feat(Makefile, compose.yaml): enhance SSL certificate management for UnrealIRCd

Add steps to copy CA bundle and restart UnrealIRCd after SSL setup and
renewal to ensure new certificates are loaded. Introduce a delay to
allow certificate syncing. Update compose.yaml to include UnrealIRCd
TLS directory for certificate storage and automate copying of
certificates to this directory.

These changes improve the automation and reliability of SSL certificate
management for UnrealIRCd, ensuring that the server always uses the
latest certificates without manual intervention. This enhances security
and reduces downtime related to certificate updates.

Author: kzndotsh

Makefile

@@ -519,11 +519,22 @@ setup-ssl: ## Setup SSL certificates with Let's Encrypt (ONE-TIME MANUAL SETUP)
 	done
 	@echo -e "$(BLUE)[INFO]$(NC) Issuing certificates..."
 	$(DOCKER_COMPOSE) exec certbot /usr/local/bin/certbot-scripts/entrypoint.sh issue
+	@echo -e "$(BLUE)[INFO]$(NC) Waiting for certificates to be synced..."
+	@sleep 10
+	@echo -e "$(BLUE)[INFO]$(NC) Copying CA bundle for HTTPS client..."
+	@cp unrealircd/default/tls/curl-ca-bundle.crt unrealircd/conf/tls/ 2>/dev/null || true
+	@echo -e "$(BLUE)[INFO]$(NC) Restarting UnrealIRCd to load new certificates..."
+	@$(DOCKER_COMPOSE) restart unrealircd >/dev/null 2>&1 || true
 	@echo -e "$(GREEN)[SUCCESS]$(NC) SSL certificate setup completed!"
 
 ssl-renew: ## Renew SSL certificates
 	@echo -e "$(PURPLE)=== Renewing SSL Certificates ===$(NC)"
 	$(DOCKER_COMPOSE) exec certbot /usr/local/bin/certbot-scripts/entrypoint.sh renew
+	@echo -e "$(BLUE)[INFO]$(NC) Waiting for certificates to be synced..."
+	@sleep 10
+	@echo -e "$(BLUE)[INFO]$(NC) Restarting UnrealIRCd to load renewed certificates..."
+	@$(DOCKER_COMPOSE) restart unrealircd >/dev/null 2>&1 || true
+	@echo -e "$(GREEN)[SUCCESS]$(NC) SSL certificate renewal completed!"
 
 ssl-check: ## Check SSL certificate status
 	@echo -e "$(PURPLE)=== SSL Certificate Status ===$(NC)"
@@ -565,6 +576,11 @@ certbot-issue: ## Issue new certificates
 certbot-renew: ## Renew certificates
 	@echo -e "$(PURPLE)=== Renewing Certificates ===$(NC)"
 	$(DOCKER_COMPOSE) exec certbot /usr/local/bin/certbot-scripts/entrypoint.sh renew
+	@echo -e "$(BLUE)[INFO]$(NC) Waiting for certificates to be synced..."
+	@sleep 10
+	@echo -e "$(BLUE)[INFO]$(NC) Restarting UnrealIRCd to load renewed certificates..."
+	@$(DOCKER_COMPOSE) restart unrealircd >/dev/null 2>&1 || true
+	@echo -e "$(GREEN)[SUCCESS]$(NC) Certificate renewal completed!"
 
 certbot-status-check: ## Check certificate status
 	@echo -e "$(PURPLE)=== Certificate Status ===$(NC)"

compose.yaml

@@ -142,17 +142,27 @@ services:
     volumes:
       - certbot_conf:/etc/letsencrypt:ro
       - ./.runtime/certs:/app/certs
+      - ./unrealircd/conf/tls:/app/unrealircd-tls
 
     # Sync certificates
     command: >
       sh -c "
         apk add --no-cache inotify-tools &&
-        mkdir -p /app/certs &&
+        mkdir -p /app/certs /app/unrealircd-tls &&
         while true; do
-          # Copy latest certificates
+          # Copy latest certificates to runtime directory
           if [ -d /etc/letsencrypt/live ]; then
             cp -r /etc/letsencrypt/live/* /app/certs/ 2>/dev/null || true
           fi
+          # Copy certificates to UnrealIRCd TLS directory
+          if [ -d /etc/letsencrypt/live ]; then
+            for domain_dir in /etc/letsencrypt/live/*; do
+              if [ -d \"\$$domain_dir\" ]; then
+                cp \"\$$domain_dir/fullchain.pem\" /app/unrealircd-tls/server.cert.pem 2>/dev/null || true
+                cp \"\$$domain_dir/privkey.pem\" /app/unrealircd-tls/server.key.pem 2>/dev/null || true
+              fi
+            done
+          fi
           sleep 3600  # Check every hour
         done
       "