first commit
This commit is contained in:
root
Executable
+61
@@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
|
||||
#############################################
|
||||
# SSL 证书自动续期脚本
|
||||
# 建议添加到 crontab: 0 0 * * * /path/to/auto-renew.sh
|
||||
#############################################
|
||||
|
||||
set -e
|
||||
|
||||
# 配置
|
||||
ACME_PATH="/root/.acme.sh"
|
||||
LOG_FILE="/var/log/ssl-manager/renew.log"
|
||||
NOTIFY_EMAIL="" # 可选:续期失败时发送邮件通知
|
||||
|
||||
# 创建日志目录
|
||||
mkdir -p $(dirname "$LOG_FILE")
|
||||
|
||||
log() {
|
||||
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
|
||||
}
|
||||
|
||||
log "========== 开始自动续期 =========="
|
||||
|
||||
# 检查 acme.sh 是否安装
|
||||
if [ ! -f "$ACME_PATH/acme.sh" ]; then
|
||||
log "错误:acme.sh 未安装,请先运行安装脚本"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 执行续期
|
||||
log "执行 acme.sh --renew-all"
|
||||
cd "$ACME_PATH"
|
||||
|
||||
if ./acme.sh --renew-all --cron --home "$ACME_PATH" >> "$LOG_FILE" 2>&1; then
|
||||
log "✓ 续期成功完成"
|
||||
|
||||
# 重载 Web 服务器(如果使用 nginx)
|
||||
if command -v nginx &> /dev/null; then
|
||||
log "重载 nginx 配置..."
|
||||
nginx -s reload 2>> "$LOG_FILE" || log "警告:nginx 重载失败"
|
||||
fi
|
||||
|
||||
# 重载 Apache(如果使用)
|
||||
if command -v apache2ctl &> /dev/null; then
|
||||
log "重载 Apache 配置..."
|
||||
apache2ctl graceful 2>> "$LOG_FILE" || log "警告:Apache 重载失败"
|
||||
fi
|
||||
|
||||
else
|
||||
log "✗ 续期失败,请检查日志"
|
||||
|
||||
# 发送通知邮件(如果配置了)
|
||||
if [ -n "$NOTIFY_EMAIL" ] && command -v mail &> /dev/null; then
|
||||
echo "SSL 证书续期失败,请检查日志:$LOG_FILE" | \
|
||||
mail -s "[警告] SSL 证书续期失败" "$NOTIFY_EMAIL"
|
||||
fi
|
||||
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "========== 自动续期完成 =========="
|
||||
Reference in New Issue
Block a user