Skip to content

Commit

Permalink
update - CF SSL Certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
@MHSanaei
MHSanaei committed Nov 14, 2024
1 parent 7ad4a3d commit 2982d80
Showing 1 changed file with 72 additions and 35 deletions.
107 changes: 72 additions & 35 deletions x-ui.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1116,76 +1116,113 @@ ssl_cert_issue() {
}

ssl_cert_issue_CF() {
echo -E ""
LOGD "******Instructions for use******"
LOGI "This Acme script requires the following data:"
LOGI "1.Cloudflare Registered e-mail"
LOGI "2.Cloudflare Global API Key"
LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare"
LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
confirm "Confirmed?[y/n]" "y"
local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
LOGI "****** Instructions for Use ******"
LOGI "Follow the steps below to complete the process:"
LOGI "1. Cloudflare Registered E-mail."
LOGI "2. Cloudflare Global API Key."
LOGI "3. The Domain Name."
LOGI "4. Once the certificate is issued, you will be prompted to set the certificate for the panel (optional)."
LOGI "5. The script also supports automatic renewal of the SSL certificate after installation."

confirm "Do you confirm the information and wish to proceed? [y/n]" "y"

if [ $? -eq 0 ]; then
# check for acme.sh first
# Check for acme.sh first
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
echo "acme.sh could not be found. we will install it"
echo "acme.sh could not be found. We will install it."
install_acme
if [ $? -ne 0 ]; then
LOGE "install acme failed, please check logs"
LOGE "Install acme failed, please check logs."
exit 1
fi
fi

CF_Domain=""
CF_GlobalKey=""
CF_AccountEmail=""
certPath=/root/cert
certPath="/root/cert-CF"
if [ ! -d "$certPath" ]; then
mkdir $certPath
mkdir -p $certPath
else
rm -rf $certPath
mkdir $certPath
mkdir -p $certPath
fi

LOGD "Please set a domain name:"
read -p "Input your domain here:" CF_Domain
LOGD "Your domain name is set to:${CF_Domain}"
read -p "Input your domain here: " CF_Domain
LOGD "Your domain name is set to: ${CF_Domain}"

# Set up Cloudflare API details
CF_GlobalKey=""
CF_AccountEmail=""
LOGD "Please set the API key:"
read -p "Input your key here:" CF_GlobalKey
LOGD "Your API key is:${CF_GlobalKey}"
read -p "Input your key here: " CF_GlobalKey
LOGD "Your API key is: ${CF_GlobalKey}"

LOGD "Please set up registered email:"
read -p "Input your email here:" CF_AccountEmail
LOGD "Your registered email address is:${CF_AccountEmail}"
read -p "Input your email here: " CF_AccountEmail
LOGD "Your registered email address is: ${CF_AccountEmail}"

# Set the default CA to Let's Encrypt
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if [ $? -ne 0 ]; then
LOGE "Default CA, Lets'Encrypt fail, script exiting..."
LOGE "Default CA, Let'sEncrypt fail, script exiting..."
exit 1
fi

export CF_Key="${CF_GlobalKey}"
export CF_Email=${CF_AccountEmail}
export CF_Email="${CF_AccountEmail}"

# Issue the certificate using Cloudflare DNS
~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
if [ $? -ne 0 ]; then
LOGE "Certificate issuance failed, script exiting..."
exit 1
else
LOGI "Certificate issued Successfully, Installing..."
LOGI "Certificate issued successfully, Installing..."
fi
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \
--cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
--fullchain-file /root/cert/fullchain.cer

# Install the certificate
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
--cert-file ${certPath}/${CF_Domain}/fullchain.pem \
--key-file ${certPath}/${CF_Domain}/privkey.pem

if [ $? -ne 0 ]; then
LOGE "Certificate installation failed, script exiting..."
exit 1
else
LOGI "Certificate installed Successfully,Turning on automatic updates..."
LOGI "Certificate installed successfully, Turning on automatic updates..."
fi

# Enable auto-update
~/.acme.sh/acme.sh --upgrade --auto-upgrade
if [ $? -ne 0 ]; then
LOGE "Auto update setup Failed, script exiting..."
ls -lah cert
chmod 755 $certPath
LOGE "Auto update setup failed, script exiting..."
exit 1
else
LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows"
ls -lah cert
chmod 755 $certPath
LOGI "The certificate is installed and auto-renewal is turned on. Specific information is as follows:"
ls -lah ${certPath}/${CF_Domain}
chmod 755 ${certPath}/${CF_Domain}
fi

# Prompt user to set panel paths after successful certificate installation
read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
local webCertFile="${certPath}/${CF_Domain}/fullchain.pem"
local webKeyFile="${certPath}/${CF_Domain}/privkey.pem"

if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
/usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
LOGI "Panel paths set for domain: $CF_Domain"
LOGI " - Certificate File: $webCertFile"
LOGI " - Private Key File: $webKeyFile"
echo -e "${green}Access URL: https://${CF_Domain}:${existing_port}${existing_webBasePath}${plain}"
restart
else
LOGE "Error: Certificate or private key file not found for domain: $CF_Domain."
fi
else
LOGI "Skipping panel path setting."
fi
else
show_menu
Expand Down

0 comments on commit 2982d80

Please sign in to comment.