diff --git a/install.sh b/install.sh
index e99d138..b240976 100644
--- a/install.sh
+++ b/install.sh
@@ -1285,17 +1285,25 @@ deploy_certbot() {
                         print_success "Certbot (snap版) 安装成功"
                     else
                         print_warning "snap安装失败，尝试apt安装..."
+                        # 修复urllib3依赖问题
+                        apt-get remove -y python3-urllib3 2>/dev/null || true
                         apt-get install -y certbot python3-certbot-nginx
                     fi
                 else
                     print_info "snap不可用，使用apt安装..."
+                    # 修复urllib3依赖问题
+                    apt-get remove -y python3-urllib3 2>/dev/null || true
                     apt-get install -y certbot python3-certbot-nginx
                 fi
                 ;;
             yum)
+                # 修复urllib3依赖问题
+                yum remove -y python3-urllib3 2>/dev/null || true
                 yum install -y certbot python3-certbot-nginx
                 ;;
             dnf)
+                # 修复urllib3依赖问题
+                dnf remove -y python3-urllib3 2>/dev/null || true
                 dnf install -y certbot python3-certbot-nginx
                 ;;
             zypper)
@@ -1312,6 +1320,28 @@ deploy_certbot() {
         print_success "Certbot 已安装: $(certbot --version 2>&1 | head -1)"
     fi
 
+    # 修复已安装certbot的urllib3依赖冲突
+    if ! certbot --version &> /dev/null; then
+        print_warning "检测到Certbot依赖问题，正在修复..."
+        case $PKG_MANAGER in
+            apt)
+                apt-get remove -y python3-urllib3 2>/dev/null || true
+                apt-get install --reinstall -y certbot python3-certbot-nginx
+                ;;
+            yum|dnf)
+                $PKG_MANAGER remove -y python3-urllib3 2>/dev/null || true
+                $PKG_MANAGER reinstall -y certbot python3-certbot-nginx
+                ;;
+        esac
+
+        # 再次验证
+        if ! certbot --version &> /dev/null; then
+            print_error "Certbot依赖修复失败，建议尝试其他SSL方案"
+            return 1
+        fi
+        print_success "Certbot依赖已修复"
+    fi
+
     # 申请证书（使用webroot模式，不自动修改Nginx配置）
     echo ""
     print_info "正在申请 Let's Encrypt 证书..."
@@ -1481,11 +1511,29 @@ deploy_acme_letsencrypt() {
     fi
 
     mkdir -p /etc/nginx/ssl
+
+    # 确保nginx服务已启动（证书安装时需要reload）
+    if ! systemctl is-active --quiet nginx 2>/dev/null && ! pgrep -x nginx > /dev/null 2>&1; then
+        print_warning "Nginx未运行，正在启动..."
+        systemctl start nginx 2>/dev/null || /www/server/nginx/sbin/nginx 2>/dev/null || true
+        sleep 2
+    fi
+
+    # 先不带reload命令安装证书（避免nginx未启动导致失败）
     if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
-        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"; then
-        print_success "证书安装成功"
+        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt; then
+        print_success "证书文件已安装到: /etc/nginx/ssl/"
+
+        # 手动reload nginx
+        if systemctl is-active --quiet nginx 2>/dev/null; then
+            systemctl reload nginx && print_success "Nginx配置已重载"
+        elif pgrep -x nginx > /dev/null; then
+            nginx -s reload && print_success "Nginx配置已重载"
+        else
+            print_warning "Nginx未运行，将在后续步骤启动"
+        fi
+
         return 0
     else
         print_error "证书安装失败"
@@ -1613,11 +1661,29 @@ deploy_acme_zerossl() {
     fi
 
     mkdir -p /etc/nginx/ssl
+
+    # 确保nginx服务已启动（证书安装时需要reload）
+    if ! systemctl is-active --quiet nginx 2>/dev/null && ! pgrep -x nginx > /dev/null 2>&1; then
+        print_warning "Nginx未运行，正在启动..."
+        systemctl start nginx 2>/dev/null || /www/server/nginx/sbin/nginx 2>/dev/null || true
+        sleep 2
+    fi
+
+    # 先不带reload命令安装证书（避免nginx未启动导致失败）
     if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
-        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"; then
-        print_success "证书安装成功"
+        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt; then
+        print_success "证书文件已安装到: /etc/nginx/ssl/"
+
+        # 手动reload nginx
+        if systemctl is-active --quiet nginx 2>/dev/null; then
+            systemctl reload nginx && print_success "Nginx配置已重载"
+        elif pgrep -x nginx > /dev/null; then
+            nginx -s reload && print_success "Nginx配置已重载"
+        else
+            print_warning "Nginx未运行，将在后续步骤启动"
+        fi
+
         return 0
     else
         print_error "证书安装失败"
@@ -1745,11 +1811,29 @@ deploy_acme_buypass() {
     fi
 
     mkdir -p /etc/nginx/ssl
+
+    # 确保nginx服务已启动（证书安装时需要reload）
+    if ! systemctl is-active --quiet nginx 2>/dev/null && ! pgrep -x nginx > /dev/null 2>&1; then
+        print_warning "Nginx未运行，正在启动..."
+        systemctl start nginx 2>/dev/null || /www/server/nginx/sbin/nginx 2>/dev/null || true
+        sleep 2
+    fi
+
+    # 先不带reload命令安装证书（避免nginx未启动导致失败）
     if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
-        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"; then
-        print_success "证书安装成功"
+        --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt; then
+        print_success "证书文件已安装到: /etc/nginx/ssl/"
+
+        # 手动reload nginx
+        if systemctl is-active --quiet nginx 2>/dev/null; then
+            systemctl reload nginx && print_success "Nginx配置已重载"
+        elif pgrep -x nginx > /dev/null; then
+            nginx -s reload && print_success "Nginx配置已重载"
+        else
+            print_warning "Nginx未运行，将在后续步骤启动"
+        fi
+
         return 0
     else
         print_error "证书安装失败"