diff --git a/DockerEntrypoint.sh b/DockerEntrypoint.sh index 79779a219..5b2a1372c 100644 --- a/DockerEntrypoint.sh +++ b/DockerEntrypoint.sh @@ -69,5 +69,14 @@ EOF fail2ban-client -x start fi +# Certificate auto-renewal: acme.sh (installed by the panel's SSL menu) relies +# on a root crontab entry, but the crontab is lost when the container is +# recreated and crond was never started. Re-register the job and run crond so +# renewals actually fire; mount /root/.acme.sh as a volume to keep acme state. +if [ -f /root/.acme.sh/acme.sh ]; then + /root/.acme.sh/acme.sh --install-cronjob >/dev/null 2>&1 + crond +fi + # Run x-ui exec /app/x-ui diff --git a/docker-compose.yml b/docker-compose.yml index 1081fa598..a4c88c004 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,9 @@ services: volumes: - $PWD/db/:/etc/x-ui/ - $PWD/cert/:/root/cert/ + # Persists acme.sh state so certificate auto-renewal survives container + # recreation (the entrypoint re-registers the renewal cron job from it). + - $PWD/acme/:/root/.acme.sh/ environment: XRAY_VMESS_AEAD_FORCED: "false" XUI_ENABLE_FAIL2BAN: "true"