|
|
@@ -864,8 +864,8 @@ ssl_cert_issue_main() {
|
|
|
local webKeyFile="/root/cert/${domain}/privkey.pem"
|
|
|
|
|
|
if [[ -f "${webCertFile}" && -f "${webKeyFile}" ]]; then
|
|
|
- /usr/local/x-ui/x-ui setting -webCert "$webCertFile"
|
|
|
- /usr/local/x-ui/x-ui setting -webCertKey "$webKeyFile"
|
|
|
+ /usr/local/x-ui/x-ui cert -webCert "$webCertFile"
|
|
|
+ /usr/local/x-ui/x-ui cert -webCertKey "$webKeyFile"
|
|
|
echo "Panel paths set for domain: $domain"
|
|
|
echo " - Certificate File: $webCertFile"
|
|
|
echo " - Private Key File: $webKeyFile"
|
|
|
@@ -893,6 +893,7 @@ ssl_cert_issue() {
|
|
|
exit 1
|
|
|
fi
|
|
|
fi
|
|
|
+
|
|
|
# install socat second
|
|
|
case "${release}" in
|
|
|
ubuntu | debian | armbian)
|
|
|
@@ -919,23 +920,23 @@ ssl_cert_issue() {
|
|
|
LOGI "install socat succeed..."
|
|
|
fi
|
|
|
|
|
|
- # get the domain here,and we need verify it
|
|
|
+ # get the domain here, and we need to verify it
|
|
|
local domain=""
|
|
|
- read -p "Please enter your domain name:" domain
|
|
|
- LOGD "your domain is:${domain},check it..."
|
|
|
- # here we need to judge whether there exists cert already
|
|
|
- local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
|
|
+ read -p "Please enter your domain name: " domain
|
|
|
+ LOGD "Your domain is: ${domain}, checking it..."
|
|
|
|
|
|
- if [ ${currentCert} == ${domain} ]; then
|
|
|
+ # check if there already exists a certificate
|
|
|
+ local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
|
|
+ if [ "${currentCert}" == "${domain}" ]; then
|
|
|
local certInfo=$(~/.acme.sh/acme.sh --list)
|
|
|
- LOGE "system already has certs here,can not issue again,current certs details:"
|
|
|
+ LOGE "System already has certificates for this domain. Cannot issue again. Current certificate details:"
|
|
|
LOGI "$certInfo"
|
|
|
exit 1
|
|
|
else
|
|
|
- LOGI "your domain is ready for issuing cert now..."
|
|
|
+ LOGI "Your domain is ready for issuing certificates now..."
|
|
|
fi
|
|
|
|
|
|
- # create a directory for install cert
|
|
|
+ # create a directory for the certificate
|
|
|
certPath="/root/cert/${domain}"
|
|
|
if [ ! -d "$certPath" ]; then
|
|
|
mkdir -p "$certPath"
|
|
|
@@ -944,48 +945,70 @@ ssl_cert_issue() {
|
|
|
mkdir -p "$certPath"
|
|
|
fi
|
|
|
|
|
|
- # get needed port here
|
|
|
+ # get the port number for the standalone server
|
|
|
local WebPort=80
|
|
|
- read -p "please choose which port do you use,default will be 80 port:" WebPort
|
|
|
+ read -p "Please choose which port to use (default is 80): " WebPort
|
|
|
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
|
|
|
- LOGE "your input ${WebPort} is invalid,will use default port"
|
|
|
+ LOGE "Your input ${WebPort} is invalid, will use default port 80."
|
|
|
+ WebPort=80
|
|
|
fi
|
|
|
- LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
|
|
|
- # NOTE:This should be handled by user
|
|
|
- # open the port and kill the occupied progress
|
|
|
+ LOGI "Will use port: ${WebPort} to issue certificates. Please make sure this port is open."
|
|
|
+
|
|
|
+ # issue the certificate
|
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
|
|
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort}
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- LOGE "issue certs failed,please check logs"
|
|
|
+ LOGE "Issuing certificate failed, please check logs."
|
|
|
rm -rf ~/.acme.sh/${domain}
|
|
|
exit 1
|
|
|
else
|
|
|
- LOGE "issue certs succeed,installing certs..."
|
|
|
+ LOGE "Issuing certificate succeeded, installing certificates..."
|
|
|
fi
|
|
|
- # install cert
|
|
|
+
|
|
|
+ # install the certificate
|
|
|
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
|
|
--key-file /root/cert/${domain}/privkey.pem \
|
|
|
--fullchain-file /root/cert/${domain}/fullchain.pem
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- LOGE "install certs failed,exit"
|
|
|
+ LOGE "Installing certificate failed, exiting."
|
|
|
rm -rf ~/.acme.sh/${domain}
|
|
|
exit 1
|
|
|
else
|
|
|
- LOGI "install certs succeed,enable auto renew..."
|
|
|
+ LOGI "Installing certificate succeeded, enabling auto renew..."
|
|
|
fi
|
|
|
|
|
|
+ # enable auto-renew
|
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- LOGE "auto renew failed, certs details:"
|
|
|
+ LOGE "Auto renew failed, certificate details:"
|
|
|
ls -lah cert/*
|
|
|
chmod 755 $certPath/*
|
|
|
exit 1
|
|
|
else
|
|
|
- LOGI "auto renew succeed, certs details:"
|
|
|
+ LOGI "Auto renew succeeded, certificate details:"
|
|
|
ls -lah cert/*
|
|
|
chmod 755 $certPath/*
|
|
|
fi
|
|
|
+
|
|
|
+ # Prompt user to set panel paths after successful certificate installation
|
|
|
+ read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
|
|
|
+ if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
|
|
|
+ local webCertFile="/root/cert/${domain}/fullchain.pem"
|
|
|
+ local webKeyFile="/root/cert/${domain}/privkey.pem"
|
|
|
+
|
|
|
+ if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
|
|
+ /usr/local/x-ui/x-ui cert -webCert "$webCertFile"
|
|
|
+ /usr/local/x-ui/x-ui cert -webCertKey "$webKeyFile"
|
|
|
+ LOGI "Panel paths set for domain: $domain"
|
|
|
+ LOGI " - Certificate File: $webCertFile"
|
|
|
+ LOGI " - Private Key File: $webKeyFile"
|
|
|
+ else
|
|
|
+ LOGE "Error: Certificate or private key file not found for domain: $domain."
|
|
|
+ fi
|
|
|
+ else
|
|
|
+ LOGI "Skipping panel path setting."
|
|
|
+ fi
|
|
|
}
|
|
|
|
|
|
ssl_cert_issue_CF() {
|
mhsanaei