一个Let's Encrypt SSL证书的一键脚本{扣自LNMP}
代码扣自 LNMP 和 vpser的 acme.sh
用法:以dnspod为示例
先把dnspod的token 设置环境变量
# export DP_Id="你的Token ID" && export DP_Key="你的Token Key"
随后执行脚本然后一路根据提示操作即可
# ./cert dp
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
# Check if user is root
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script!"
exit 1
fi
cert_path=$(pwd)
cert_path="$cert_path/ssl_cert"
echo "+-------------------------------------------+"
echo "| Let's Encrypt SSL Certificate issue |"
echo "| By:7xCode |"
echo "| https://www.7xcode.com |"
echo "+-------------------------------------------+"
arg1=$1
Color_Text()
{
echo -e " \e[0;$2m$1\e[0m"
}
Echo_Red()
{
echo $(Color_Text "$1" "31")
}
Echo_Green()
{
echo $(Color_Text "$1" "32")
}
Echo_Yellow()
{
echo -n $(Color_Text "$1" "33")
}
Echo_Blue()
{
echo $(Color_Text "$1" "34")
}
Sleep_Sec()
{
seconds=$1
while [ "${seconds}" -ge "0" ];do
echo -ne "\r \r"
echo -n ${seconds}
seconds=$(($seconds - 1))
sleep 1
done
echo -ne "\r"
}
Install_Check_Acme.sh()
{
if [ -s /usr/local/acme.sh/acme.sh ]; then
echo "/usr/local/acme.sh/acme.sh [found]"
else
cd /tmp
[[ -f latest.tar.gz ]] && rm -f latest.tar.gz
wget https://soft.vpser.net/lib/acme.sh/latest.tar.gz --prefer-family=IPv4 --no-check-certificate
tar zxf latest.tar.gz
cd acme.sh-*
./acme.sh --install --log --home /usr/local/acme.sh --certhome ${cert_path}
cd ..
rm -f latest.tar.gz
rm -rf acme.sh-*
sed -i 's/cat "\$CERT_PATH"$/#cat "\$CERT_PATH"/g' /usr/local/acme.sh/acme.sh
if command -v yum >/dev/null 2>&1; then
service crond restart
chkconfig crond on
elif command -v apt-get >/dev/null 2>&1; then
/etc/init.d/cron restart
update-rc.d cron defaults
fi
fi
. "/usr/local/acme.sh/acme.sh.env"
}
Add_SSL_Info_Menu()
{
domain=""
while :;do
Echo_Yellow "Please enter domain(example: 7xcode.com): "
read domain
if [ "${domain}" != "" ]; then
echo " Your domain: ${domain}"
break
else
Echo_Red "Domain name can't be empty!"
fi
done
Echo_Yellow "Enter more domain name(example: www.7xcode.com blog.7xcode.com *.7xcode.com): "
read moredomain
if [ "${moredomain}" != "" ]; then
echo " domain list: ${moredomain}"
fi
}
Add_Dns_SSL()
{
provider=$1
if [ "${provider}" != "" ]; then
dns_provider="dns_${provider}"
else
Echo_Red "The dns manual mode can not renew automatically, you must renew it manually."
fi
Install_Check_Acme.sh
if [[ ! -s /usr/local/acme.sh/dnsapi/dns_${provider}.sh && "${provider}" != "" ]]; then
echo "DNS Provider: ${provider} not found."
exit 1
fi
Add_SSL_Info_Menu
if [ ! -d "${cert_path}" ]; then
echo "Create a certificate store root directory"
mkdir -p "${cert_path}"
fi
letsdomain=""
if [ "${moredomain}" != "" ]; then
letsdomain="-d ${domain}"
for i in ${moredomain};do
letsdomain=${letsdomain}" -d ${i}"
done
else
letsdomain="-d ${domain}"
fi
if echo "${letsdomain}" | grep -q '\*\.' && echo "${letsdomain}" | grep -qi 'www\.'; then
Echo_Red "wildcard SSL certificate DO NOT allow add www. subdomain."
exit 1
fi
echo "Starting create SSL Certificate use Let's Encrypt..."
if [ "${provider}" != "" ]; then
/usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns ${dns_provider}
lets_status=$?
else
/usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
Echo_Yellow "Please add the above TXT record to the domain in 180 seconds!!!"
echo
Sleep_Sec 180
/usr/local/acme.sh/acme.sh --renew ${letsdomain} --yes-I-know-dns-manual-mode-enough-go-ahead-please
lets_status=$?
fi
if [ "${lets_status}" = 0 ] || [[ "${provider}" = "" && "${lets_status}" = 1 ]]; then
Echo_Green "Let's Encrypt SSL Certificate create successfully."
else
Echo_Red "Let's Encrypt SSL Certificate create failed!"
fi
}
if [ "${arg1}" != "" ]; then
Add_Dns_SSL ${arg1}
else
echo "Usage: cert {cx|ali|cf|dp|he|gd|aws}"
fi
exit