#!/bin/bash install_snapd(){ echo "install snap..." yum install -y snapd } install_snapd_core(){ if [ $(systemctl status snapd.service | grep -c '(running)') -lt 1 ];then systemctl restart snapd.service fi echo "install snap core..." snap install core && snap refresh core } install_certbot(){ echo "install certbot..." ln -s /var/lib/snapd/snap /snap snap install --classic certbot if [ $(whereis certbot | grep -c '/') -lt 1 ];then ln -s /var/lib/snapd/snap/bin/certbot /usr/bin/certbot fi } if [ $(yum list installed | grep -c "snapd.x86_64") -lt 1 ];then echo "正在安装依赖包..." install_snapd sleep 1 install_snapd_core sleep 1 install_certbot fi case $1 in 'list') certbot certificates ;; 'add') echo "请输入网站根目录:" read webroot echo "请输入网站对应的域名,多个域名用逗号隔开:" read domain certbot certonly --webroot -w ${webroot} -d ${domain} ;; 'update') echo "正在更新所有已安装证书..." certbot renew ;; 'cron') echo "安装定时更新证书任务" user=`who am i | awk '{print $1}'` cron_path=/var/spool/cron/${user} if [ ! -f ${cron_path} ];then echo "${cron_path} 定时任务文件不存在" exit 0 fi if [ $(cat ${cron_path} | grep -c 'certbot renew') -lt 1 ];then command="certbot renew -q --deploy-hook '/usr/local/openresty/nginx/sbin/nginx -s reload'" echo "30 5 1 * * ${command}" >> ${cron_path} fi echo "安装完成" ;; *) echo "list 查看所有已安装的证书" echo "add 安装证书" echo "update 更新所有已安装且30天内到期的证书" echo "cron 安装定时更新证书任务" echo "更多certbot命令请访问:https://certbot.eff.org/docs/using.html#certbot-commands" ;; esac
在certbot certonly --webroot时,如果发现 http://你的域名/.well-known/acme-challenge/HGr8U1IeTW4kY_Z6UIyaakzOkyQgPr_7ArlLgtZE8SX验证失败,需要在网站的配置文件里,设置.well-known文件夹下允许访问。
#nginx listen 80; ... location ~ /.well-known { allow all; }