panda/qipai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deploy(M00-E): 补充Certbot证书检查

Browse Source
This commit is contained in:
Codex
2026-06-15 16:42:42 +08:00
parent d9d51e9d67
commit 4cb3ab6529
19 changed files with 158 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/setup/certbot.sh
+59
View File
@@ -0,0 +1,59 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=lib.sh
. "${SCRIPT_DIR}/lib.sh"
qipai_certbot_status() {
local live_dir webroot_dir renewal_file
live_dir="/etc/letsencrypt/live/${QIPAI_DOMAIN}"
webroot_dir="/var/www/certbot"
renewal_file="/etc/letsencrypt/renewal/${QIPAI_DOMAIN}.conf"
qipai_info "certbot domain: ${QIPAI_DOMAIN}"
qipai_info "certbot webroot: ${webroot_dir}"
qipai_info "certificate live dir: ${live_dir}"
if command -v certbot >/dev/null 2>&1; then
qipai_pass "certbot: $(command -v certbot)"
certbot --version 2>/dev/null || true
else
qipai_warn "certbot not installed"
fi
if [ -d "$webroot_dir" ]; then
qipai_pass "webroot exists: ${webroot_dir}"
else
qipai_warn "webroot not found: ${webroot_dir}"
fi
if [ -f "${live_dir}/fullchain.pem" ] && [ -f "${live_dir}/privkey.pem" ]; then
qipai_pass "certificate files exist for ${QIPAI_DOMAIN}"
openssl x509 -in "${live_dir}/fullchain.pem" -noout -subject -issuer -dates 2>/dev/null || true
else
qipai_warn "certificate files not found for ${QIPAI_DOMAIN}"
fi
if [ -f "$renewal_file" ]; then
qipai_pass "renewal config exists: ${renewal_file}"
else
qipai_warn "renewal config not found: ${renewal_file}"
fi
if command -v systemctl >/dev/null 2>&1; then
systemctl is-enabled --quiet certbot.timer 2>/dev/null && qipai_pass "certbot.timer enabled" || qipai_warn "certbot.timer not enabled or not installed"
systemctl is-active --quiet certbot.timer 2>/dev/null && qipai_pass "certbot.timer active" || qipai_warn "certbot.timer not active"
else
qipai_warn "systemctl not available; certbot timer check skipped"
fi
qipai_info "manual issue command:"
qipai_info "sudo certbot certonly --webroot -w ${webroot_dir} -d ${QIPAI_DOMAIN}"
qipai_info "manual renewal dry-run:"
qipai_info "sudo certbot renew --dry-run"
}
if [ "${1:-}" = "--run" ]; then
qipai_certbot_status
fi