[小技巧] 每月自动更新ssl证书

Tags:
mkdir -p /data/__run

SSL_DIR="/etc/ssl/private"
SSL_DOMAIN="你的域名.xx.yy"
chmod 755 ${SSL_DIR}

cat > /data/__run/ssl-cert-renew.sh <<EOF
#!/bin/bash

echo "${SSL_DOMAIN} Certificates Renewing..."
.acme.sh/acme.sh --install-cert -d a-${SSL_DOMAIN} --ecc --fullchain-file  ${SSL_DIR}/${SSL_DOMAIN}.crt --key-file  ${SSL_DIR}/${SSL_DOMAIN}.key
echo "${SSL_DOMAIN} Certificates Renewed!"
       
chmod +r ${SSL_DIR}/${SSL_DOMAIN}.key
echo "Read Permission Granted for Private Key"

# optional - depending whether you want to do xray restart in this script or separate them.
# sudo systemctl restart xray
# echo "Xray Restarted"
EOF

chmod +x /data/__run/ssl-cert-renew.sh
crontab -e
# 在里面输入以下代码,意思为每月1日自动申请证书
0 1 1 * *   bash /data/ssl-cert-renew.sh

Leave a Reply