docs(Makefile, README.md): clarify SSL command descriptions for better user understanding

kzndotsh · kzndotsh · commit 14ef9c8ca55a · 2025-09-09T16:02:35.000-04:00
Update the descriptions of SSL management commands in the Makefile
and README.md to specify that `ssl-setup` should be run only if no
certificates exist and `ssl-renew` should be used only if needed.
This provides clearer guidance to users on when to use these commands
and prevents unnecessary operations.

fix(scripts/ssl-manager.sh): add checks for existing certificates before issuing or renewing

Add checks in `issue_certificates` and `renew_certificates` functions
to determine if certificates already exist or are valid before
proceeding. This prevents redundant operations and guides users to
use the correct command based on the certificate status.
diff --git a/Makefile b/Makefile
@@ -369,14 +369,14 @@ help-ssl:
 	@echo "SSL/TLS Certificate Management Commands:"
 	@echo ""
 	@echo "Simplified SSL Management:"
-	@echo "  ssl-setup           - Setup certificates (one-time)"
-	@echo "  ssl-renew           - Renew certificates"
+	@echo "  ssl-setup           - Setup certificates (only if none exist)"
+	@echo "  ssl-renew           - Renew certificates (only if needed)"
 	@echo "  ssl-status          - Check certificate status"
 	@echo ""
 	@echo "Quick Start:"
 	@echo "  1. Copy cloudflare-credentials.ini.template to cloudflare-credentials.ini"
 	@echo "  2. Add your Cloudflare API token to cloudflare-credentials.ini"
-	@echo "  3. make ssl-setup   # Initial certificate setup"
+	@echo "  3. make ssl-setup   # Initial certificate setup (safe to run multiple times)"
 	@echo "  4. make ssl-status  # Check certificate status"
 
 # Docker operations
diff --git a/README.md b/README.md
@@ -215,9 +215,12 @@ make up
 # Check certificate status
 make ssl-status
 
-# Force renewal
+# Renew certificates (only if needed)
 make ssl-renew
 
+# Setup certificates (only if none exist)
+make ssl-setup
+
 # Direct script usage
 ./scripts/ssl-manager.sh status
 ./scripts/ssl-manager.sh renew
@@ -226,8 +229,8 @@ make ssl-renew
 ### 🔧 **Available Commands**
 
 ```bash
-make ssl-setup              # Setup certificates (one-time)
-make ssl-renew              # Renew certificates
+make ssl-setup              # Setup certificates (only if none exist)
+make ssl-renew              # Renew certificates (only if needed)
 make ssl-status             # Check certificate status
 ```
 
diff --git a/scripts/ssl-manager.sh b/scripts/ssl-manager.sh
@@ -59,6 +59,15 @@ check_prerequisites() {
 
 # Issue new certificates
 issue_certificates() {
+    log_info "Checking if certificates already exist..."
+    
+    # Check if certificates already exist and are valid
+    if check_status >/dev/null 2>&1; then
+        log_info "Valid certificates already exist for $DOMAIN"
+        log_info "Use 'make ssl-renew' if you need to renew them"
+        return 0
+    fi
+    
     log_info "Issuing SSL certificates for $DOMAIN..."
     
     # Run certbot container to issue certificates
@@ -82,6 +91,15 @@ issue_certificates() {
 
 # Renew existing certificates
 renew_certificates() {
+    log_info "Checking certificate status before renewal..."
+    
+    # Check if certificates exist
+    if ! check_status >/dev/null 2>&1; then
+        log_error "No valid certificates found to renew"
+        log_info "Use 'make ssl-setup' to issue new certificates first"
+        return 1
+    fi
+    
     log_info "Renewing SSL certificates..."
     
     # Run certbot container to renew certificates
