|
@@ -1127,7 +1127,7 @@ ssl_cert_issue() {
|
|
|
|
|
|
# issue the certificate
|
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
|
|
- ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort}
|
|
|
+ ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
|
|
|
if [ $? -ne 0 ]; then
|
|
|
LOGE "Issuing certificate failed, please check logs."
|
|
|
rm -rf ~/.acme.sh/${domain}
|
|
@@ -1208,13 +1208,6 @@ ssl_cert_issue_CF() {
|
|
|
fi
|
|
|
|
|
|
CF_Domain=""
|
|
|
- certPath="/root/cert-CF"
|
|
|
- if [ ! -d "$certPath" ]; then
|
|
|
- mkdir -p $certPath
|
|
|
- else
|
|
|
- rm -rf $certPath
|
|
|
- mkdir -p $certPath
|
|
|
- fi
|
|
|
|
|
|
LOGD "Please set a domain name:"
|
|
|
read -p "Input your domain here: " CF_Domain
|
|
@@ -1242,7 +1235,7 @@ ssl_cert_issue_CF() {
|
|
|
export CF_Email="${CF_AccountEmail}"
|
|
|
|
|
|
# Issue the certificate using Cloudflare DNS
|
|
|
- ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
|
|
|
+ ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log --force
|
|
|
if [ $? -ne 0 ]; then
|
|
|
LOGE "Certificate issuance failed, script exiting..."
|
|
|
exit 1
|
|
@@ -1250,17 +1243,45 @@ ssl_cert_issue_CF() {
|
|
|
LOGI "Certificate issued successfully, Installing..."
|
|
|
fi
|
|
|
|
|
|
- # Install the certificate
|
|
|
- mkdir -p ${certPath}/${CF_Domain}
|
|
|
+ # Install the certificate
|
|
|
+ certPath="/root/cert/${CF_Domain}"
|
|
|
+ if [ -d "$certPath" ]; then
|
|
|
+ rm -rf ${certPath}
|
|
|
+ fi
|
|
|
+
|
|
|
+ mkdir -p ${certPath}
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- LOGE "Failed to create directory: ${certPath}/${CF_Domain}"
|
|
|
+ LOGE "Failed to create directory: ${certPath}"
|
|
|
exit 1
|
|
|
fi
|
|
|
|
|
|
+ reloadCmd="x-ui restart"
|
|
|
+
|
|
|
+ LOGI "Default --reloadcmd for ACME is: ${yellow}x-ui restart"
|
|
|
+ LOGI "This command will run on every certificate issue and renew."
|
|
|
+ read -p "Would you like to modify --reloadcmd for ACME? (y/n): " setReloadcmd
|
|
|
+ if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
|
|
|
+ echo -e "\n${green}\t1.${plain} Preset: x-ui restart ; systemctl reload nginx"
|
|
|
+ echo -e "${green}\t2.${plain} Input your own command"
|
|
|
+ echo -e "${green}\t0.${plain} Keep default reloadcmd"
|
|
|
+ read -p "Choose an option: " choice
|
|
|
+ case "$choice" in
|
|
|
+ 1)
|
|
|
+ LOGI "Reloadcmd is: x-ui restart ; systemctl reload nginx"
|
|
|
+ reloadCmd="x-ui restart ; systemctl reload nginx"
|
|
|
+ ;;
|
|
|
+ 2)
|
|
|
+ read -p "Please enter your reloadcmd (example: x-ui restart ; systemctl reload nginx): " reloadCmd
|
|
|
+ LOGI "Your reloadcmd is: ${reloadCmd}"
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ LOGI "Keep default reloadcmd"
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
+ fi
|
|
|
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
|
|
|
- --fullchain-file ${certPath}/${CF_Domain}/fullchain.pem \
|
|
|
- --key-file ${certPath}/${CF_Domain}/privkey.pem
|
|
|
-
|
|
|
+ --key-file ${certPath}/privkey.pem \
|
|
|
+ --fullchain-file ${certPath}/fullchain.pem --reloadcmd "${reloadCmd}"
|
|
|
if [ $? -ne 0 ]; then
|
|
|
LOGE "Certificate installation failed, script exiting..."
|
|
|
exit 1
|
|
@@ -1275,15 +1296,15 @@ ssl_cert_issue_CF() {
|
|
|
exit 1
|
|
|
else
|
|
|
LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
|
|
|
- ls -lah ${certPath}/${CF_Domain}
|
|
|
- chmod 755 ${certPath}/${CF_Domain}
|
|
|
+ ls -lah ${certPath}/*
|
|
|
+ chmod 755 ${certPath}/*
|
|
|
fi
|
|
|
|
|
|
# Prompt user to set panel paths after successful certificate installation
|
|
|
read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
|
|
|
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
|
|
|
- local webCertFile="${certPath}/${CF_Domain}/fullchain.pem"
|
|
|
- local webKeyFile="${certPath}/${CF_Domain}/privkey.pem"
|
|
|
+ local webCertFile="${certPath}/fullchain.pem"
|
|
|
+ local webKeyFile="${certPath}/privkey.pem"
|
|
|
|
|
|
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
|
|
/usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
|
|
@@ -1585,7 +1606,6 @@ install_iplimit() {
|
|
|
# Launching fail2ban
|
|
|
if ! systemctl is-active --quiet fail2ban; then
|
|
|
systemctl start fail2ban
|
|
|
- systemctl enable fail2ban
|
|
|
else
|
|
|
systemctl restart fail2ban
|
|
|
fi
|