|
@@ -1116,76 +1116,113 @@ ssl_cert_issue() {
|
|
}
|
|
}
|
|
|
|
|
|
ssl_cert_issue_CF() {
|
|
ssl_cert_issue_CF() {
|
|
- echo -E ""
|
|
|
|
- LOGD "******Instructions for use******"
|
|
|
|
- LOGI "This Acme script requires the following data:"
|
|
|
|
- LOGI "1.Cloudflare Registered e-mail"
|
|
|
|
- LOGI "2.Cloudflare Global API Key"
|
|
|
|
- LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare"
|
|
|
|
- LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
|
|
|
|
- confirm "Confirmed?[y/n]" "y"
|
|
|
|
|
|
+ local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
|
|
|
|
+ local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
|
|
|
|
+ LOGI "****** Instructions for Use ******"
|
|
|
|
+ LOGI "Follow the steps below to complete the process:"
|
|
|
|
+ LOGI "1. Cloudflare Registered E-mail."
|
|
|
|
+ LOGI "2. Cloudflare Global API Key."
|
|
|
|
+ LOGI "3. The Domain Name."
|
|
|
|
+ LOGI "4. Once the certificate is issued, you will be prompted to set the certificate for the panel (optional)."
|
|
|
|
+ LOGI "5. The script also supports automatic renewal of the SSL certificate after installation."
|
|
|
|
+
|
|
|
|
+ confirm "Do you confirm the information and wish to proceed? [y/n]" "y"
|
|
|
|
+
|
|
if [ $? -eq 0 ]; then
|
|
if [ $? -eq 0 ]; then
|
|
- # check for acme.sh first
|
|
|
|
|
|
+ # Check for acme.sh first
|
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
|
- echo "acme.sh could not be found. we will install it"
|
|
|
|
|
|
+ echo "acme.sh could not be found. We will install it."
|
|
install_acme
|
|
install_acme
|
|
if [ $? -ne 0 ]; then
|
|
if [ $? -ne 0 ]; then
|
|
- LOGE "install acme failed, please check logs"
|
|
|
|
|
|
+ LOGE "Install acme failed, please check logs."
|
|
exit 1
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
+
|
|
CF_Domain=""
|
|
CF_Domain=""
|
|
- CF_GlobalKey=""
|
|
|
|
- CF_AccountEmail=""
|
|
|
|
- certPath=/root/cert
|
|
|
|
|
|
+ certPath="/root/cert"
|
|
if [ ! -d "$certPath" ]; then
|
|
if [ ! -d "$certPath" ]; then
|
|
- mkdir $certPath
|
|
|
|
|
|
+ mkdir -p $certPath
|
|
else
|
|
else
|
|
rm -rf $certPath
|
|
rm -rf $certPath
|
|
- mkdir $certPath
|
|
|
|
|
|
+ mkdir -p $certPath
|
|
fi
|
|
fi
|
|
|
|
+
|
|
LOGD "Please set a domain name:"
|
|
LOGD "Please set a domain name:"
|
|
- read -p "Input your domain here:" CF_Domain
|
|
|
|
- LOGD "Your domain name is set to:${CF_Domain}"
|
|
|
|
|
|
+ read -p "Input your domain here: " CF_Domain
|
|
|
|
+ LOGD "Your domain name is set to: ${CF_Domain}"
|
|
|
|
+
|
|
|
|
+ # Set up Cloudflare API details
|
|
|
|
+ CF_GlobalKey=""
|
|
|
|
+ CF_AccountEmail=""
|
|
LOGD "Please set the API key:"
|
|
LOGD "Please set the API key:"
|
|
- read -p "Input your key here:" CF_GlobalKey
|
|
|
|
- LOGD "Your API key is:${CF_GlobalKey}"
|
|
|
|
|
|
+ read -p "Input your key here: " CF_GlobalKey
|
|
|
|
+ LOGD "Your API key is: ${CF_GlobalKey}"
|
|
|
|
+
|
|
LOGD "Please set up registered email:"
|
|
LOGD "Please set up registered email:"
|
|
- read -p "Input your email here:" CF_AccountEmail
|
|
|
|
- LOGD "Your registered email address is:${CF_AccountEmail}"
|
|
|
|
|
|
+ read -p "Input your email here: " CF_AccountEmail
|
|
|
|
+ LOGD "Your registered email address is: ${CF_AccountEmail}"
|
|
|
|
+
|
|
|
|
+ # Set the default CA to Let's Encrypt
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
|
if [ $? -ne 0 ]; then
|
|
if [ $? -ne 0 ]; then
|
|
- LOGE "Default CA, Lets'Encrypt fail, script exiting..."
