mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-08 13:46:08 +00:00
fix(scripts): pass --force to acme.sh --installcert so it survives sudo
acme.sh guards every non-install command behind _checkSudo: when a non-root user runs the panel scripts via sudo, it prints the sudo wiki warning and exits before doing anything, unless FORCE is set. All our --issue calls already pass --force and were unaffected, but none of the --installcert calls did, so issuance succeeded and installation then aborted silently, ending in "Certificate files not found after installation". FORCE has no other effect on the installcert path, so mirror the --issue calls and pass --force everywhere we install certs. Closes #5741
This commit is contained in:
+3
-3
@@ -373,7 +373,7 @@ setup_ssl_certificate() {
|
||||
fi
|
||||
|
||||
# Install certificate
|
||||
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem \
|
||||
--reloadcmd "systemctl restart x-ui" > /dev/null 2>&1
|
||||
@@ -517,7 +517,7 @@ setup_ip_certificate() {
|
||||
# Install certificate
|
||||
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
||||
# but the cert files are still installed. We check for files instead of exit code.
|
||||
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${ipv4} \
|
||||
--key-file "${certDir}/privkey.pem" \
|
||||
--fullchain-file "${certDir}/fullchain.pem" \
|
||||
--reloadcmd "${reloadCmd}" 2>&1 || true
|
||||
@@ -705,7 +705,7 @@ ssl_cert_issue() {
|
||||
|
||||
# install the certificate
|
||||
local installOutput=""
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
|
||||
local installRc=$?
|
||||
|
||||
@@ -223,7 +223,7 @@ setup_ssl_certificate() {
|
||||
fi
|
||||
|
||||
# Install certificate
|
||||
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem \
|
||||
--reloadcmd "systemctl restart x-ui" > /dev/null 2>&1
|
||||
@@ -361,7 +361,7 @@ setup_ip_certificate() {
|
||||
# Install certificate
|
||||
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
||||
# but the cert files are still installed. We check for files instead of exit code.
|
||||
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${ipv4} \
|
||||
--key-file "${certDir}/privkey.pem" \
|
||||
--fullchain-file "${certDir}/fullchain.pem" \
|
||||
--reloadcmd "${reloadCmd}" 2>&1 || true
|
||||
@@ -518,7 +518,7 @@ ssl_cert_issue() {
|
||||
|
||||
# install the certificate
|
||||
local installOutput=""
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
|
||||
local installRc=$?
|
||||
|
||||
@@ -1435,7 +1435,7 @@ ssl_cert_issue_main() {
|
||||
# renewed cert to these paths and reloads the panel. Without it acme.sh
|
||||
# renews but never updates /root/cert, silently serving a stale cert.
|
||||
if command -v ~/.acme.sh/acme.sh &> /dev/null && ~/.acme.sh/acme.sh --list 2> /dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
|
||||
~/.acme.sh/acme.sh --installcert -d "${domain}" \
|
||||
~/.acme.sh/acme.sh --installcert --force -d "${domain}" \
|
||||
--key-file "${webKeyFile}" \
|
||||
--fullchain-file "${webCertFile}" \
|
||||
--reloadcmd "x-ui restart" 2>&1 || true
|
||||
@@ -1631,7 +1631,7 @@ ssl_cert_issue_for_ip() {
|
||||
# Install the certificate
|
||||
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
||||
# but the cert files are still installed. We check for files instead of exit code.
|
||||
~/.acme.sh/acme.sh --installcert -d ${server_ip} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${server_ip} \
|
||||
--key-file "${certPath}/privkey.pem" \
|
||||
--fullchain-file "${certPath}/fullchain.pem" \
|
||||
--reloadcmd "${reloadCmd}" 2>&1 || true
|
||||
@@ -1836,7 +1836,7 @@ ssl_cert_issue() {
|
||||
|
||||
# install the certificate
|
||||
local installOutput=""
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
installOutput=$(~/.acme.sh/acme.sh --installcert --force -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1)
|
||||
local installRc=$?
|
||||
@@ -1998,7 +1998,7 @@ ssl_cert_issue_CF() {
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
|
||||
~/.acme.sh/acme.sh --installcert --force -d ${CF_Domain} -d *.${CF_Domain} \
|
||||
--key-file ${certPath}/privkey.pem \
|
||||
--fullchain-file ${certPath}/fullchain.pem --reloadcmd "${reloadCmd}"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user