feat(Makefile, compose.yaml): add ssl-fix-existing target and improve certificate handling

Add a new Makefile target `ssl-fix-existing` to facilitate the
fixing of existing SSL certificates by copying them from certbot
to UnrealIRCd. This addition provides a streamlined process for
maintaining SSL certificates without manual intervention.

Enhance the `compose.yaml` to set appropriate permissions and
ownership for the SSL certificate files. This ensures that the
certificates are secure and accessible only to the necessary
services, reducing the risk of unauthorized access.

These changes improve the maintainability and security of SSL
certificate management within the application.

Author: kzndotsh

Makefile

@@ -383,9 +383,11 @@ help-ssl:
 	@echo "  ssl-check            - Check status"
 	@echo "  ssl-monitor           - Start monitoring"
 	@echo "  ssl-issue             - Issue new SSL certificate"
+	@echo "  ssl-fix-existing      - Fix existing certificates"
 	@echo ""
 	@echo "Usage examples:"
 	@echo "  make setup-ssl       # Initial certificate setup"
+	@echo "  make ssl-fix-existing # Fix existing certificates"
 	@echo "  make ssl-check       # Check certificate status"
 	@echo "  make certbot-up      # Start certificate manager"
 	@echo "  make ssl-renew       # Renew certificates"
@@ -589,6 +591,26 @@ certbot-status-check: ## Check certificate status
 ssl-issue: ## Issue new SSL certificate (manual)
 	@echo -e "$(PURPLE)=== Issuing New SSL Certificate ===$(NC)"
 	$(DOCKER_COMPOSE) exec certbot /usr/local/bin/certbot-scripts/entrypoint.sh issue
+	@echo -e "$(BLUE)[INFO]$(NC) Waiting for certificates to be synced..."
+	@sleep 10
+	@echo -e "$(BLUE)[INFO]$(NC) Copying CA bundle for HTTPS client..."
+	@cp unrealircd/default/tls/curl-ca-bundle.crt unrealircd/conf/tls/ 2>/dev/null || true
+	@echo -e "$(BLUE)[INFO]$(NC) Restarting UnrealIRCd to load new certificates..."
+	@$(DOCKER_COMPOSE) restart unrealircd >/dev/null 2>&1 || true
+	@echo -e "$(GREEN)[SUCCESS]$(NC) SSL certificate issuance completed!"
+
+ssl-fix-existing: ## Fix existing certificates (copy from certbot to UnrealIRCd)
+	@echo -e "$(PURPLE)=== Fixing Existing SSL Certificates ===$(NC)"
+	@echo -e "$(BLUE)[INFO]$(NC) This will copy existing certificates from certbot to UnrealIRCd"
+	@echo -e "$(BLUE)[INFO]$(NC) Starting cert-sync container to copy certificates..."
+	@$(DOCKER_COMPOSE) up -d cert-sync
+	@echo -e "$(BLUE)[INFO]$(NC) Waiting for certificate sync..."
+	@sleep 15
+	@echo -e "$(BLUE)[INFO]$(NC) Copying CA bundle for HTTPS client..."
+	@cp unrealircd/default/tls/curl-ca-bundle.crt unrealircd/conf/tls/ 2>/dev/null || true
+	@echo -e "$(BLUE)[INFO]$(NC) Restarting UnrealIRCd to load certificates..."
+	@$(DOCKER_COMPOSE) restart unrealircd >/dev/null 2>&1 || true
+	@echo -e "$(GREEN)[SUCCESS]$(NC) Existing SSL certificates have been fixed!"
 
 # ============================================================================
 # ENVIRONMENT SETUP

compose.yaml

@@ -160,6 +160,10 @@ services:
               if [ -d \"\$$domain_dir\" ]; then
                 cp \"\$$domain_dir/fullchain.pem\" /app/unrealircd-tls/server.cert.pem 2>/dev/null || true
                 cp \"\$$domain_dir/privkey.pem\" /app/unrealircd-tls/server.key.pem 2>/dev/null || true
+                chmod 644 /app/unrealircd-tls/server.cert.pem 2>/dev/null || true
+                chmod 600 /app/unrealircd-tls/server.key.pem 2>/dev/null || true
+                chown 1001:1001 /app/unrealircd-tls/server.cert.pem 2>/dev/null || true
+                chown 1001:1001 /app/unrealircd-tls/server.key.pem 2>/dev/null || true
               fi
             done
           fi