https ssl申请
免费证书申请
先购买测试证书
创建证书
点击更多查看信息
从证书中确认邮箱 和私钥算法
然后就可以部署了我这边用的的是 NGINX 建议参考帮助
这边的路径需要特别注意
如果 NGINX 没起来 看日志找不到路径可以加上更上一级目录试试 (当然你也可以直接从根目录写死)
这里申请就结束了
[nginx]ssl自动续签 替换脚本 适用于1panel自动证书申请
1.0 1panel 配置证书申请
1.1创建 Acme账户 和DNS账户
密钥算法和申请的私钥算法一致即可
创建 DNS 账户(自用的是阿里云的)
创建完成后就可以申请证书了
1.2 申请证书
选择执行项
1.3 Backup_And_Replace.sh 脚本
#!/bin/bash
# 日志记录函数
log() {
#前景色(字体颜色):黑色(BK):30|红色(RD):31|绿色(GN):32|
#黄色(YW):33|蓝色(BE):34|紫色(PE):35|青色(CN):36|白色(WE):37
color=36
if [ "$2" != "" ];then
read_color="$2"
if [ "$read_color" == "BK" ]; then
color=30
elif [ "$read_color" == "RD" ]; then
color=31
elif [ "$read_color" == "GN" ]; then
color=32
elif [ "$read_color" == "YW" ]; then
color=33
elif [ "$read_color" == "BE" ]; then
color=34
elif [ "$read_color" == "PE" ]; then
color=35
elif [ "$read_color" == "WE" ]; then
color=36
else
color=37
fi
fi
echo -e "\033[${color}m[$(date '+%Y-%m-%d %H:%M:%S')] $1\033[0m"
#echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}
function Backup() {
local FILE_NAME=$1
local PREFIX_PATH=$2
# 获取当前日期,格式为 年-月-日
#DATE=$(date +%Y-%m-%d)
local DATE=$3
# 源文件路径
local SOURCE_FILE="$PREFIX_PATH/$FILE_NAME"
#判断文件是否存在(不管是文件还是目录)
if [ -e "$SOURCE_FILE" ]; then
log "${SOURCE_FILE}文件存在"
else
log "${SOURCE_FILE}文件不存在,请检查!备份终止!"
exit # 检查备份目录是否存在,如果不存在则创建
fi
# 备份文件存储路径
local BACKUP_DIR="$4"
# 检查备份目录是否存在,如果不存在则创建
if [ -d "$BACKUP_DIR" ]; then
log "${BACKUP_DIR}文件夹存在"
else
log "${BACKUP_DIR}文件夹不存在,创建中..."
mkdir -p "${BACKUP_DIR}"
log "创建${BACKUP_DIR}文件夹成功"
fi
# 备份文件名,格式为 file-YYYY-MM-DD.txt
local BACKUP_FILE_TEMP="$BACKUP_DIR/${FILE_NAME}_Backup_$DATE"
log "BACKUP_FILE_TEMP=$BACKUP_FILE_TEMP"
if [ -e "$BACKUP_FILE_TEMP" ]; then
log "${BACKUP_FILE_TEMP}文件存在,今日已经备份完成!"
else
log "开始备份 $SOURCE_FILE 到 $BACKUP_FILE_TEMP"
# 进行备份操作
cp "$SOURCE_FILE" "$BACKUP_FILE_TEMP"
# 输出备份成功信息
log "Backup of $SOURCE_FILE created as $BACKUP_FILE_TEMP"
fi
}
function BackupAll() {
local BACKUP_FILE_MAP=()
local FILE_NAME_TEMP=$1
local FILE_NAME2_TEMP=$2
local DATE=$(date +%Y-%m-%d)
local PREFIX_PATH=$3
local BACKUP_DIR="$PREFIX_PATH/backup"
#if [ -n "${domainName}" ]; then
# BACKUP_DIR="${BACKUP_DIR}/${domainName}"
#fi
BACKUP_FILE_MAP+=("$BACKUP_DIR/${FILE_NAME_TEMP}_Backup_$DATE")
BACKUP_FILE_MAP+=("$BACKUP_DIR/${FILE_NAME2_TEMP}_Backup_$DATE")
Backup "$FILE_NAME_TEMP" "$PREFIX_PATH" "$DATE" "$BACKUP_DIR"
Backup "$FILE_NAME2_TEMP" "$PREFIX_PATH" "$DATE" "$BACKUP_DIR"
for element in "${BACKUP_FILE_MAP[@]}"; do
if [ -e "$element" ]; then
log "${element}文件存在,备份成功!"
