diff --git a/install.sh b/install.sh index 4cfeaf7..80c219d 100644 --- a/install.sh +++ b/install.sh @@ -1239,43 +1239,128 @@ deploy_acme_letsencrypt() { # 安装acme.sh if [[ ! -d ~/.acme.sh ]]; then - curl https://get.acme.sh | sh + echo "" + print_info "正在安装 acme.sh..." + + # 检测是否在中国大陆,使用镜像加速 + if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then + # 海外网络 + ACME_INSTALL_URL="https://get.acme.sh" + else + # 中国大陆,使用Gitee镜像 + print_info "检测到国内网络,使用Gitee镜像加速..." + ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh" + fi + + if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then + # 重新加载环境变量 + source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true + print_success "acme.sh 安装成功" + else + print_error "acme.sh 安装失败" + echo "" + print_warning "解决方案:" + echo " 1. 检查网络连接" + echo " 2. 尝试手动安装: curl https://get.acme.sh | sh" + echo " 3. 或访问: https://github.com/acmesh-official/acme.sh/wiki/Install-in-China" + echo "" + return 1 + fi + fi + + # 确认acme.sh可用 + if [[ ! -f ~/.acme.sh/acme.sh ]]; then + print_error "acme.sh 未正确安装" + return 1 fi # 申请证书 - ~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx + echo "" + print_info "正在申请 Let's Encrypt 证书..." + if ~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx; then + print_success "证书申请成功" + else + print_error "证书申请失败" + echo "" + print_warning "常见失败原因:" + echo " 1. 域名未正确解析到此服务器" + echo " 2. Nginx未正确配置" + echo " 3. 80端口被占用或防火墙阻止" + echo "" + return 1 + fi # 安装证书 + echo "" + print_info "正在安装证书到Nginx..." mkdir -p /etc/nginx/ssl - ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ + if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ --key-file /etc/nginx/ssl/${DOMAIN}.key \ --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \ - --reloadcmd "systemctl reload nginx" - - print_success "acme.sh SSL证书部署成功" - return 0 + --reloadcmd "systemctl reload nginx"; then + print_success "证书安装成功" + return 0 + else + print_error "证书安装失败" + return 1 + fi } deploy_acme_zerossl() { print_step "使用 acme.sh + ZeroSSL 部署SSL证书..." - # 安装acme.sh + # 安装acme.sh(使用与Let's Encrypt相同的逻辑) if [[ ! -d ~/.acme.sh ]]; then - curl https://get.acme.sh | sh + echo "" + print_info "正在安装 acme.sh..." + + # 检测网络环境 + if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then + ACME_INSTALL_URL="https://get.acme.sh" + else + print_info "检测到国内网络,使用Gitee镜像加速..." + ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh" + fi + + if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then + source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true + print_success "acme.sh 安装成功" + else + print_error "acme.sh 安装失败" + return 1 + fi + fi + + # 确认acme.sh可用 + if [[ ! -f ~/.acme.sh/acme.sh ]]; then + print_error "acme.sh 未正确安装" + return 1 fi # 申请证书 - ~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx + echo "" + print_info "正在申请 ZeroSSL 证书..." + if ~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx; then + print_success "证书申请成功" + else + print_error "证书申请失败" + return 1 + fi # 安装证书 + echo "" + print_info "正在安装证书到Nginx..." mkdir -p /etc/nginx/ssl - ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ + if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ --key-file /etc/nginx/ssl/${DOMAIN}.key \ --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \ - --reloadcmd "systemctl reload nginx" - - print_success "ZeroSSL证书部署成功" - return 0 + --reloadcmd "systemctl reload nginx"; then + print_success "证书安装成功" + return 0 + else + print_error "证书安装失败" + return 1 + fi } deploy_acme_buypass() { @@ -1283,21 +1368,56 @@ deploy_acme_buypass() { # 安装acme.sh if [[ ! -d ~/.acme.sh ]]; then - curl https://get.acme.sh | sh + echo "" + print_info "正在安装 acme.sh..." + + # 检测网络环境 + if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then + ACME_INSTALL_URL="https://get.acme.sh" + else + print_info "检测到国内网络,使用Gitee镜像加速..." + ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh" + fi + + if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then + source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true + print_success "acme.sh 安装成功" + else + print_error "acme.sh 安装失败" + return 1 + fi + fi + + # 确认acme.sh可用 + if [[ ! -f ~/.acme.sh/acme.sh ]]; then + print_error "acme.sh 未正确安装" + return 1 fi # 申请证书 - ~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx + echo "" + print_info "正在申请 Buypass 证书..." + if ~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx; then + print_success "证书申请成功" + else + print_error "证书申请失败" + return 1 + fi # 安装证书 + echo "" + print_info "正在安装证书到Nginx..." mkdir -p /etc/nginx/ssl - ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ + if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ --key-file /etc/nginx/ssl/${DOMAIN}.key \ --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \ - --reloadcmd "systemctl reload nginx" - - print_success "Buypass SSL证书部署成功" - return 0 + --reloadcmd "systemctl reload nginx"; then + print_success "证书安装成功" + return 0 + else + print_error "证书安装失败" + return 1 + fi } deploy_aliyun_ssl() {