fix: 修复acme.sh系列SSL证书申请失败误报成功的问题
问题描述: - acme.sh安装失败(GitHub连接超时)但显示"成功" - 证书申请失败但显示"成功" - 导致Nginx配置找不到证书文件而失败退出 修复内容: 1. 所有acme.sh函数添加返回码检查 2. 安装失败时正确返回失败状态 3. 证书申请失败时正确返回失败状态 4. 证书安装失败时正确返回失败状态 新增功能: - 检测网络环境(海外/中国大陆) - 国内网络自动使用Gitee镜像加速 - 详细的步骤提示(安装/申请/部署) - 失败时显示常见原因 修复函数: - deploy_acme_letsencrypt: 完整重写,添加所有检查 - deploy_acme_zerossl: 添加返回码检查和镜像支持 - deploy_acme_buypass: 添加返回码检查和镜像支持 网络优化: - 海外: 使用官方源 https://get.acme.sh - 国内: 使用Gitee镜像 https://gitee.com/neilpang/acme.sh 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
WanWanYun
164
install.sh
164
install.sh
@@ -1239,43 +1239,128 @@ deploy_acme_letsencrypt() {
|
|||||||
|
|
||||||
# 安装acme.sh
|
# 安装acme.sh
|
||||||
if [[ ! -d ~/.acme.sh ]]; then
|
if [[ ! -d ~/.acme.sh ]]; then
|
||||||
curl https://get.acme.sh | sh
|
echo ""
|
||||||
|
print_info "正在安装 acme.sh..."
|
||||||
|
|
||||||
|
# 检测是否在中国大陆,使用镜像加速
|
||||||
|
if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
|
||||||
|
# 海外网络
|
||||||
|
ACME_INSTALL_URL="https://get.acme.sh"
|
||||||
|
else
|
||||||
|
# 中国大陆,使用Gitee镜像
|
||||||
|
print_info "检测到国内网络,使用Gitee镜像加速..."
|
||||||
|
ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
|
||||||
|
# 重新加载环境变量
|
||||||
|
source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
|
||||||
|
print_success "acme.sh 安装成功"
|
||||||
|
else
|
||||||
|
print_error "acme.sh 安装失败"
|
||||||
|
echo ""
|
||||||
|
print_warning "解决方案:"
|
||||||
|
echo " 1. 检查网络连接"
|
||||||
|
echo " 2. 尝试手动安装: curl https://get.acme.sh | sh"
|
||||||
|
echo " 3. 或访问: https://github.com/acmesh-official/acme.sh/wiki/Install-in-China"
|
||||||
|
echo ""
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 确认acme.sh可用
|
||||||
|
if [[ ! -f ~/.acme.sh/acme.sh ]]; then
|
||||||
|
print_error "acme.sh 未正确安装"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 申请证书
|
# 申请证书
|
||||||
~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx
|
echo ""
|
||||||
|
print_info "正在申请 Let's Encrypt 证书..."
|
||||||
|
if ~/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx; then
|
||||||
|
print_success "证书申请成功"
|
||||||
|
else
|
||||||
|
print_error "证书申请失败"
|
||||||
|
echo ""
|
||||||
|
print_warning "常见失败原因:"
|
||||||
|
echo " 1. 域名未正确解析到此服务器"
|
||||||
|
echo " 2. Nginx未正确配置"
|
||||||
|
echo " 3. 80端口被占用或防火墙阻止"
|
||||||
|
echo ""
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
# 安装证书
|
# 安装证书
|
||||||
|
echo ""
|
||||||
|
print_info "正在安装证书到Nginx..."
|
||||||
mkdir -p /etc/nginx/ssl
|
mkdir -p /etc/nginx/ssl
|
||||||
~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||||
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
||||||
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
||||||
--reloadcmd "systemctl reload nginx"
|
--reloadcmd "systemctl reload nginx"; then
|
||||||
|
print_success "证书安装成功"
|
||||||
print_success "acme.sh SSL证书部署成功"
|
return 0
|
||||||
return 0
|
else
|
||||||
|
print_error "证书安装失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy_acme_zerossl() {
|
deploy_acme_zerossl() {
|
||||||
print_step "使用 acme.sh + ZeroSSL 部署SSL证书..."
|
print_step "使用 acme.sh + ZeroSSL 部署SSL证书..."
|
||||||
|
|
||||||
# 安装acme.sh
|
# 安装acme.sh(使用与Let's Encrypt相同的逻辑)
|
||||||
if [[ ! -d ~/.acme.sh ]]; then
|
if [[ ! -d ~/.acme.sh ]]; then
|
||||||
curl https://get.acme.sh | sh
|
echo ""
|
||||||
|
print_info "正在安装 acme.sh..."
