mirror of https://github.com/stilleshan/code.git
245 lines
9.1 KiB
Bash
Executable File
245 lines
9.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
|
|
export PATH
|
|
|
|
# fonts color
|
|
Green="\033[32m"
|
|
Red="\033[31m"
|
|
Yellow="\033[33m"
|
|
GreenBG="\033[42;37m"
|
|
RedBG="\033[41;37m"
|
|
Font="\033[0m"
|
|
# fonts color
|
|
|
|
|
|
# 交互式脚本请保持以下 DOMAIN= 为空不要修改.如无需交互式,固定申请单一证书,请参考文档自行修改以下变量.
|
|
DOMAIN=
|
|
DNSAPI='dns_cf'
|
|
API_ID='export CF_Token="xxxxxxxxxxxxx"'
|
|
API_KEY='export CF_Account_ID="xxxxxxxxxxxxx"'
|
|
# API_ZONE='export CF_Zone_ID="xxxxxxxxxxxxx"'
|
|
# 交互式脚本请保持以下 DOMAIN= 为空不要修改.如无需交互式,固定申请单一证书,请参考文档自行修改以上变量.
|
|
|
|
# 参考文档地址
|
|
# https://github.com/acmesh-official/acme.sh/wiki/dnsapi
|
|
# https://www.ioiox.com/archives/87.html
|
|
# 参考文档地址
|
|
|
|
|
|
# menu
|
|
menu(){
|
|
clear
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Green}欢迎使用快速申请 Let's Encrypt 泛域名证书一键脚本${Font} \n"
|
|
echo -e "1.本脚本需要服务器有 docker 环境 \n"
|
|
echo -e "2.本脚干净纯净,会自行清理临时文件,容器和镜像. \n"
|
|
echo -e "3.使用前请提前参考以下链接获取域名服务商的 API 信息以便使用."
|
|
echo -e "${Green} https://github.com/acmesh-official/acme.sh/wiki/dnsapi${Font}"
|
|
echo -e "${Green} https://www.ioiox.com/archives/87.html${Font} \n"
|
|
echo -e "4.本脚本默认为交互式脚本,直接运行根据提示输入相关 API 信息即可申请."
|
|
echo -e " 为方便国内用户单次申请证书使用,交互式脚本目前仅支持腾讯云,阿里云和 CloudFlare 三个平台."
|
|
echo -e " 后期视情况更新脚本支持更多主流服务商. \n"
|
|
echo -e "5.通过修改脚本中 16 - 20 行相关变量,可将本脚本作为指定域名和服务商证书申请的常驻脚本."
|
|
echo -e " 执行无任何交互.直接开始申请步骤.同时可用于官方支持的 100 多种服务商证书申请."
|
|
echo -e " 请参考以上官方文档仔细填写 API 相关信息."
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Green}请输入需要申请证书的根域名(例如:ioiox.com):${Font}"
|
|
read -p "请输入:" DOMAIN_INPUT
|
|
if [ ! -n "${DOMAIN_INPUT}" ]; then
|
|
echo -e "${Red}输入错误,请重新运行脚本.${Font}"
|
|
exit 0
|
|
fi
|
|
DOMAIN=$DOMAIN_INPUT
|
|
echo -e "${Green}请选择域名服务商:${Font}"
|
|
echo -e "1) 腾讯云 dnspod.cn"
|
|
echo -e "2) 阿里云 aliyun"
|
|
echo -e "3) Cloudflare"
|
|
read -p "请选择:" DNSAPI_INPUT
|
|
case "$DNSAPI_INPUT" in
|
|
1)
|
|
PLATFORM_NAME='dnspod.cn'
|
|
DNSAPI='dns_dp'
|
|
API_ID_HEADER='DP_Id'
|
|
API_KEY_HEADER='DP_Key'
|
|
;;
|
|
2)
|
|
PLATFORM_NAME='aliyun'
|
|
DNSAPI='dns_ali'
|
|
API_ID_HEADER='Ali_Key'
|
|
API_KEY_HEADER='Ali_Secret'
|
|
;;
|
|
3)
|
|
;;
|
|
*)
|
|
echo -e "${Red}输入错误,请重新运行脚本.${Font}"
|
|
exit 0
|
|
esac
|
|
|
|
if [ "$DNSAPI_INPUT" == "3" ]; then
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Red}注意: Cloudflare API 有三种:${Font}"
|
|
echo -e "${Red}请参考 https://github.com/acmesh-official/acme.sh/wiki/dnsapi#1-cloudflare-option 选择.${Font}"
|
|
