certificate file: /etc/letsencrypt/live/$DOMAIN/fullchain.pem"
+                info "Private key file: /etc/letsencrypt/live/$DOMAIN/privkey.pem"
+            fi
+            
+        else
+            warning "SSL certificate generation failed. You can manually run:"
+            warning "sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN' --email '$WP_ADMIN_EMAIL' --agree-tos"
+            info "Or configure SSL manually in your web server control panel."
+        fi
+    else
+        warning "Certbot not available. SSL certificate not generated."
+        info "Please install certbot manually and run: sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN'"
+    fi
+fi
+
 # --- Final Summary ---
 success "WordPress setup process completed!"
 printf "\n--- ${YELLOW}Installation Summary${NC} ---\n"