kccsl/s-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add force option and some optimization (#505)

Browse Source 
Better Cloudflare certs
This commit is contained in:
Shellgate
2025-05-27 23:08:46 +03:30
committed by Alireza Ahmadi
parent bac2580be7
commit a10950499b
2 changed files with 112 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
s-ui.sh
+110 -71
View File
@@ -691,78 +691,117 @@ ssl_cert_issue() {
ssl_cert_issue_CF() { ssl_cert_issue_CF() {
echo -E "" echo -E ""
LOGD "******Instructions for use******" LOGD "******Instructions for use******"
LOGI "This Acme script requires the following data:" echo "1) New certificate from Cloudflare"
LOGI "1.Cloudflare Registered e-mail" echo "2) Force renew existing Certificates"
LOGI "2.Cloudflare Global API Key" echo "3) Back to Menu"
LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare" read -p "Enter your choice [1-3]: " choice
LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
confirm "Confirmed?[y/n]" "y" certPath="/root/cert-CF"
if [ $? -eq 0 ]; then
# check for acme.sh first case $choice in
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then 1|2)
echo "acme.sh could not be found. we will install it" force_flag=""
install_acme if [ "$choice" -eq 2 ]; then
if [ $? -ne 0 ]; then force_flag="--force"
LOGE "install acme failed, please check logs" echo "Forcing SSL certificate reissuance..."
exit 1 else
echo "Starting SSL certificate issuance..."
fi fi
fi
CF_Domain="" LOGD "******Instructions for use******"
CF_GlobalKey="" LOGI "This Acme script requires the following data:"
CF_AccountEmail="" LOGI "1.Cloudflare Registered e-mail"
certPath=/root/cert LOGI "2.Cloudflare Global API Key"
if [ ! -d "$certPath" ]; then LOGI "3.The domain name that has been resolved DNS to the current server by Cloudflare"
mkdir $certPath LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
else confirm "Confirmed?[y/n]" "y"
rm -rf $certPath if [ $? -eq 0 ]; then
mkdir $certPath if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
fi echo "acme.sh could not be found. Installing..."
LOGD "Please set a domain name:" install_acme
read -p "Input your domain here:" CF_Domain if [ $? -ne 0 ]; then
LOGD "Your domain name is set to:${CF_Domain}" LOGE "Install acme failed, please check logs"
LOGD "Please set the API key:" exit 1
read -p "Input your key here:" CF_GlobalKey fi
LOGD "Your API key is:${CF_GlobalKey}" fi
LOGD "Please set up registered email:"
read -p "Input your email here:" CF_AccountEmail CF_Domain=""
LOGD "Your registered email address is:${CF_AccountEmail}" if [ ! -d "$certPath" ]; then
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt mkdir -p $certPath
if [ $? -ne 0 ]; then else
LOGE "Default CA, Lets'Encrypt fail, script exiting..." rm -rf $certPath
exit 1 mkdir -p $certPath
fi fi
export CF_Key="${CF_GlobalKey}"
export CF_Email=${CF_AccountEmail} LOGD "Please set a domain name:"
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log read -p "Input your domain here: " CF_Domain
if [ $? -ne 0 ]; then LOGD "Your domain name is set to: ${CF_Domain}"
LOGE "Certificate issuance failed, script exiting..."
exit 1 CF_GlobalKey=""
else CF_AccountEmail=""
LOGI "Certificate issued Successfully, Installing..." LOGD "Please set the API key:"
fi read -p "Input your key here: " CF_GlobalKey
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \ LOGD "Your API key is: ${CF_GlobalKey}"
--cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
--fullchain-file /root/cert/fullchain.cer LOGD "Please set up registered email:"
if [ $? -ne 0 ]; then read -p "Input your email here: " CF_AccountEmail
LOGE "Certificate installation failed, script exiting..." LOGD "Your registered email address is: ${CF_AccountEmail}"
exit 1
else ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
LOGI "Certificate installed Successfully,Turning on automatic updates..." if [ $? -ne 0 ]; then
fi LOGE "Default CA, Let's Encrypt failed, script exiting..."
~/.acme.sh/acme.sh --upgrade --auto-upgrade exit 1
if [ $? -ne 0 ]; then fi
LOGE "Auto update setup Failed, script exiting..."
ls -lah cert export CF_Key="${CF_GlobalKey}"
chmod 755 $certPath export CF_Email="${CF_AccountEmail}"
exit 1
else ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} $force_flag --log
LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows" if [ $? -ne 0 ]; then
ls -lah cert LOGE "Certificate issuance failed, script exiting..."
chmod 755 $certPath exit 1
fi else
else LOGI "Certificate issued Successfully, Installing..."
show_menu fi
fi
mkdir -p ${certPath}/${CF_Domain}
if [ $? -ne 0 ]; then
LOGE "Failed to create directory: ${certPath}/${CF_Domain}"
exit 1
fi
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
--fullchain-file ${certPath}/${CF_Domain}/fullchain.pem \
--key-file ${certPath}/${CF_Domain}/privkey.pem
if [ $? -ne 0 ]; then
LOGE "Certificate installation failed, script exiting..."
exit 1
else
LOGI "Certificate installed Successfully, Turning on automatic updates..."
fi
~/.acme.sh/acme.sh --upgrade --auto-upgrade
if [ $? -ne 0 ]; then
LOGE "Auto update setup failed, script exiting..."
exit 1
else
LOGI "The certificate is installed and auto-renewal is turned on."
ls -lah ${certPath}/${CF_Domain}
chmod 755 ${certPath}/${CF_Domain}
fi
fi
show_menu
;;
3)
echo "Exiting..."
show_menu
;;
*)
echo "Invalid choice, please select again."
show_menu
;;
esac
} }
show_usage() { show_usage() {