|
||||||
|
|
||||||
|
# 检测网络环境
|
||||||
|
if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
|
||||||
|
ACME_INSTALL_URL="https://get.acme.sh"
|
||||||
|
else
|
||||||
|
print_info "检测到国内网络,使用Gitee镜像加速..."
|
||||||
|
ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
|
||||||
|
source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
|
||||||
|
print_success "acme.sh 安装成功"
|
||||||
|
else
|
||||||
|
print_error "acme.sh 安装失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 确认acme.sh可用
|
||||||
|
if [[ ! -f ~/.acme.sh/acme.sh ]]; then
|
||||||
|
print_error "acme.sh 未正确安装"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 申请证书
|
# 申请证书
|
||||||
~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx
|
echo ""
|
||||||
|
print_info "正在申请 ZeroSSL 证书..."
|
||||||
|
if ~/.acme.sh/acme.sh --server zerossl --issue -d "$DOMAIN" --nginx; then
|
||||||
|
print_success "证书申请成功"
|
||||||
|
else
|
||||||
|
print_error "证书申请失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
# 安装证书
|
# 安装证书
|
||||||
|
echo ""
|
||||||
|
print_info "正在安装证书到Nginx..."
|
||||||
mkdir -p /etc/nginx/ssl
|
mkdir -p /etc/nginx/ssl
|
||||||
~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||||
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
||||||
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
||||||
--reloadcmd "systemctl reload nginx"
|
--reloadcmd "systemctl reload nginx"; then
|
||||||
|
print_success "证书安装成功"
|
||||||
print_success "ZeroSSL证书部署成功"
|
return 0
|
||||||
return 0
|
else
|
||||||
|
print_error "证书安装失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy_acme_buypass() {
|
deploy_acme_buypass() {
|
||||||
@@ -1283,21 +1368,56 @@ deploy_acme_buypass() {
|
|||||||
|
|
||||||
# 安装acme.sh
|
# 安装acme.sh
|
||||||
if [[ ! -d ~/.acme.sh ]]; then
|
if [[ ! -d ~/.acme.sh ]]; then
|
||||||
curl https://get.acme.sh | sh
|
echo ""
|
||||||
|
print_info "正在安装 acme.sh..."
|
||||||
|
|
||||||
|
# 检测网络环境
|
||||||
|
if curl -s --connect-timeout 3 https://www.google.com > /dev/null 2>&1; then
|
||||||
|
ACME_INSTALL_URL="https://get.acme.sh"
|
||||||
|
else
|
||||||
|
print_info "检测到国内网络,使用Gitee镜像加速..."
|
||||||
|
ACME_INSTALL_URL="https://gitee.com/neilpang/acme.sh/raw/master/acme.sh"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if curl -fsSL "$ACME_INSTALL_URL" | sh -s -- --install-online; then
|
||||||
|
source ~/.bashrc 2>/dev/null || source ~/.profile 2>/dev/null || true
|
||||||
|
print_success "acme.sh 安装成功"
|
||||||
|
else
|
||||||
|
print_error "acme.sh 安装失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 确认acme.sh可用
|
||||||
|
if [[ ! -f ~/.acme.sh/acme.sh ]]; then
|
||||||
|
print_error "acme.sh 未正确安装"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 申请证书
|
# 申请证书
|
||||||
~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx
|
echo ""
|
||||||
|
print_info "正在申请 Buypass 证书..."
|
||||||
|
if ~/.acme.sh/acme.sh --server buypass --issue -d "$DOMAIN" --nginx; then
|
||||||
|
print_success "证书申请成功"
|
||||||
|
else
|
||||||
|
print_error "证书申请失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
# 安装证书
|
# 安装证书
|
||||||
|
echo ""
|
||||||
|
print_info "正在安装证书到Nginx..."
|
||||||
mkdir -p /etc/nginx/ssl
|
mkdir -p /etc/nginx/ssl
|
||||||
~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
if ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||||
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
--key-file /etc/nginx/ssl/${DOMAIN}.key \
|
||||||
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
--fullchain-file /etc/nginx/ssl/${DOMAIN}.crt \
|
||||||
--reloadcmd "systemctl reload nginx"
|
--reloadcmd "systemctl reload nginx"; then
|
||||||
|
print_success "证书安装成功"
|
||||||
print_success "Buypass SSL证书部署成功"
|
return 0
|
||||||
return 0
|
else
|
||||||
|
print_error "证书安装失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy_aliyun_ssl() {
|
deploy_aliyun_ssl() {
|
||||||
|
|||||||
Reference in New Issue
Block a user