Files
fq/acme_3.0.sh
2025-09-16 06:47:51 +00:00

157 lines
4.2 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
set -e
# 主菜单
while true; do
clear
echo "============== SSL证书管理菜单 =============="
echo "1)申请 SSL 证书"
echo "2)重置环境(清除申请记录并重新部署)"
echo "3)退出"
echo "============================================"
read -p "请输入选项(1-3): " MAIN_OPTION
case $MAIN_OPTION in
1)
break
;;
2)
echo "⚠️ 正在重置环境..."
rm -rf /tmp/acme
echo "✅ 已清空 /tmp/acme,准备重新部署。"
echo "📦 正在重新执行 acme.sh ..."
sleep 1
bash <(curl -fsSL https://raw.githubusercontent.com/slobys/SSL-Renewal/main/acme.sh)
exit 0
;;
3)
echo "👋 已退出。"
exit 0
;;
*)
echo "❌ 无效选项,请重新输入。"
sleep 1
continue
;;
esac
done
# 用户输入参数
read -p "请输入域名: " DOMAIN
read -p "请输入电子邮件地址: " EMAIL
echo "请选择证书颁发机构(CA):"
echo "1Let's Encrypt"
echo "2Buypass"
echo "3ZeroSSL"
read -p "输入选项(1-3): " CA_OPTION
case $CA_OPTION in
1) CA_SERVER="letsencrypt" ;;
2) CA_SERVER="buypass" ;;
3) CA_SERVER="zerossl" ;;
*) echo "❌ 无效选项"; exit 1 ;;
esac
echo "是否关闭防火墙?"
echo "1)是"
echo "2)否"
read -p "输入选项(1 或 2):" FIREWALL_OPTION
if [ "$FIREWALL_OPTION" -eq 2 ]; then
echo "是否放行特定端口?"
echo "1)是"
echo "2)否"
read -p "输入选项(1 或 2):" PORT_OPTION
if [ "$PORT_OPTION" -eq 1 ]; then
read -p "请输入要放行的端口号: " PORT
fi
else
PORT_OPTION=0
fi
# 检查系统类型
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
else
echo "❌ 无法识别操作系统,请手动安装依赖。"
exit 1
fi
# 安装依赖项,配置防火墙
case $OS in
ubuntu|debian)
sudo apt update -y
sudo apt upgrade -y
sudo apt install -y curl socat git cron
if [ "$FIREWALL_OPTION" -eq 1 ]; then
if command -v ufw >/dev/null 2>&1; then
sudo ufw disable
else
echo "⚠️ UFW 未安装,跳过关闭防火墙。"
fi
elif [ "$PORT_OPTION" -eq 1 ]; then
if command -v ufw >/dev/null 2>&1; then
sudo ufw allow $PORT
else
echo "⚠️ UFW 未安装,跳过端口放行。"
fi
fi
;;
centos)
sudo yum update -y
sudo yum install -y curl socat git cronie
sudo systemctl start crond
sudo systemctl enable crond
if [ "$FIREWALL_OPTION" -eq 1 ]; then
sudo systemctl stop firewalld
sudo systemctl disable firewalld
elif [ "$PORT_OPTION" -eq 1 ]; then
sudo firewall-cmd --permanent --add-port=${PORT}/tcp
sudo firewall-cmd --reload
fi
;;
*)
echo "❌ 不支持的操作系统:$OS"
exit 1
;;
esac
# 安装 acme.sh(如未装)
if ! command -v acme.sh >/dev/null 2>&1; then
curl https://get.acme.sh | sh
export PATH="$HOME/.acme.sh:$PATH"
~/.acme.sh/acme.sh --upgrade
fi
# 注册账户
~/.acme.sh/acme.sh --register-account -m $EMAIL --server $CA_SERVER
# 申请证书
if ! ~/.acme.sh/acme.sh --issue --standalone -d $DOMAIN --server $CA_SERVER; then
echo "❌ 证书申请失败,正在清理。"
rm -f /root/${DOMAIN}.key /root/${DOMAIN}.crt
~/.acme.sh/acme.sh --remove -d $DOMAIN
rm -rf ~/.acme.sh/${DOMAIN}
exit 1
fi
# 安装证书
~/.acme.sh/acme.sh --installcert -d $DOMAIN \
--key-file /root/${DOMAIN}.key \
--fullchain-file /root/${DOMAIN}.crt
# 自动续期脚本
cat << EOF > /root/renew_cert.sh
#!/bin/bash
export PATH="\$HOME/.acme.sh:\$PATH"
acme.sh --renew -d $DOMAIN --server $CA_SERVER
EOF
chmod +x /root/renew_cert.sh
(crontab -l 2>/dev/null; echo "0 0 * * * /root/renew_cert.sh > /dev/null 2>&1") | crontab -
# 完成提示
echo "✅ SSL证书申请完成!"
echo "📄 证书路径: /root/${DOMAIN}.crt"
echo "🔐 私钥路径: /root/${DOMAIN}.key"