echo "1) Using the global API key"
|
|
echo "2) Using the new cloudflare api token"
|
|
echo "3) Using the new cloudflare api token for Single Zone"
|
|
read -p "请选择:" CHOICE_CLOUDFLARE_INPUT
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
case "$CHOICE_CLOUDFLARE_INPUT" in
|
|
1)
|
|
PLATFORM_NAME='Cloudflare'
|
|
DNSAPI='dns_cf'
|
|
API_ID_HEADER='CF_Key'
|
|
API_KEY_HEADER='CF_Email'
|
|
;;
|
|
2)
|
|
PLATFORM_NAME='Cloudflare'
|
|
DNSAPI='dns_cf'
|
|
API_ID_HEADER='CF_Token'
|
|
API_KEY_HEADER='CF_Account_ID'
|
|
;;
|
|
3)
|
|
PLATFORM_NAME='Cloudflare'
|
|
DNSAPI='dns_cf'
|
|
API_ID_HEADER='CF_Token'
|
|
API_KEY_HEADER='CF_Account_ID'
|
|
API_ZONE_HEADER='CF_Zone_ID'
|
|
;;
|
|
*)
|
|
echo -e "${Red}输入错误,请重新运行脚本.${Font}"
|
|
exit 0
|
|
esac
|
|
fi
|
|
|
|
read -p "请输入 $API_ID_HEADER :" API_ID_INPUT
|
|
read -p "请输入 $API_KEY_HEADER :" API_KEY_INPUT
|
|
if [ "$CHOICE_CLOUDFLARE_INPUT" == "3" ]; then
|
|
read -p "请输入 $API_ZONE_HEADER :" API_ZONE_HEADER_INPUT
|
|
fi
|
|
|
|
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Red}请确认以下信息正确无误!${Font}"
|
|
echo -e "${Green}域名: ${Font}${Red}${DOMAIN}${Font}"
|
|
echo -e "${Green}域名服务商: ${Font}${Red}${PLATFORM_NAME}${Font}"
|
|
echo -e "${Green}${API_ID_HEADER}:${Font} ${Red}${API_ID_INPUT}${Font}"
|
|
echo -e "${Green}${API_KEY_HEADER}:${Font} ${Red}${API_KEY_INPUT}${Font}"
|
|
if [ "$CHOICE_CLOUDFLARE_INPUT" == "3" ]; then
|
|
echo -e "${Green}${API_ZONE_HEADER}:${Font} ${Red}${API_ZONE_HEADER_INPUT}${Font}"
|
|
fi
|
|
echo -e "${Red}请再次确认以上信息正确无误!${Font}"
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Green}本次将申请${Font} ${Red}*.${DOMAIN}${Font} ${Green}泛域名证书.${Font}"
|
|
echo -e "1) 开始申请证书"
|
|
echo -e "2) 退出脚本"
|
|
read -p "请输入:" START_INPUT
|
|
case "$START_INPUT" in
|
|
1)
|
|
echo -e "${Green}开始申请中......${Font}"
|
|
accout_conf $*
|
|
;;
|
|
2)
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo -e "${Red}输入有误,请重新运行脚本.${Font}"
|
|
exit 0
|
|
esac
|
|
}
|
|
|
|
|
|
# accout.conf
|
|
accout_conf (){
|
|
WORK_PATH=$(dirname $(readlink -f $0))
|
|
TEMP=${RANDOM}
|
|
mkdir -p ${WORK_PATH}/${TEMP}
|
|
cat >${WORK_PATH}/${TEMP}/account.conf<<EOF
|
|
export ${API_ID_HEADER}="${API_ID_INPUT}"
|
|
export ${API_KEY_HEADER}="${API_KEY_INPUT}"
|
|
EOF
|
|
if [ "$CHOICE_CLOUDFLARE_INPUT" == "3" ]; then
|
|
echo "export ${API_ZONE_HEADER}=\"${API_ZONE_HEADER_INPUT}\"" >> ${WORK_PATH}/${TEMP}/account.conf
|
|
fi
|
|
acme $*
|
|
}
|
|
|
|
|
|
noninteractive (){
|
|
WORK_PATH=$(dirname $(readlink -f $0))
|
|
TEMP=${RANDOM}
|
|
mkdir -p ${WORK_PATH}/${TEMP}
|
|
cat >${WORK_PATH}/${TEMP}/account.conf<<EOF
