53 lines
1.3 KiB
Bash
53 lines
1.3 KiB
Bash
|
#!/bin/bash
|
|||
|
|
|
|||
|
|
# 定义主域名及其附属域名列表
|
|||
|
|
declare -A DOMAIN_CERTS=(
|
|||
|
|
["blog"]="lsy22.com www.lsy22.com"
|
|||
|
|
["siyun"]="s.lsy22.com"
|
|||
|
|
["alist"]="o.lsy22.com"
|
|||
|
|
["gitea"]="g.lsy22.com"
|
|||
|
|
["bitwarden"]="b.lsy22.com"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
# 定义要映射的 IP 地址
|
|||
|
|
MAPPED_IP="121.4.180.183"
|
|||
|
|
# 邮箱地址(用于 Let's Encrypt 通知)
|
|||
|
|
EMAIL="lsy22@vip.qq.com"
|
|||
|
|
# ACME.sh 脚本的路径
|
|||
|
|
ACME_SH_PATH="/root/.acme.sh/acme.sh"
|
|||
|
|
# hosts 文件路径
|
|||
|
|
HOSTS_FILE="/etc/hosts"
|
|||
|
|
|
|||
|
|
# 更新 hosts 文件
|
|||
|
|
for GROUP in "${!DOMAIN_CERTS[@]}"; do
|
|||
|
|
for DOMAIN in ${DOMAIN_CERTS[$GROUP]}; do
|
|||
|
|
if ! grep -q "$DOMAIN" "$HOSTS_FILE"; then
|
|||
|
|
echo "$MAPPED_IP $DOMAIN" >> $HOSTS_FILE
|
|||
|
|
fi
|
|||
|
|
done
|
|||
|
|
done
|
|||
|
|
|
|||
|
|
# 更新证书
|
|||
|
|
ANY_SUCCESS=false
|
|||
|
|
for GROUP in "${!DOMAIN_CERTS[@]}"; do
|
|||
|
|
ADDITIONAL_DOMAINS=""
|
|||
|
|
|
|||
|
|
for DOMAIN in ${DOMAIN_CERTS[$GROUP]}; do
|
|||
|
|
ADDITIONAL_DOMAINS="$ADDITIONAL_DOMAINS -d $DOMAIN"
|
|||
|
|
done
|
|||
|
|
|
|||
|
|
# 更新证书
|
|||
|
|
$ACME_SH_PATH --issue $ADDITIONAL_DOMAINS --webroot /var/www/html --email $EMAIL --renew-hook "systemctl reload nginx"
|
|||
|
|
|
|||
|
|
# 检查证书更新结果
|
|||
|
|
if [ $? -eq 0 ]; then
|
|||
|
|
ANY_SUCCESS=true
|
|||
|
|
fi
|
|||
|
|
done
|
|||
|
|
|
|||
|
|
# 如果至少有一个证书更新成功,则重启 Web 服务器(例如 Nginx)
|
|||
|
|
if [ "$ANY_SUCCESS" = true ]; then
|
|||
|
|
systemctl reload nginx
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
exit 0
|