#cloud-config
package_update: true
package_upgrade: true

packages:
  - certbot
  - python3-certbot-nginx
  - python3-certbot-apache

write_files:
  - path: /etc/letsencrypt/renewal-hooks/deploy/reload-services.sh
    content: |
      #!/bin/bash
      systemctl reload nginx 2>/dev/null || true
      systemctl reload apache2 2>/dev/null || true
    permissions: '0755'

runcmd:
  # Create SSL certificate (replace example.com with your domain)
  - certbot --nginx --non-interactive --agree-tos --email admin@example.com -d example.com
  # Setup automatic renewal
  - systemctl enable certbot.timer
  - systemctl start certbot.timer
  # Test renewal
  - certbot renew --dry-run