|
@@ -1435,7 +1435,7 @@ ssl_cert_issue_main() {
|
|
|
# renewed cert to these paths and reloads the panel. Without it acme.sh
|
|
# renewed cert to these paths and reloads the panel. Without it acme.sh
|
|
|
# renews but never updates /root/cert, silently serving a stale cert.
|
|
# renews but never updates /root/cert, silently serving a stale cert.
|
|
|
if command -v ~/.acme.sh/acme.sh &> /dev/null && ~/.acme.sh/acme.sh --list 2> /dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
|
|
if command -v ~/.acme.sh/acme.sh &> /dev/null && ~/.acme.sh/acme.sh --list 2> /dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
|
|
|
- ~/.acme.sh/acme.sh --installcert -d "${domain}" \
|
|
|
|
|
|
|
+ ~/.acme.sh/acme.sh --installcert --force -d "${domain}" \
|
|
|
--key-file "${webKeyFile}" \
|
|
--key-file "${webKeyFile}" \
|
|
|
--fullchain-file "${webCertFile}" \
|
|
--fullchain-file "${webCertFile}" \
|
|
|
--reloadcmd "x-ui restart" 2>&1 || true
|
|
--reloadcmd "x-ui restart" 2>&1 || true
|
|
@@ -1631,7 +1631,7 @@ ssl_cert_issue_for_ip() {
|
|
|
# Install the certificate
|
|
# Install the certificate
|
|
|
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
|
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
|
|
# but the cert files are still installed. We check for files instead of exit code.
|
|
# but the cert files are still installed. We check for files instead of exit code.
|
|
|
- ~/.acme.sh/acme.sh --installcert -d ${server_ip} \
|
|
|
|
|
|
|
+ ~/.acme.sh/acme.sh --installcert --force -d ${server_ip} \
|
|
|
--key-file "${certPath}/privkey.pem" \
|
|
--key-file "${certPath}/privkey.pem" \
|
|
|
--fullchain-file "${certPath}/fullchain.pem" \
|
|
--fullchain-file "${certPath}/fullchain.pem" \
|
|
|
--reloadcmd "${reloadCmd}" 2>&1 || true
|
|
--reloadcmd "${reloadCmd}" 2>&1 || true
|
|
@@ -1836,7 +1836,7 @@ ssl_cert_issue() {
|
|
|
|
|
|
|
|
# install the certificate
|
|
# install the certificate
|
|
|
local installOutput=""
|
|
local installOutput=""
|
|
|
- installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
|
|
|
|
|
|
|
+ installOutput=$(~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
|
|
--key-file /root/cert/${domain}/privkey.pem \
|
|
--key-file /root/cert/${domain}/privkey.pem \
|
|
|
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
|
|
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
|
|
|
local installRc=$?
|
|
local installRc=$?
|
|
@@ -1998,7 +1998,7 @@ ssl_cert_issue_CF() {
|
|
|
;;
|
|
;;
|
|
|
esac
|
|
esac
|
|
|
fi
|
|
fi
|
|
|
- ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
|
|
|
|
|
|
|
+ ~/.acme.sh/acme.sh --installcert --force -d ${CF_Domain} -d *.${CF_Domain} \
|
|
|
--key-file ${certPath}/privkey.pem \
|
|
--key-file ${certPath}/privkey.pem \
|
|
|
--fullchain-file ${certPath}/fullchain.pem --reloadcmd "${reloadCmd}"
|
|
--fullchain-file ${certPath}/fullchain.pem --reloadcmd "${reloadCmd}"
|
|
|
|
|
|