|
|
|
|
|
|
+ LOGE "Default CA, Let'sEncrypt fail, script exiting..."
|
|
exit 1
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
+
|
|
export CF_Key="${CF_GlobalKey}"
|
|
export CF_Key="${CF_GlobalKey}"
|
|
- export CF_Email=${CF_AccountEmail}
|
|
|
|
|
|
+ export CF_Email="${CF_AccountEmail}"
|
|
|
|
+
|
|
|
|
+ # Issue the certificate using Cloudflare DNS
|
|
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
|
|
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
|
|
if [ $? -ne 0 ]; then
|
|
if [ $? -ne 0 ]; then
|
|
LOGE "Certificate issuance failed, script exiting..."
|
|
LOGE "Certificate issuance failed, script exiting..."
|
|
exit 1
|
|
exit 1
|
|
else
|
|
else
|
|
- LOGI "Certificate issued Successfully, Installing..."
|
|
|
|
|
|
+ LOGI "Certificate issued successfully, Installing..."
|
|
fi
|
|
fi
|
|
- ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \
|
|
|
|
- --cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
|
|
|
|
- --fullchain-file /root/cert/fullchain.cer
|
|
|
|
|
|
+
|
|
|
|
+ # Install the certificate
|
|
|
|
+ ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
|
|
|
|
+ --cert-file ${certPath}/${CF_Domain}/fullchain.pem \
|
|
|
|
+ --key-file ${certPath}/${CF_Domain}/privkey.pem
|
|
|
|
+
|
|
if [ $? -ne 0 ]; then
|
|
if [ $? -ne 0 ]; then
|
|
LOGE "Certificate installation failed, script exiting..."
|
|
LOGE "Certificate installation failed, script exiting..."
|
|
exit 1
|
|
exit 1
|
|
else
|
|
else
|
|
- LOGI "Certificate installed Successfully,Turning on automatic updates..."
|
|
|
|
|
|
+ LOGI "Certificate installed successfully, Turning on automatic updates..."
|
|
fi
|
|
fi
|
|
|
|
+
|
|
|
|
+ # Enable auto-update
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
|
if [ $? -ne 0 ]; then
|
|
if [ $? -ne 0 ]; then
|
|
- LOGE "Auto update setup Failed, script exiting..."
|
|
|
|
- ls -lah cert
|
|
|
|
- chmod 755 $certPath
|
|
|
|
|
|
+ LOGE "Auto update setup failed, script exiting..."
|
|
exit 1
|
|
exit 1
|
|
else
|
|
else
|
|
- LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows"
|
|
|
|
- ls -lah cert
|
|
|
|
- chmod 755 $certPath
|
|
|
|
|
|
+ LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
|
|
|
|
+ ls -lah ${certPath}/${CF_Domain}
|
|
|
|
+ chmod 755 ${certPath}/${CF_Domain}
|
|
|
|
+ fi
|
|
|
|
+
|
|
|
|
+ # Prompt user to set panel paths after successful certificate installation
|
|
|
|
+ read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
|
|
|
|
+ if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
|
|
|
|
+ local webCertFile="${certPath}/${CF_Domain}/fullchain.pem"
|
|
|
|
+ local webKeyFile="${certPath}/${CF_Domain}/privkey.pem"
|
|
|
|
+
|
|
|
|
+ if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
|
|
|
+ /usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
|
|
|
|
+ LOGI "Panel paths set for domain: $CF_Domain"
|
|
|
|
+ LOGI " - Certificate File: $webCertFile"
|
|
|
|
+ LOGI " - Private Key File: $webKeyFile"
|
|
|
|
+ echo -e "${green}Access URL: https://${CF_Domain}:${existing_port}${existing_webBasePath}${plain}"
|
|
|
|
+ restart
|
|
|
|
+ else
|
|
|
|
+ LOGE "Error: Certificate or private key file not found for domain: $CF_Domain."
|
|
|
|
+ fi
|
|
|
|
+ else
|
|
|
|
+ LOGI "Skipping panel path setting."
|
|
fi
|
|
fi
|
|
else
|
|
else
|
|
show_menu
|
|
show_menu
|