root
62 lines
1.6 KiB
Bash
Executable File
62 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#############################################
|
|
# SSL 证书自动续期脚本
|
|
# 建议添加到 crontab: 0 0 * * * /path/to/auto-renew.sh
|
|
#############################################
|
|
|
|
set -e
|
|
|
|
# 配置
|
|
ACME_PATH="/root/.acme.sh"
|
|
LOG_FILE="/var/log/ssl-manager/renew.log"
|
|
NOTIFY_EMAIL="" # 可选:续期失败时发送邮件通知
|
|
|
|
# 创建日志目录
|
|
mkdir -p $(dirname "$LOG_FILE")
|
|
|
|
log() {
|
|
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
|
|
}
|
|
|
|
log "========== 开始自动续期 =========="
|
|
|
|
# 检查 acme.sh 是否安装
|
|
if [ ! -f "$ACME_PATH/acme.sh" ]; then
|
|
log "错误:acme.sh 未安装,请先运行安装脚本"
|
|
exit 1
|
|
fi
|
|
|
|
# 执行续期
|
|
log "执行 acme.sh --renew-all"
|
|
cd "$ACME_PATH"
|
|
|
|
if ./acme.sh --renew-all --cron --home "$ACME_PATH" >> "$LOG_FILE" 2>&1; then
|
|
log "✓ 续期成功完成"
|
|
|
|
# 重载 Web 服务器(如果使用 nginx)
|
|
if command -v nginx &> /dev/null; then
|
|
log "重载 nginx 配置..."
|
|
nginx -s reload 2>> "$LOG_FILE" || log "警告:nginx 重载失败"
|
|
fi
|
|
|
|
# 重载 Apache(如果使用)
|
|
if command -v apache2ctl &> /dev/null; then
|
|
log "重载 Apache 配置..."
|
|
apache2ctl graceful 2>> "$LOG_FILE" || log "警告:Apache 重载失败"
|
|
fi
|
|
|
|
else
|
|
log "✗ 续期失败,请检查日志"
|
|
|
|
# 发送通知邮件(如果配置了)
|
|
if [ -n "$NOTIFY_EMAIL" ] && command -v mail &> /dev/null; then
|
|
echo "SSL 证书续期失败,请检查日志:$LOG_FILE" | \
|
|
mail -s "[警告] SSL 证书续期失败" "$NOTIFY_EMAIL"
|
|
fi
|
|
|
|
exit 1
|
|
fi
|
|
|
|
log "========== 自动续期完成 =========="
|