|
|
${API_ID}
|
|
${API_KEY}
|
|
${API_ZONE}
|
|
EOF
|
|
acme $*
|
|
}
|
|
|
|
|
|
acme (){
|
|
echo -e "${Green}准备 docker 部署${Font}"
|
|
docker run -itd \
|
|
--name=${TEMP} \
|
|
--restart=always \
|
|
--net=host \
|
|
-v ${WORK_PATH}/${TEMP}:/acme.sh \
|
|
neilpang/acme.sh \
|
|
daemon
|
|
|
|
echo -e "${Green}升级 acme.sh 程序${Font}"
|
|
docker exec ${TEMP} --upgrade
|
|
|
|
echo -e "${Green}开始申请证书${Font}"
|
|
docker exec ${TEMP} --register-account -m your@domain.com --server zerossl
|
|
docker exec ${TEMP} --issue $* --keylength 2048 --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
|
|
|
|
# docker exec ${TEMP} --issue --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
|
|
|
|
# deploy
|
|
if [ -f "${WORK_PATH}/${TEMP}/${DOMAIN}/fullchain.cer" ] ; then
|
|
if [ ! -d "${WORK_PATH}/${DOMAIN}" ]; then
|
|
mv ${WORK_PATH}/${TEMP}/${DOMAIN} ${WORK_PATH}/
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Green}证书申请成功,相关临时文件及容器镜像已清理完毕.${Font}"
|
|
echo -e "${Green}证书文件目录:${Font} ${Red}${WORK_PATH}/${DOMAIN}${Font}"
|
|
echo -e "${Green}全链证书文件:${Font} ${Red}fullchain.cer${Font}"
|
|
echo -e "${Green}证书密钥文件:${Font} ${Red}${DOMAIN}.key${Font}"
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
else
|
|
mv ${WORK_PATH}/${TEMP}/${DOMAIN} ${WORK_PATH}/${DOMAIN}-new-${TEMP}
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
echo -e "${Green}证书申请成功,相关临时文件及容器镜像已清理完毕.${Font}"
|
|
echo -e "${Red}检测到 ${WORK_PATH}/${DOMAIN} 目录已存在,已创建新的证书文件目录.${Font}"
|
|
echo -e "${Green}证书文件目录:${Font} ${Red}${WORK_PATH}/${DOMAIN}-new-${TEMP}${Font}${Font}"
|
|
echo -e "${Green}全链证书文件:${Font} ${Red}fullchain.cer${Font}"
|
|
echo -e "${Green}证书密钥文件:${Font} ${Red}${DOMAIN}.key${Font}"
|
|
echo -e "${Green}=========================================================================================${Font}"
|
|
fi
|
|
else
|
|
echo -e "${Red}证书申请失败,请检查日志,或修改参数重新尝试.${Font}"
|
|
fi
|
|
|
|
# clean
|
|
docker stop ${TEMP} >/dev/null 2>&1
|
|
docker rm ${TEMP} >/dev/null 2>&1
|
|
docker rmi neilpang/acme.sh >/dev/null 2>&1
|
|
rm -rf ${WORK_PATH}/${TEMP}
|
|
}
|
|
|
|
|
|
# start
|
|
if ! type docker >/dev/null 2>&1; then
|
|
echo -e "${Red}本机未安装 docker 已退出脚本.${Font}";
|
|
exit 0
|
|
fi
|
|
|
|
|
|
if [ ! -n "${DOMAIN}" ]; then
|
|
menu
|
|
else
|
|
noninteractive $*
|
|
fi
|
|
|
|
# curl -O https://raw.githubusercontent.com/stilleshan/code/main/shell/acme_docker.sh && chmod +x swap.sh && ./swap.sh
|
|
# curl -O https://github.ioiox.com/stilleshan/code/raw/branch/main/shell/acme_docker.sh && chmod +x swap.sh && ./swap.sh
|