Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-04-19 13:32:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates to CF cert issue (#2780)

Browse source
This commit is contained in:
somebodywashere 2025-03-17 11:12:52 +03:00 committed by GitHub
parent 7ae855e7c9
commit e3120c4028
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 40 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
x-ui.sh
View file

@ -1127,7 +1127,7 @@ ssl_cert_issue() {
# issue the certificate # issue the certificate
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
LOGE "Issuing certificate failed, please check logs." LOGE "Issuing certificate failed, please check logs."
rm -rf ~/.acme.sh/${domain} rm -rf ~/.acme.sh/${domain}
@ -1208,13 +1208,6 @@ ssl_cert_issue_CF() {
fi fi
CF_Domain="" CF_Domain=""
certPath="/root/cert-CF"
if [ ! -d "$certPath" ]; then
mkdir -p $certPath
else
rm -rf $certPath
mkdir -p $certPath
fi
LOGD "Please set a domain name:" LOGD "Please set a domain name:"
read -p "Input your domain here: " CF_Domain read -p "Input your domain here: " CF_Domain
@ -1242,7 +1235,7 @@ ssl_cert_issue_CF() {
export CF_Email="${CF_AccountEmail}" export CF_Email="${CF_AccountEmail}"
# Issue the certificate using Cloudflare DNS # Issue the certificate using Cloudflare DNS
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log --force
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
LOGE "Certificate issuance failed, script exiting..." LOGE "Certificate issuance failed, script exiting..."
exit 1 exit 1
@ -1250,17 +1243,45 @@ ssl_cert_issue_CF() {
LOGI "Certificate issued successfully, Installing..." LOGI "Certificate issued successfully, Installing..."
fi fi
# Install the certificate # Install the certificate
mkdir -p ${certPath}/${CF_Domain} certPath="/root/cert/${CF_Domain}"
if [ -d "$certPath" ]; then
rm -rf ${certPath}
fi
mkdir -p ${certPath}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
LOGE "Failed to create directory: ${certPath}/${CF_Domain}" LOGE "Failed to create directory: ${certPath}"
exit 1 exit 1
fi fi
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ reloadCmd="x-ui restart"
--fullchain-file ${certPath}/${CF_Domain}/fullchain.pem \
--key-file ${certPath}/${CF_Domain}/privkey.pem
LOGI "Default --reloadcmd for ACME is: ${yellow}x-ui restart"
LOGI "This command will run on every certificate issue and renew."
read -p "Would you like to modify --reloadcmd for ACME? (y/n): " setReloadcmd
if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
echo -e "\n${green}\t1.${plain} Preset: x-ui restart ; systemctl reload nginx"
echo -e "${green}\t2.${plain} Input your own command"
echo -e "${green}\t0.${plain} Keep default reloadcmd"
read -p "Choose an option: " choice
case "$choice" in
1)
LOGI "Reloadcmd is: x-ui restart ; systemctl reload nginx"
reloadCmd="x-ui restart ; systemctl reload nginx"
;;
2)
read -p "Please enter your reloadcmd (example: x-ui restart ; systemctl reload nginx): " reloadCmd
LOGI "Your reloadcmd is: ${reloadCmd}"
;;
*)
LOGI "Keep default reloadcmd"
;;
esac
fi
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
--key-file ${certPath}/privkey.pem \
--fullchain-file ${certPath}/fullchain.pem --reloadcmd "${reloadCmd}"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
LOGE "Certificate installation failed, script exiting..." LOGE "Certificate installation failed, script exiting..."
exit 1 exit 1
@ -1275,15 +1296,15 @@ ssl_cert_issue_CF() {
exit 1 exit 1
else else
LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:" LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
ls -lah ${certPath}/${CF_Domain} ls -lah ${certPath}/*
chmod 755 ${certPath}/${CF_Domain} chmod 755 ${certPath}/*
fi fi
# Prompt user to set panel paths after successful certificate installation # Prompt user to set panel paths after successful certificate installation
read -p "Would you like to set this certificate for the panel? (y/n): " setPanel read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
local webCertFile="${certPath}/${CF_Domain}/fullchain.pem" local webCertFile="${certPath}/fullchain.pem"
local webKeyFile="${certPath}/${CF_Domain}/privkey.pem" local webKeyFile="${certPath}/privkey.pem"
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
/usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" /usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
@ -1585,7 +1606,6 @@ install_iplimit() {
# Launching fail2ban # Launching fail2ban
if ! systemctl is-active --quiet fail2ban; then if ! systemctl is-active --quiet fail2ban; then
systemctl start fail2ban systemctl start fail2ban
systemctl enable fail2ban
else else
systemctl restart fail2ban systemctl restart fail2ban
fi fi