fix: use webroot nginx site for acme.sh certificate issuance
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
+8
-1
@@ -63,6 +63,7 @@ ufw --force reset
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
ufw allow 22/tcp comment 'SSH'
|
||||
ufw allow 80/tcp comment 'HTTP-ACME'
|
||||
ufw allow 443/tcp comment 'Reality'
|
||||
ufw allow 8443/udp comment 'Hysteria2'
|
||||
ufw --force enable
|
||||
@@ -73,6 +74,12 @@ cp "$ROOT_DIR/server/nginx/index.html" /var/www/fallback/
|
||||
cp "$ROOT_DIR/server/nginx/fallback.conf" /etc/nginx/sites-available/fallback
|
||||
ln -sf /etc/nginx/sites-available/fallback /etc/nginx/sites-enabled/fallback
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
|
||||
log "部署 Nginx ACME 验证站点 (80) ..."
|
||||
mkdir -p /var/www/acme
|
||||
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/acme.conf.template" \
|
||||
> /etc/nginx/sites-available/acme
|
||||
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
|
||||
nginx -t && systemctl enable nginx && systemctl restart nginx
|
||||
|
||||
log "申请 TLS 证书 (Let's Encrypt) ..."
|
||||
@@ -90,7 +97,7 @@ if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
|
||||
fi
|
||||
|
||||
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" --nginx --force
|
||||
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" -w /var/www/acme --force
|
||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||
--key-file /etc/sing-box/certs/privkey.pem \
|
||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
||||
|
||||
Reference in New Issue
Block a user