mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2025-04-19 21:42:24 +00:00
update - CF SSL Certificate
This commit is contained in:
mhsanaei
parent
7ad4a3dffc
commit
2982d809ab
1 changed files with 72 additions and 35 deletions
95
x-ui.sh
95
x-ui.sh
|
|
@ -1116,76 +1116,113 @@ ssl_cert_issue() {
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_cert_issue_CF() {
|
ssl_cert_issue_CF() {
|
||||||
echo -E ""
|
local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
|
||||||
LOGD "******Instructions for use******"
|
local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
|
||||||
LOGI "This Acme script requires the following data:"
|
LOGI "****** Instructions for Use ******"
|
||||||
LOGI "1.Cloudflare Registered e-mail"
|
LOGI "Follow the steps below to complete the process:"
|
||||||
LOGI "2.Cloudflare Global API Key"
|
LOGI "1. Cloudflare Registered E-mail."
|
||||||
LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare"
|
LOGI "2. Cloudflare Global API Key."
|
||||||
LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
|
LOGI "3. The Domain Name."
|
||||||
confirm "Confirmed?[y/n]" "y"
|
LOGI "4. Once the certificate is issued, you will be prompted to set the certificate for the panel (optional)."
|
||||||
|
LOGI "5. The script also supports automatic renewal of the SSL certificate after installation."
|
||||||
|
|
||||||
|
confirm "Do you confirm the information and wish to proceed? [y/n]" "y"
|
||||||
|
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
# check for acme.sh first
|
# Check for acme.sh first
|
||||||
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
||||||
echo "acme.sh could not be found. we will install it"
|
echo "acme.sh could not be found. We will install it."
|
||||||
install_acme
|
install_acme
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
LOGE "install acme failed, please check logs"
|
LOGE "Install acme failed, please check logs."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CF_Domain=""
|
CF_Domain=""
|
||||||
CF_GlobalKey=""
|
certPath="/root/cert-CF"
|
||||||
CF_AccountEmail=""
|
|
||||||
certPath=/root/cert
|
|
||||||
if [ ! -d "$certPath" ]; then
|
if [ ! -d "$certPath" ]; then
|
||||||
mkdir $certPath
|
mkdir -p $certPath
|
||||||
else
|
else
|
||||||
rm -rf $certPath
|
rm -rf $certPath
|
||||||
mkdir $certPath
|
mkdir -p $certPath
|
||||||
fi
|
fi
|
||||||
|
|
||||||
LOGD "Please set a domain name:"
|
LOGD "Please set a domain name:"
|
||||||
read -p "Input your domain here: " CF_Domain
|
read -p "Input your domain here: " CF_Domain
|
||||||
LOGD "Your domain name is set to: ${CF_Domain}"
|
LOGD "Your domain name is set to: ${CF_Domain}"
|
||||||
|
|
||||||
|
# Set up Cloudflare API details
|
||||||
|
CF_GlobalKey=""
|
||||||
|
CF_AccountEmail=""
|
||||||
LOGD "Please set the API key:"
|
LOGD "Please set the API key:"
|
||||||
read -p "Input your key here: " CF_GlobalKey
|
read -p "Input your key here: " CF_GlobalKey
|
||||||
LOGD "Your API key is: ${CF_GlobalKey}"
|
LOGD "Your API key is: ${CF_GlobalKey}"
|
||||||
|
|
||||||
LOGD "Please set up registered email:"
|
LOGD "Please set up registered email:"
|
||||||
read -p "Input your email here: " CF_AccountEmail
|
read -p "Input your email here: " CF_AccountEmail
|
||||||
LOGD "Your registered email address is: ${CF_AccountEmail}"
|
LOGD "Your registered email address is: ${CF_AccountEmail}"
|
||||||
|
|
||||||
|
# Set the default CA to Let's Encrypt
|
||||||
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
LOGE "Default CA, Lets'Encrypt fail, script exiting..."
|
LOGE "Default CA, Let'sEncrypt fail, script exiting..."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export CF_Key="${CF_GlobalKey}"
|
export CF_Key="${CF_GlobalKey}"
|
||||||
export CF_Email=${CF_AccountEmail}
|
export CF_Email="${CF_AccountEmail}"
|
||||||
|
|
||||||
|
# Issue the certificate using Cloudflare DNS
|
||||||
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
|
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
LOGE "Certificate issuance failed, script exiting..."
|
LOGE "Certificate issuance failed, script exiting..."
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
LOGI "Certificate issued Successfully, Installing..."
|
LOGI "Certificate issued successfully, Installing..."
|
||||||
fi
|
fi
|
||||||
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \
|
|
||||||
--cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
|
# Install the certificate
|
||||||
--fullchain-file /root/cert/fullchain.cer
|
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
|
||||||
|
--cert-file ${certPath}/${CF_Domain}/fullchain.pem \
|
||||||
|
--key-file ${certPath}/${CF_Domain}/privkey.pem
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
LOGE "Certificate installation failed, script exiting..."
|
LOGE "Certificate installation failed, script exiting..."
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
LOGI "Certificate installed Successfully,Turning on automatic updates..."
|
LOGI "Certificate installed successfully, Turning on automatic updates..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable auto-update
|
||||||
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
LOGE "Auto update setup Failed, script exiting..."
|
LOGE "Auto update setup failed, script exiting..."
|
||||||
ls -lah cert
|
|
||||||
chmod 755 $certPath
|
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows"
|
LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
|
||||||
ls -lah cert
|
ls -lah ${certPath}/${CF_Domain}
|
||||||
chmod 755 $certPath
|
chmod 755 ${certPath}/${CF_Domain}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Prompt user to set panel paths after successful certificate installation
|
||||||
|
read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
|
||||||
|
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
|
||||||
|
local webCertFile="${certPath}/${CF_Domain}/fullchain.pem"
|
||||||
|
local webKeyFile="${certPath}/${CF_Domain}/privkey.pem"
|
||||||
|
|
||||||
|
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
||||||
|
/usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
|
||||||
|
LOGI "Panel paths set for domain: $CF_Domain"
|
||||||
|
LOGI " - Certificate File: $webCertFile"
|
||||||
|
LOGI " - Private Key File: $webKeyFile"
|
||||||
|
echo -e "${green}Access URL: https://${CF_Domain}:${existing_port}${existing_webBasePath}${plain}"
|
||||||
|
restart
|
||||||
|
else
|
||||||
|
LOGE "Error: Certificate or private key file not found for domain: $CF_Domain."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LOGI "Skipping panel path setting."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
show_menu
|
show_menu
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue