一个Let's Encrypt SSL证书的一键脚本{扣自LNMP}

发布于 / 笔记,分享 / 0条评论 / Tags: SHELL,Let's Encrypt,SSL证书,bash / 18 次浏览

代码扣自 LNMP 和 vpser的 acme.sh


用法:以dnspod为示例

先把dnspod的token 设置环境变量

# export DP_Id="你的Token ID" && export DP_Key="你的Token Key"


随后执行脚本然后一路根据提示操作即可

# ./cert dp


#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

# Check if user is root
if [ $(id -u) != "0" ]; then
	echo "Error: You must be root to run this script!"
	exit 1
fi

cert_path=$(pwd)
cert_path="$cert_path/ssl_cert"

echo "+-------------------------------------------+"
echo "|    Let's Encrypt SSL Certificate issue    |"
echo "|           By:7xCode                       |"
echo "|               https://www.7xcode.com      |"
echo "+-------------------------------------------+"

arg1=$1

Color_Text()
{
  echo -e " \e[0;$2m$1\e[0m"
}

Echo_Red()
{
  echo $(Color_Text "$1" "31")
}

Echo_Green()
{
  echo $(Color_Text "$1" "32")
}

Echo_Yellow()
{
  echo -n $(Color_Text "$1" "33")
}

Echo_Blue()
{
  echo $(Color_Text "$1" "34")
}

Sleep_Sec()
{
	seconds=$1
	while [ "${seconds}" -ge "0" ];do
	  echo -ne "\r	 \r"
	  echo -n ${seconds}
	  seconds=$(($seconds - 1))
	  sleep 1
	done
	echo -ne "\r"
}

Install_Check_Acme.sh()
{
	if [ -s /usr/local/acme.sh/acme.sh ]; then
		echo "/usr/local/acme.sh/acme.sh [found]"
	else
		cd /tmp
		[[ -f latest.tar.gz ]] && rm -f latest.tar.gz
		wget https://soft.vpser.net/lib/acme.sh/latest.tar.gz --prefer-family=IPv4 --no-check-certificate
		tar zxf latest.tar.gz
		cd acme.sh-*
		./acme.sh --install --log --home /usr/local/acme.sh --certhome ${cert_path}
		cd ..
		rm -f latest.tar.gz
		rm -rf acme.sh-*
		sed -i 's/cat "\$CERT_PATH"$/#cat "\$CERT_PATH"/g' /usr/local/acme.sh/acme.sh
		if command -v yum >/dev/null 2>&1; then
			service crond restart
			chkconfig crond on
		elif command -v apt-get >/dev/null 2>&1; then
			/etc/init.d/cron restart
			update-rc.d cron defaults
		fi
	fi

	. "/usr/local/acme.sh/acme.sh.env"
}

Add_SSL_Info_Menu()
{
	domain=""
	while :;do
		Echo_Yellow "Please enter domain(example: 7xcode.com): "
		read domain
		if [ "${domain}" != "" ]; then
			echo " Your domain: ${domain}"
			break
		else
			Echo_Red "Domain name can't be empty!"
		fi
	done

	Echo_Yellow "Enter more domain name(example: www.7xcode.com blog.7xcode.com *.7xcode.com): "
	read moredomain
	if [ "${moredomain}" != "" ]; then
		echo " domain list: ${moredomain}"
	fi
}

Add_Dns_SSL()
{
	provider=$1
	if [ "${provider}" != "" ]; then
		dns_provider="dns_${provider}"
	else
		Echo_Red "The dns manual mode can not renew automatically, you must renew it manually."
	fi

	Install_Check_Acme.sh

	if [[ ! -s /usr/local/acme.sh/dnsapi/dns_${provider}.sh && "${provider}" != "" ]]; then
		echo "DNS Provider: ${provider} not found."
		exit 1
	fi
	Add_SSL_Info_Menu

	if [ ! -d "${cert_path}" ]; then
			echo "Create a certificate store root directory"
			mkdir -p "${cert_path}"
	fi

	letsdomain=""
	if [ "${moredomain}" != "" ]; then
		letsdomain="-d ${domain}"
		for i in ${moredomain};do
			letsdomain=${letsdomain}" -d ${i}"
		done
	else
		letsdomain="-d ${domain}"
	fi

	if echo "${letsdomain}" | grep -q '\*\.' && echo "${letsdomain}" | grep -qi 'www\.'; then
		Echo_Red "wildcard SSL certificate DO NOT allow add www. subdomain."
		exit 1
	fi

	echo "Starting create SSL Certificate use Let's Encrypt..."
	if [ "${provider}" != "" ]; then
		/usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns ${dns_provider}
		lets_status=$?
	else
		/usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
		Echo_Yellow "Please add the above TXT record to the domain in 180 seconds!!!"
		echo
		Sleep_Sec 180
		/usr/local/acme.sh/acme.sh --renew ${letsdomain} --yes-I-know-dns-manual-mode-enough-go-ahead-please
		lets_status=$?
	fi
	if [ "${lets_status}" = 0 ] || [[ "${provider}" = "" && "${lets_status}" = 1 ]]; then
		Echo_Green "Let's Encrypt SSL Certificate create successfully."
	else
		Echo_Red "Let's Encrypt SSL Certificate create failed!"
	fi
}


if [ "${arg1}" != "" ]; then
	Add_Dns_SSL ${arg1}
else
	echo "Usage: cert {cx|ali|cf|dp|he|gd|aws}"
fi

exit


    评论区(暂无评论)