From d5ea8d0f3832512f8430e3c54056a7db36482e6a Mon Sep 17 00:00:00 2001 From: Sam Mosleh <41725025+sam-mosleh@users.noreply.github.com> Date: Fri, 30 Jan 2026 19:35:24 +0400 Subject: [PATCH] Fix default CA by enforcing it everywhere (#3719) --- install.sh | 4 ++-- update.sh | 6 +++--- x-ui.sh | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/install.sh b/install.sh index e01cff99..852e128a 100644 --- a/install.sh +++ b/install.sh @@ -272,7 +272,7 @@ setup_ip_certificate() { # Issue certificate with shortlived profile echo -e "${green}Issuing IP certificate for ${ipv4}...${plain}" - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1 + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force >/dev/null 2>&1 ~/.acme.sh/acme.sh --issue \ ${domain_args} \ @@ -414,7 +414,7 @@ ssl_cert_issue() { systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null # issue the certificate - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force if [ $? -ne 0 ]; then echo -e "${red}Issuing certificate failed, please check logs.${plain}" diff --git a/update.sh b/update.sh index 3781c365..0c4bb725 100755 --- a/update.sh +++ b/update.sh @@ -173,7 +173,7 @@ setup_ssl_certificate() { echo -e "${green}Issuing SSL certificate for ${domain}...${plain}" echo -e "${yellow}Note: Port 80 must be open and accessible from the internet${plain}" - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1 + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force >/dev/null 2>&1 ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80 --force if [ $? -ne 0 ]; then @@ -297,7 +297,7 @@ setup_ip_certificate() { # Issue certificate with shortlived profile echo -e "${green}Issuing IP certificate for ${ipv4}...${plain}" - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1 + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force >/dev/null 2>&1 ~/.acme.sh/acme.sh --issue \ ${domain_args} \ @@ -437,7 +437,7 @@ ssl_cert_issue() { systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null # issue the certificate - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force if [ $? -ne 0 ]; then echo -e "${red}Issuing certificate failed, please check logs.${plain}" diff --git a/x-ui.sh b/x-ui.sh index 42dbb601..22d02358 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -1226,7 +1226,7 @@ ssl_cert_issue_for_ip() { local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null" # issue the certificate for IP with shortlived profile - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --issue \ ${domain_args} \ --standalone \ @@ -1391,7 +1391,7 @@ ssl_cert_issue() { LOGI "Will use port: ${WebPort} to issue certificates. Please make sure this port is open." # issue the certificate - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force if [ $? -ne 0 ]; then LOGE "Issuing certificate failed, please check logs." @@ -1518,7 +1518,7 @@ ssl_cert_issue_CF() { LOGD "Your registered email address is: ${CF_AccountEmail}" # Set the default CA to Let's Encrypt - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force if [ $? -ne 0 ]; then LOGE "Default CA, Let'sEncrypt fail, script exiting..." exit 1