一个Let's Encrypt SSL证书的一键脚本{扣自LNMP}
代码扣自 LNMP 和 vpser的 acme.sh
用法:以dnspod为示例
先把dnspod的token 设置环境变量
# export DP_Id="你的Token ID" && export DP_Key="你的Token Key"
随后执行脚本然后一路根据提示操作即可
# ./cert dp
#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH # Check if user is root if [ $(id -u) != "0" ]; then echo "Error: You must be root to run this script!" exit 1 fi cert_path=$(pwd) cert_path="$cert_path/ssl_cert" echo "+-------------------------------------------+" echo "| Let's Encrypt SSL Certificate issue |" echo "| By:7xCode |" echo "| https://www.7xcode.com |" echo "+-------------------------------------------+" arg1=$1 Color_Text() { echo -e " \e[0;$2m$1\e[0m" } Echo_Red() { echo $(Color_Text "$1" "31") } Echo_Green() { echo $(Color_Text "$1" "32") } Echo_Yellow() { echo -n $(Color_Text "$1" "33") } Echo_Blue() { echo $(Color_Text "$1" "34") } Sleep_Sec() { seconds=$1 while [ "${seconds}" -ge "0" ];do echo -ne "\r \r" echo -n ${seconds} seconds=$(($seconds - 1)) sleep 1 done echo -ne "\r" } Install_Check_Acme.sh() { if [ -s /usr/local/acme.sh/acme.sh ]; then echo "/usr/local/acme.sh/acme.sh [found]" else cd /tmp [[ -f latest.tar.gz ]] && rm -f latest.tar.gz wget https://soft.vpser.net/lib/acme.sh/latest.tar.gz --prefer-family=IPv4 --no-check-certificate tar zxf latest.tar.gz cd acme.sh-* ./acme.sh --install --log --home /usr/local/acme.sh --certhome ${cert_path} cd .. rm -f latest.tar.gz rm -rf acme.sh-* sed -i 's/cat "\$CERT_PATH"$/#cat "\$CERT_PATH"/g' /usr/local/acme.sh/acme.sh if command -v yum >/dev/null 2>&1; then service crond restart chkconfig crond on elif command -v apt-get >/dev/null 2>&1; then /etc/init.d/cron restart update-rc.d cron defaults fi fi . "/usr/local/acme.sh/acme.sh.env" } Add_SSL_Info_Menu() { domain="" while :;do Echo_Yellow "Please enter domain(example: 7xcode.com): " read domain if [ "${domain}" != "" ]; then echo " Your domain: ${domain}" break else Echo_Red "Domain name can't be empty!" fi done Echo_Yellow "Enter more domain name(example: www.7xcode.com blog.7xcode.com *.7xcode.com): " read moredomain if [ "${moredomain}" != "" ]; then echo " domain list: ${moredomain}" fi } Add_Dns_SSL() { provider=$1 if [ "${provider}" != "" ]; then dns_provider="dns_${provider}" else Echo_Red "The dns manual mode can not renew automatically, you must renew it manually." fi Install_Check_Acme.sh if [[ ! -s /usr/local/acme.sh/dnsapi/dns_${provider}.sh && "${provider}" != "" ]]; then echo "DNS Provider: ${provider} not found." exit 1 fi Add_SSL_Info_Menu if [ ! -d "${cert_path}" ]; then echo "Create a certificate store root directory" mkdir -p "${cert_path}" fi letsdomain="" if [ "${moredomain}" != "" ]; then letsdomain="-d ${domain}" for i in ${moredomain};do letsdomain=${letsdomain}" -d ${i}" done else letsdomain="-d ${domain}" fi if echo "${letsdomain}" | grep -q '\*\.' && echo "${letsdomain}" | grep -qi 'www\.'; then Echo_Red "wildcard SSL certificate DO NOT allow add www. subdomain." exit 1 fi echo "Starting create SSL Certificate use Let's Encrypt..." if [ "${provider}" != "" ]; then /usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns ${dns_provider} lets_status=$? else /usr/local/acme.sh/acme.sh --issue ${letsdomain} --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please Echo_Yellow "Please add the above TXT record to the domain in 180 seconds!!!" echo Sleep_Sec 180 /usr/local/acme.sh/acme.sh --renew ${letsdomain} --yes-I-know-dns-manual-mode-enough-go-ahead-please lets_status=$? fi if [ "${lets_status}" = 0 ] || [[ "${provider}" = "" && "${lets_status}" = 1 ]]; then Echo_Green "Let's Encrypt SSL Certificate create successfully." else Echo_Red "Let's Encrypt SSL Certificate create failed!" fi } if [ "${arg1}" != "" ]; then Add_Dns_SSL ${arg1} else echo "Usage: cert {cx|ali|cf|dp|he|gd|aws}" fi exit