@@ -125,7 +125,8 @@ config_after_install() {
125125 echo -e " ${yellow} Choose an option for SSL certificate:${plain} "
126126 echo -e " 1. Generate a self-signed certificate"
127127 echo -e " 2. Get a certificate from a domain name using acme.sh"
128- read -p " Enter your choice [1-2]: "
128+ echo -e " 3. Get a certificate for an IP address using acme.sh"
129+ read -p " Enter your choice [1-3]: "
129130
130131 case $choice in
131132 1)
@@ -249,6 +250,93 @@ config_after_install() {
249250 fi
250251 local access_url=" https://${domain} "
251252 ;;
253+ 3)
254+ # check for acme.sh first
255+ if ! command -v ~ /.acme.sh/acme.sh & > /dev/null; then
256+ echo " acme.sh could not be found. we will install it"
257+ LOGI " Installing acme.sh..."
258+ cd ~ || return 1 # Ensure you can change to the home directory
259+ curl -s https://get.acme.sh | sh
260+ if [ $? -ne 0 ]; then
261+ LOGE " Installation of acme.sh failed."
262+ else
263+ LOGI " Installation of acme.sh succeeded."
264+ fi
265+ fi
266+
267+ # get the ip here
268+ local server_ip=$( curl -s https://api.ipify.org)
269+ LOGI " Using IP address: ${server_ip} "
270+
271+ LOGD " Your IP is: ${server_ip} , trying to issue a certificate..."
272+
273+ # create a directory for the certificate
274+ certPath=" /root/cert/${server_ip} "
275+ if [ ! -d " $certPath " ; then
276+ mkdir -p " $certPath "
277+ else
278+ rm -rf " $certPath "
279+ mkdir -p " $certPath "
280+ fi
281+
282+ # issue the certificate
283+ if command -v ~ /.acme.sh/acme.sh & > /dev/null; then
284+ ~ /.acme.sh/acme.sh --set-default-ca --server zerossl
285+ # I need to register with an email for ZeroSSL
286+ read -p " Enter your email for ZeroSSL registration: "
287+ ~ /.acme.sh/acme.sh --register-account -m ${email}
288+ ~ /.acme.sh/acme.sh --issue -d ${server_ip} --standalone --httpport 80
289+ if [ $? -ne 0 ]; then
290+ LOGE " Issuing certificate with acme.sh failed, falling back to self-signed certificate."
291+ rm -rf ~ /.acme.sh/${server_ip}
292+
293+ # generate self-signed cert
294+ openssl req -x509 -newkey rsa:4096 -keyout /root/cert/${server_ip} /privkey.pem -out /root/cert/${server_ip} /fullchain.pem -days 365 -nodes -subj " /CN=${server_ip} "
295+ if [ $? -ne 0 ]; then
296+ LOGE " Generating self-signed certificate failed."
297+ else
298+ LOGI " Generating self-signed certificate succeeded."
299+ fi
300+ else
301+ LOGI " Issuing certificate succeeded, installing certificates..."
302+ # install the certificate
303+ ~ /.acme.sh/acme.sh --installcert -d ${server_ip} \
304+ --key-file /root/cert/${server_ip} /privkey.pem \
305+ --fullchain-file /root/cert/${server_ip} /fullchain.pem
306+
307+ if [ $? -ne 0 ]; then
308+ LOGE " Installing certificate failed."
309+ rm -rf ~ /.acme.sh/${server_ip}
310+ else
311+ LOGI " Installing certificate succeeded, enabling auto renew..."
312+ # enable auto-renew
313+ ~ /.acme_sh/acme.sh --upgrade --auto-upgrade
314+ fi
315+ fi
316+ else
317+ LOGE " acme.sh is not installed, falling back to self-signed certificate."
318+ openssl req -x509 -newkey rsa:4096 -keyout /root/cert/${server_ip} /privkey.pem -out /root/cert/${server_ip} /fullchain.pem -days 365 -nodes -subj " /CN=${server_ip} "
319+ if [ $? -ne 0 ]; then
320+ LOGE " Generating self-signed certificate failed."
321+ else
322+ LOGI " Generating self-signed certificate succeeded."
323+ fi
324+ fi
325+
326+ # Set panel paths after successful certificate installation
327+ local webCertFile=" /root/cert/${server_ip} /fullchain.pem"
328+ local webKeyFile=" /root/cert/${server_ip} /privkey.pem"
329+
330+ if [[ -f " $webCertFile " && -f " $webKeyFile " ; then
331+ /usr/local/x-ui/x-ui cert -webCert " $webCertFile " " $webKeyFile "
332+ LOGI " Panel paths set for IP: $server_ip "
333+ LOGI " - Certificate File: $webCertFile "
334+ LOGI " - Private Key File: $webKeyFile "
335+ else
336+ LOGE " Error: Certificate or private key file not found for IP: $server_ip ."
337+ fi
338+ local access_url=" https://${server_ip} "
339+ ;;
252340 * )
253341 echo " Invalid choice. Exiting."
254342 exit 1
0 commit comments