diff options
| author | mhsanaei <ho3ein.sanaei@gmail.com> | 2024-11-13 19:27:55 +0300 |
|---|---|---|
| committer | mhsanaei <ho3ein.sanaei@gmail.com> | 2024-11-14 11:30:24 +0300 |
| commit | 2982d809ab4f5301a27b811509e7fb92f427673f (patch) | |
| tree | 56bfcec15a09c9660cb07acba147b4a03222c76b /x-ui.sh | |
| parent | 7ad4a3dffc3905d61ccc9a3c0fef6eb196fe0625 (diff) | |
update - CF SSL Certificate
Diffstat (limited to 'x-ui.sh')
| -rw-r--r-- | x-ui.sh | 107 |
1 files changed, 72 insertions, 35 deletions
@@ -1116,76 +1116,113 @@ ssl_cert_issue() { } ssl_cert_issue_CF() { - echo -E "" - LOGD "******Instructions for use******" - LOGI "This Acme script requires the following data:" - LOGI "1.Cloudflare Registered e-mail" - LOGI "2.Cloudflare Global API Key" - LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare" - LOGI "4.The script applies for a certificate. The default installation path is /root/cert " - confirm "Confirmed?[y/n]" "y" + local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}') + local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}') + LOGI "****** Instructions for Use ******" + LOGI "Follow the steps below to complete the process:" + LOGI "1. Cloudflare Registered E-mail." + LOGI "2. Cloudflare Global API Key." + LOGI "3. The Domain Name." + LOGI "4. Once the certificate is issued, you will be prompted to set the certificate for the panel (optional)." + LOGI "5. The script also supports automatic renewal of the SSL certificate after installation." + + confirm "Do you confirm the information and wish to proceed? [y/n]" "y" + if [ $? -eq 0 ]; then - # check for acme.sh first + # Check for acme.sh first if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then - echo "acme.sh could not be found. we will install it" + echo "acme.sh could not be found. We will install it." install_acme if [ $? -ne 0 ]; then - LOGE "install acme failed, please check logs" + LOGE "Install acme failed, please check logs." exit 1 fi fi + CF_Domain="" - CF_GlobalKey="" - CF_AccountEmail="" - certPath=/root/cert + certPath="/root/cert-CF" if [ ! -d "$certPath" ]; then - mkdir $certPath + mkdir -p $certPath else rm -rf $certPath - mkdir $certPath + mkdir -p $certPath fi + LOGD "Please set a domain name:" - read -p "Input your domain here:" CF_Domain - LOGD "Your domain name is set to:${CF_Domain}" + read -p "Input your domain here: " CF_Domain + LOGD "Your domain name is set to: ${CF_Domain}" + + # Set up Cloudflare API details + CF_GlobalKey="" + CF_AccountEmail="" LOGD "Please set the API key:" - read -p "Input your key here:" CF_GlobalKey - LOGD "Your API key is:${CF_GlobalKey}" + read -p "Input your key here: " CF_GlobalKey + LOGD "Your API key is: ${CF_GlobalKey}" + LOGD "Please set up registered email:" - read -p "Input your email here:" CF_AccountEmail - LOGD "Your registered email address is:${CF_AccountEmail}" + read -p "Input your email here: " CF_AccountEmail + LOGD "Your registered email address is: ${CF_AccountEmail}" + + # Set the default CA to Let's Encrypt ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt if [ $? -ne 0 ]; then - LOGE "Default CA, Lets'Encrypt fail, script exiting..." + LOGE "Default CA, Let'sEncrypt fail, script exiting..." exit 1 fi + export CF_Key="${CF_GlobalKey}" - export CF_Email=${CF_AccountEmail} + export CF_Email="${CF_AccountEmail}" + + # Issue the certificate using Cloudflare DNS ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log if [ $? -ne 0 ]; then LOGE "Certificate issuance failed, script exiting..." exit 1 else - LOGI "Certificate issued Successfully, Installing..." + LOGI "Certificate issued successfully, Installing..." fi - ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \ - --cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \ - --fullchain-file /root/cert/fullchain.cer + + # Install the certificate + ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ + --cert-file ${certPath}/${CF_Domain}/fullchain.pem \ + --key-file ${certPath}/${CF_Domain}/privkey.pem + if [ $? -ne 0 ]; then LOGE "Certificate installation failed, script exiting..." exit 1 else - LOGI "Certificate installed Successfully,Turning on automatic updates..." + LOGI "Certificate installed successfully, Turning on automatic updates..." fi + + # Enable auto-update ~/.acme.sh/acme.sh --upgrade --auto-upgrade if [ $? -ne 0 ]; then - LOGE "Auto update setup Failed, script exiting..." - ls -lah cert - chmod 755 $certPath + LOGE "Auto update setup failed, script exiting..." exit 1 else - LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows" - ls -lah cert - chmod 755 $certPath + LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:" + ls -lah ${certPath}/${CF_Domain} + chmod 755 ${certPath}/${CF_Domain} + fi + + # Prompt user to set panel paths after successful certificate installation + read -p "Would you like to set this certificate for the panel? (y/n): " setPanel + if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then + local webCertFile="${certPath}/${CF_Domain}/fullchain.pem" + local webKeyFile="${certPath}/${CF_Domain}/privkey.pem" + + if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then + /usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" + LOGI "Panel paths set for domain: $CF_Domain" + LOGI " - Certificate File: $webCertFile" + LOGI " - Private Key File: $webKeyFile" + echo -e "${green}Access URL: https://${CF_Domain}:${existing_port}${existing_webBasePath}${plain}" + restart + else + LOGE "Error: Certificate or private key file not found for domain: $CF_Domain." + fi + else + LOGI "Skipping panel path setting." fi else show_menu |