#!/bin/bash set -e DOMAIN="f.novalon.cn" EMAIL="ops@novalon.cn" DNS_PROVIDER="dns-tencentcloud" echo "=========================================" echo "申请通配符SSL证书" echo "=========================================" echo "域名: *.${DOMAIN}" echo "邮箱: ${EMAIL}" echo "=========================================" if [ -z "$TENCENTCLOUD_SECRET_ID" ] || [ -z "$TENCENTCLOUD_SECRET_KEY" ]; then echo "错误: 请设置腾讯云API密钥环境变量" echo "export TENCENTCLOUD_SECRET_ID=your-secret-id" echo "export TENCENTCLOUD_SECRET_KEY=your-secret-key" exit 1 fi echo "" echo "步骤1: 安装certbot-dns-tencentcloud插件..." if ! command -v pip3 &> /dev/null; then yum install -y python3-pip fi pip3 install certbot-dns-tencentcloud echo "" echo "步骤2: 创建腾讯云DNS配置文件..." mkdir -p /root/.secrets cat > /root/.secrets/tencentcloud.ini </dev/null | grep -v "certbot.*${DOMAIN}"; echo "0 3 * * * certbot renew --quiet --cert-name ${DOMAIN} --post-hook 'docker restart novalon-nginx' >> /var/log/certbot-renew-${DOMAIN}.log 2>&1") | crontab - echo "" echo "=========================================" echo "证书申请成功!" echo "=========================================" echo "证书路径:" echo " - /home/novalon/docker-app/ssl/wildcard/fullchain.pem" echo " - /home/novalon/docker-app/ssl/wildcard/privkey.pem" echo "" echo "证书有效期: 90天" echo "自动续期: 每天凌晨3点检查并续期" echo "========================================="