fix: use webroot nginx site for acme.sh certificate issuance

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-16 08:30:33 +08:00
parent 7089fa5777
commit 2653afa287
4 changed files with 300 additions and 275 deletions
+8 -1
View File
@@ -63,6 +63,7 @@ ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp comment 'SSH'
ufw allow 80/tcp comment 'HTTP-ACME'
ufw allow 443/tcp comment 'Reality'
ufw allow 8443/udp comment 'Hysteria2'
ufw --force enable
@@ -73,6 +74,12 @@ cp "$ROOT_DIR/server/nginx/index.html" /var/www/fallback/
cp "$ROOT_DIR/server/nginx/fallback.conf" /etc/nginx/sites-available/fallback
ln -sf /etc/nginx/sites-available/fallback /etc/nginx/sites-enabled/fallback
rm -f /etc/nginx/sites-enabled/default
log "部署 Nginx ACME 验证站点 (80) ..."
mkdir -p /var/www/acme
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/acme.conf.template" \
> /etc/nginx/sites-available/acme
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
nginx -t && systemctl enable nginx && systemctl restart nginx
log "申请 TLS 证书 (Let's Encrypt) ..."
@@ -90,7 +97,7 @@ if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
fi
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx --force
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" -w /var/www/acme --force
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem \