fix: create sing-box service before acme install-cert reload
Move install-cert after systemd unit creation so reloadcmd succeeds. Add finish-install.sh to recover partial deployments when cert exists. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
+11
-6
@@ -97,14 +97,12 @@ if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
|
||||
fi
|
||||
|
||||
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" -w /var/www/acme --force
|
||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||
--key-file /etc/sing-box/certs/privkey.pem \
|
||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
||||
--reloadcmd "systemctl restart sing-box"
|
||||
if [[ ! -f "/root/.acme.sh/${DOMAIN}_ecc/fullchain.cer" ]]; then
|
||||
/root/.acme.sh/acme.sh --issue -d "$DOMAIN" -w /var/www/acme --force
|
||||
fi
|
||||
|
||||
log "生成 sing-box 服务端配置 ..."
|
||||
mkdir -p /etc/sing-box
|
||||
mkdir -p /etc/sing-box/certs
|
||||
sed -e "s|\${UUID}|${UUID}|g" \
|
||||
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME}|g" \
|
||||
-e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \
|
||||
@@ -135,6 +133,13 @@ UNIT
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable sing-box
|
||||
|
||||
log "安装 TLS 证书到 sing-box ..."
|
||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||
--key-file /etc/sing-box/certs/privkey.pem \
|
||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
||||
--reloadcmd "systemctl restart sing-box"
|
||||
|
||||
systemctl restart sing-box
|
||||
|
||||
log "生成客户端配置 ..."
|
||||
|
||||
Reference in New Issue
Block a user