From e915d5e4db5bae403022c2e54514f15c81e29460 Mon Sep 17 00:00:00 2001
From: WanWanYun <wanwanyun@example.com>
Date: Thu, 13 Nov 2025 01:36:59 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dacme.sh=E7=B3=BB?=
 =?UTF-8?q?=E5=88=97SSL=E8=AF=81=E4=B9=A6=E7=94=B3=E8=AF=B7=E5=A4=B1?=
 =?UTF-8?q?=E8=B4=A5=E8=AF=AF=E6=8A=A5=E6=88=90=E5=8A=9F=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题描述:
- acme.sh安装失败（GitHub连接超时）但显示"成功"
- 证书申请失败但显示"成功"
- 导致Nginx配置找不到证书文件而失败退出

修复内容:
1. 所有acme.sh函数添加返回码检查
2. 安装失败时正确返回失败状态
3. 证书申请失败时正确返回失败状态
4. 证书安装失败时正确返回失败状态

新增功能:
- 检测网络环境（海外/中国大陆）
- 国内网络自动使用Gitee镜像加速
- 详细的步骤提示（安装/申请/部署）
- 失败时显示常见原因

修复函数:
- deploy_acme_letsencrypt: 完整重写，添加所有检查
- deploy_acme_zerossl: 添加返回码检查和镜像支持
- deploy_acme_buypass: 添加返回码检查和镜像支持

网络优化:
- 海外: 使用官方源 https://get.acme.sh
- 国内: 使用Gitee镜像 https://gitee.com/neilpang/acme.sh

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 install.sh | 164 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 142 insertions(+), 22 deletions(-)

diff --git a/install.sh b/install.sh
index 4cfeaf7..80c219d 100644
--- a/install.sh
+++ b/install.sh
@@ -1239,43 +1239,128 @@ deploy_acme_letsencrypt() {
 
     # 安装acme.sh
     if [[ ! -d ~/.acme.sh ]]; then
-        curl https://get.acme.sh | sh
+        echo ""
+        print_info "正在安装 acme.sh..."
+
+        # 检测是否在中国大陆，使用镜像加速
+        if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
+            # 海外网络
+            ACME_INSTALL_URL="https://get.acme.sh"
+        else
+            # 中国大陆，使用Gitee镜像
+            print_info "检测到国内网络，使用Gitee镜像加速..."
+            ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
+        fi
+
+        if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
+            # 重新加载环境变量
+            source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
+            print_success "acme.sh 安装成功"
+        else
+            print_error "acme.sh 安装失败"
+            echo ""
+            print_warning "解决方案:"
+            echo "  1. 检查网络连接"
+            echo "  2. 尝试手动安装: curl https://get.acme.sh | sh"
+            echo "  3. 或访问: https://github.com/acmesh-official/acme.sh/wiki/Install-in-China"
+            echo ""
+            return 1
+        fi
+    fi
+
+    # 确认acme.sh可用
+    if [[ ! -f ~/.acme.sh/acme.sh ]]; then
+        print_error "acme.sh 未正确安装"
+        return 1
     fi
 
     # 申请证书
-    ~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx
+    echo ""
+    print_info "正在申请 Let's Encrypt 证书..."
+    if ~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx; then
+        print_success "证书申请成功"
+    else
+        print_error "证书申请失败"
+        echo ""
+        print_warning "常见失败原因:"
+        echo "  1. 域名未正确解析到此服务器"
+        echo "  2. Nginx未正确配置"
+        echo "  3. 80端口被占用或防火墙阻止"
+        echo ""
+        return 1
+    fi
 
     # 安装证书
+    echo ""
+    print_info "正在安装证书到Nginx..."
     mkdir -p /etc/nginx/ssl
-    ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
+    if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
         --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"
-
-    print_success "acme.sh SSL证书部署成功"
-    return 0
+        --reloadcmd "systemctl reload nginx"; then
+        print_success "证书安装成功"
+        return 0
+    else
+        print_error "证书安装失败"
+        return 1
+    fi
 }
 
 deploy_acme_zerossl() {
     print_step "使用 acme.sh + ZeroSSL 部署SSL证书..."
 
-    # 安装acme.sh
+    # 安装acme.sh（使用与Let's Encrypt相同的逻辑）
     if [[ ! -d ~/.acme.sh ]]; then
-        curl https://get.acme.sh | sh
+        echo ""
+        print_info "正在安装 acme.sh..."
+
+        # 检测网络环境
+        if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
+            ACME_INSTALL_URL="https://get.acme.sh"
+        else
+            print_info "检测到国内网络，使用Gitee镜像加速..."
+            ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
+        fi
+
+        if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
+            source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
+            print_success "acme.sh 安装成功"
+        else
+            print_error "acme.sh 安装失败"
+            return 1
+        fi
+    fi
+
+    # 确认acme.sh可用
+    if [[ ! -f ~/.acme.sh/acme.sh ]]; then
+        print_error "acme.sh 未正确安装"
+        return 1
     fi
 
     # 申请证书
-    ~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx
+    echo ""
+    print_info "正在申请 ZeroSSL 证书..."
+    if ~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx; then
+        print_success "证书申请成功"
+    else
+        print_error "证书申请失败"
+        return 1
+    fi
 
     # 安装证书
+    echo ""
+    print_info "正在安装证书到Nginx..."
     mkdir -p /etc/nginx/ssl
-    ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
+    if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
         --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"
-
-    print_success "ZeroSSL证书部署成功"
-    return 0
+        --reloadcmd "systemctl reload nginx"; then
+        print_success "证书安装成功"
+        return 0
+    else
+        print_error "证书安装失败"
+        return 1
+    fi
 }
 
 deploy_acme_buypass() {
@@ -1283,21 +1368,56 @@ deploy_acme_buypass() {
 
     # 安装acme.sh
     if [[ ! -d ~/.acme.sh ]]; then
-        curl https://get.acme.sh | sh
+        echo ""
+        print_info "正在安装 acme.sh..."
+
+        # 检测网络环境
+        if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
+            ACME_INSTALL_URL="https://get.acme.sh"
+        else
+            print_info "检测到国内网络，使用Gitee镜像加速..."
+            ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
+        fi
+
+        if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
+            source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
+            print_success "acme.sh 安装成功"
+        else
+            print_error "acme.sh 安装失败"
+            return 1
+        fi
+    fi
+
+    # 确认acme.sh可用
+    if [[ ! -f ~/.acme.sh/acme.sh ]]; then
+        print_error "acme.sh 未正确安装"
+        return 1
     fi
 
     # 申请证书
-    ~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx
+    echo ""
+    print_info "正在申请 Buypass 证书..."
+    if ~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx; then
+        print_success "证书申请成功"
+    else
+        print_error "证书申请失败"
+        return 1
+    fi
 
     # 安装证书
+    echo ""
+    print_info "正在安装证书到Nginx..."
     mkdir -p /etc/nginx/ssl
-    ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
+    if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
         --key-file /etc/nginx/ssl/${DOMAIN}.key \
         --fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
-        --reloadcmd "systemctl reload nginx"
-
-    print_success "Buypass SSL证书部署成功"
-    return 0
+        --reloadcmd "systemctl reload nginx"; then
+        print_success "证书安装成功"
+        return 0
+    else
+        print_error "证书安装失败"
+        return 1
+    fi
 }
 
 deploy_aliyun_ssl() {