From 03e7e4cd2073c981f6108f11221a68679e9e4ac8 Mon Sep 17 00:00:00 2001
From: Kookiejarz <mongohero@outlook.com>
Date: Tue, 7 Apr 2026 18:09:18 -0400
Subject: [PATCH] Reworked `--installcert` success criteria, cleanup behavior
 adjusted.

---
 install.sh | 19 ++++++++++++++-----
 update.sh  | 19 ++++++++++++++-----
 x-ui.sh    | 19 ++++++++++++++-----
 3 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/install.sh b/install.sh
index 4d74c77c..a4c71460 100644
--- a/install.sh
+++ b/install.sh
@@ -457,16 +457,25 @@ ssl_cert_issue() {
     fi
 
     # install the certificate
-    # acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
-    ~/.acme.sh/acme.sh --installcert -d ${domain} \
+    local installOutput=""
+    installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
         --key-file /root/cert/${domain}/privkey.pem \
-        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
+        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
+    local installRc=$?
+    echo "${installOutput}"
 
-    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
+    local installWroteFiles=0
+    if echo "${installOutput}" | grep -q "Installing key to:" && echo "${installOutput}" | grep -q "Installing full chain to:"; then
+        installWroteFiles=1
+    fi
+
+    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" && ( ${installRc} -eq 0 || ${installWroteFiles} -eq 1 ) ]]; then
         echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
     else
         echo -e "${red}Installing certificate failed, exiting.${plain}"
-        rm -rf ~/.acme.sh/${domain}
+        if [[ ${cert_exists} -eq 0 ]]; then
+            rm -rf ~/.acme.sh/${domain}
+        fi
         systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
         return 1
     fi
diff --git a/update.sh b/update.sh
index ec0c4c26..654b7748 100755
--- a/update.sh
+++ b/update.sh
@@ -480,16 +480,25 @@ ssl_cert_issue() {
     fi
 
     # install the certificate
-    # acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
-    ~/.acme.sh/acme.sh --installcert -d ${domain} \
+    local installOutput=""
+    installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
         --key-file /root/cert/${domain}/privkey.pem \
-        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
+        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
+    local installRc=$?
+    echo "${installOutput}"
 
-    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
+    local installWroteFiles=0
+    if echo "${installOutput}" | grep -q "Installing key to:" && echo "${installOutput}" | grep -q "Installing full chain to:"; then
+        installWroteFiles=1
+    fi
+
+    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" && ( ${installRc} -eq 0 || ${installWroteFiles} -eq 1 ) ]]; then
         echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
     else
         echo -e "${red}Installing certificate failed, exiting.${plain}"
-        rm -rf ~/.acme.sh/${domain}
+        if [[ ${cert_exists} -eq 0 ]]; then
+            rm -rf ~/.acme.sh/${domain}
+        fi
         systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
         return 1
     fi
diff --git a/x-ui.sh b/x-ui.sh
index 6d980838..9ce7a066 100644
--- a/x-ui.sh
+++ b/x-ui.sh
@@ -1444,16 +1444,25 @@ ssl_cert_issue() {
     fi
 
     # install the certificate
-    # acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
-    ~/.acme.sh/acme.sh --installcert -d ${domain} \
+    local installOutput=""
+    installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
         --key-file /root/cert/${domain}/privkey.pem \
-        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
+        --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
+    local installRc=$?
+    echo "${installOutput}"
 
-    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
+    local installWroteFiles=0
+    if echo "${installOutput}" | grep -q "Installing key to:" && echo "${installOutput}" | grep -q "Installing full chain to:"; then
+        installWroteFiles=1
+    fi
+
+    if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" && ( ${installRc} -eq 0 || ${installWroteFiles} -eq 1 ) ]]; then
         LOGI "Installing certificate succeeded, enabling auto renew..."
     else
         LOGE "Installing certificate failed, exiting."
-        rm -rf ~/.acme.sh/${domain}
+        if [[ ${cert_exists} -eq 0 ]]; then
+            rm -rf ~/.acme.sh/${domain}
+        fi
         exit 1
     fi