else
log "${element}文件不存在,备份失败!退出后续操作" "RD"
exit # 检查备份目录是否存在,如果不存在则创建
fi
done
}
function Replace() {
local FILE_NAME_TEMP=$1
local APPLY_FILE_NAME_TEMP=$2
local SOURCE_FILE="$APPLY_FILE_NAME_TEMP"
local TO_SOURCE_FILE="$FILE_NAME_TEMP"
log "开始替换 $SOURCE_FILE 到 $TO_SOURCE_FILE"
# 进行替换操作
cp "$SOURCE_FILE" "$TO_SOURCE_FILE"
#mv "$SOURCE_FILE" "${SOURCE_FILE}.ok"
if [ $? -eq 0 ]; then
mv "$SOURCE_FILE" "${SOURCE_FILE}.ok"
log "复制 $SOURCE_FILE 到 $TO_SOURCE_FILE 成功" "GN"
else
log "复制 $SOURCE_FILE 失败" "RD"
exit 1
fi
# 输出替换成功信息
log "cp of $SOURCE_FILE to as $TO_SOURCE_FILE"
}
function ReplaceAll() {
local PREFIX_PATH=$1
local FILE_NAME=$2
local APPLY_FILE_NAME=$3
local FILE_NAME2=$4
local APPLY_FILE_NAME2=$5
Replace "$PREFIX_PATH/$FILE_NAME" "$PREFIX_PATH/$APPLY_FILE_NAME"
Replace "$PREFIX_PATH/${FILE_NAME2}" "$PREFIX_PATH/${APPLY_FILE_NAME2}"
}
function main() {
sleep 1
local domain_name=$1
local PREFIX_PATH=$2
local DOCKER_NGINX_NANE=$3
#新申请的ssl 和原ssl 要求处于同一目录
#FILE_NAME="cloud-guest.top.key" #原私钥名(不带路径)
#FILE_NAME2="cloud-guest.top.pem" #原证书名(不带路径)
#if [ ! -n "${domain_name}" ]; then
# domain_name="cloud-guest.top"
#fi
if [ -z "${domain_name}" ]; then
domain_name="cloud-guest.top"
log "未提供域名参数,使用默认值 ${domain_name}" "YW"
fi
if [ -z "${PREFIX_PATH}" ]; then
PREFIX_PATH="/docker-volumes/nginx/conf.d/cert" #证书所在目录
log "未提供前缀参数,使用默认值 ${PREFIX_PATH}" "YW"
fi
if [ -z "${DOCKER_NGINX_NANE}" ]; then
DOCKER_NGINX_NANE="nginx" #docker 容器名
log "未提供nginx docker 容器名,使用默认值 ${DOCKER_NGINX_NANE}" "YW"
fi
log "domain_name ==> ${domain_name}"
FILE_NAME="${domain_name}.key" #原私钥名(不带路径)
FILE_NAME2="${domain_name}.pem" #原证书名(不带路径)
PREFIX_PATH="${PREFIX_PATH}/${domain_name}" #证书所在目录
APPLY_FILE_NAME="privkey.pem" #新申请的私钥名(不带路径)
APPLY_FILE_NAME2="fullchain.pem" #新申请的证书名(不带路径)
if [ ! -f "$PREFIX_PATH/$FILE_NAME" ]; then
log "文件 $PREFIX_PATH/$FILE_NAME 不存在 开始创建"
touch "$PREFIX_PATH/$FILE_NAME"
if [ $? -eq 0 ]; then
log "文件 $PREFIX_PATH/$FILE_NAME 创建成功" "GN"
else
log "文件 $PREFIX_PATH/$FILE_NAME 创建失败" "RD"
exit 1
fi
fi
if [ ! -f "$PREFIX_PATH/$FILE_NAME2" ]; then
log "文件 $PREFIX_PATH/$FILE_NAME2 不存在 开始创建"
touch "$PREFIX_PATH/$FILE_NAME2"
if [ $? -eq 0 ]; then
log "文件 $PREFIX_PATH/$FILE_NAME2 创建成功" "GN"
else
log "文件 $PREFIX_PATH/$FILE_NAME2 创建失败" "RD"
exit 1
fi
fi
log "================================================================"
#备份 原证书 每天只备份一次 备份文件名:${FILE_NAME}_Backup_$DATE
BackupAll "$FILE_NAME" "$FILE_NAME2" "$PREFIX_PATH"
log "================================================================"
#替换 原证书为 新证书 并将新证书命名为 ${APPLY_FILE_NAME}.ok
ReplaceAll "$PREFIX_PATH" "$FILE_NAME" "$APPLY_FILE_NAME" "$FILE_NAME2" "$APPLY_FILE_NAME2"
log "================================================================"
log "重启nginx:${DOCKER_NGINX_NANE} 加载ssl"
sudo docker restart ${DOCKER_NGINX_NANE}
log "================================================================"
log "等待10s nginx:${DOCKER_NGINX_NANE}重启完成"
sleep 10
# 检查容器是否正在运行
sudo docker ps | grep -q "${DOCKER_NGINX_NANE}"
RM_FILE_MAP=()
if [ $? -eq 0 ]; then
log "Nginx容器已经成功重启并正在运行。"
log "正在移除 多余文件 ..."
RM_FILE_MAP+=( "rm -rf $PREFIX_PATH/${APPLY_FILE_NAME}.ok" )
RM_FILE_MAP+=( "rm -rf $PREFIX_PATH/${APPLY_FILE_NAME2}.ok" )
for element in "${RM_FILE_MAP[@]}"; do
log "${element} ==> runing..."
eval ${element}
if [ $? -eq 0 ]; then
log "${element} ==> ok" "GN"
else
log "${element} ==> fail" "RD"
#exit 1
fi
done
else
log "Nginx容器未能启动,请检查错误日志。" "RD"
exit 1
fi
}
domainName=$1
prefixPath=$2
dockerNginxName=$3
main "${domainName}" "${prefixPath}" "${dockerNginxName}"
