From f37d7271eb993a052f48c65f4a769f4c3c60bfae Mon Sep 17 00:00:00 2001
From: shenlan <manbuzhe2009@qq.com>
Date: Tue, 15 Jul 2025 11:44:06 +0800
Subject: [PATCH] Add standalone certificate issuance script

---
 scripts/get-standalone-cert.sh | 38 ++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 scripts/get-standalone-cert.sh

diff --git a/scripts/get-standalone-cert.sh b/scripts/get-standalone-cert.sh
new file mode 100644
index 0000000..ffa2813
--- /dev/null
+++ b/scripts/get-standalone-cert.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -e
+
+DOMAIN="sing-box.onwalk.net"
+SSL_KEY="/etc/ssl/${DOMAIN}.key"
+SSL_PEM="/etc/ssl/${DOMAIN}.pem"
+
+# 1. 安装 acme.sh（如果未安装）
+if [ ! -d "$HOME/.acme.sh" ]; then
+  echo "Installing acme.sh..."
+  curl https://get.acme.sh | sh
+  export PATH="$HOME/.acme.sh:$PATH"
+else
+  echo "acme.sh already installed."
+fi
+
+# 2. 申请 RSA 证书（使用 HTTP-01 验证，需 80 端口可用）
+echo "Issuing certificate for $DOMAIN using standalone mode..."
+~/.acme.sh/acme.sh --issue --standalone -d "$DOMAIN" --keylength 2048
+
+# 3. 安装证书到指定位置
+echo "Installing cert to $SSL_PEM and $SSL_KEY..."
+~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
+  --key-file "$SSL_KEY" \
+  --fullchain-file "$SSL_PEM" \
+  --reloadcmd "systemctl restart sing-box"
+
+# 4. 设置权限
+chmod 600 "$SSL_KEY"
+chmod 644 "$SSL_PEM"
+echo "Certificate successfully installed."
+
+# 5. 提示
+echo "Done. Cert saved at:"
+echo "  Key:  $SSL_KEY"
+echo "  Cert: $SSL_PEM"
+