Merge pull request #44 from svc-design/codex/-get-cert.sh-get-standalone-cert.sh

Add certificate issuance script
2025-07-15 11:44:27 +08:00 · 2025-07-15 11:44:27 +08:00 · 72eb6cb051
commit 72eb6cb051
parent c3d0e794db f37d7271eb
1 changed files with 38 additions and 0 deletions
--- a/scripts/get-standalone-cert.sh
+++ b/scripts/get-standalone-cert.sh
@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -e
+
+DOMAIN="sing-box.onwalk.net"
+SSL_KEY="/etc/ssl/${DOMAIN}.key"
+SSL_PEM="/etc/ssl/${DOMAIN}.pem"
+
+# 1. 安装 acme.sh（如果未安装）
+if [ ! -d "$HOME/.acme.sh" ]; then
+  echo "Installing acme.sh..."
+  curl https://get.acme.sh | sh
+  export PATH="$HOME/.acme.sh:$PATH"
+else
+  echo "acme.sh already installed."
+fi
+
+# 2. 申请 RSA 证书（使用 HTTP-01 验证，需 80 端口可用）
+echo "Issuing certificate for $DOMAIN using standalone mode..."
+~/.acme.sh/acme.sh --issue --standalone -d "$DOMAIN" --keylength 2048
+
+# 3. 安装证书到指定位置
+echo "Installing cert to $SSL_PEM and $SSL_KEY..."
+~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
+  --key-file "$SSL_KEY" \
+  --fullchain-file "$SSL_PEM" \
+  --reloadcmd "systemctl restart sing-box"
+
+# 4. 设置权限
+chmod 600 "$SSL_KEY"
+chmod 644 "$SSL_PEM"
+echo "Certificate successfully installed."
+
+# 5. 提示
+echo "Done. Cert saved at:"
+echo "  Key:  $SSL_KEY"
+echo "  Cert: $SSL_PEM"
+