张翔
ebaa7f3c50
ci/woodpecker/manual/woodpecker Pipeline was successful
- 移除未使用的YAML锚点定义 - 替换commands字段中的锚点引用为实际值 - 移除有问题的通知步骤 - 修复测试文件中的问题 - 添加新的测试用例和配置文件
79 lines
2.5 KiB
Bash
79 lines
2.5 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
DOMAIN="f.novalon.cn"
|
|
EMAIL="ops@novalon.cn"
|
|
DNS_PROVIDER="dns-tencentcloud"
|
|
|
|
echo "========================================="
|
|
echo "申请通配符SSL证书"
|
|
echo "========================================="
|
|
echo "域名: *.${DOMAIN}"
|
|
echo "邮箱: ${EMAIL}"
|
|
echo "========================================="
|
|
|
|
if [ -z "$TENCENTCLOUD_SECRET_ID" ] || [ -z "$TENCENTCLOUD_SECRET_KEY" ]; then
|
|
echo "错误: 请设置腾讯云API密钥环境变量"
|
|
echo "export TENCENTCLOUD_SECRET_ID=your-secret-id"
|
|
echo "export TENCENTCLOUD_SECRET_KEY=your-secret-key"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "步骤1: 安装certbot-dns-tencentcloud插件..."
|
|
if ! command -v pip3 &> /dev/null; then
|
|
yum install -y python3-pip
|
|
fi
|
|
|
|
pip3 install certbot-dns-tencentcloud
|
|
|
|
echo ""
|
|
echo "步骤2: 创建腾讯云DNS配置文件..."
|
|
mkdir -p /root/.secrets
|
|
cat > /root/.secrets/tencentcloud.ini <<EOF
|
|
dns_tencentcloud_secret_id = ${TENCENTCLOUD_SECRET_ID}
|
|
dns_tencentcloud_secret_key = ${TENCENTCLOUD_SECRET_KEY}
|
|
EOF
|
|
|
|
chmod 600 /root/.secrets/tencentcloud.ini
|
|
|
|
echo ""
|
|
echo "步骤3: 申请通配符证书..."
|
|
certbot certonly \
|
|
--authenticator dns-tencentcloud \
|
|
--dns-tencentcloud-credentials /root/.secrets/tencentcloud.ini \
|
|
--dns-tencentcloud-cleanup-interval 120 \
|
|
--server https://acme-v02.api.letsencrypt.org/directory \
|
|
--email ${EMAIL} \
|
|
--agree-tos \
|
|
--no-eff-email \
|
|
-d "*.${DOMAIN}" \
|
|
-d "${DOMAIN}"
|
|
|
|
echo ""
|
|
echo "步骤4: 复制证书到nginx目录..."
|
|
mkdir -p /home/novalon/docker-app/ssl/wildcard
|
|
|
|
cp /etc/letsencrypt/live/${DOMAIN}/fullchain.pem /home/novalon/docker-app/ssl/wildcard/
|
|
cp /etc/letsencrypt/live/${DOMAIN}/privkey.pem /home/novalon/docker-app/ssl/wildcard/
|
|
|
|
chmod 644 /home/novalon/docker-app/ssl/wildcard/fullchain.pem
|
|
chmod 600 /home/novalon/docker-app/ssl/wildcard/privkey.pem
|
|
|
|
echo ""
|
|
echo "步骤5: 设置自动续期..."
|
|
(crontab -l 2>/dev/null | grep -v "certbot.*${DOMAIN}"; echo "0 3 * * * certbot renew --quiet --cert-name ${DOMAIN} --post-hook 'docker restart novalon-nginx' >> /var/log/certbot-renew-${DOMAIN}.log 2>&1") | crontab -
|
|
|
|
echo ""
|
|
echo "========================================="
|
|
echo "证书申请成功!"
|
|
echo "========================================="
|
|
echo "证书路径:"
|
|
echo " - /home/novalon/docker-app/ssl/wildcard/fullchain.pem"
|
|
echo " - /home/novalon/docker-app/ssl/wildcard/privkey.pem"
|
|
echo ""
|
|
echo "证书有效期: 90天"
|
|
echo "自动续期: 每天凌晨3点检查并续期"
|
|
echo "========================================="
|