letsencrypt免费SSL证书自动续期

#!/bin/bash

install_snapd(){
  echo "install snap..."
  yum install -y snapd
}

install_snapd_core(){
  if [ $(systemctl status snapd.service | grep -c '(running)') -lt 1 ];then
    systemctl restart snapd.service
  fi
  echo "install snap core..."
  snap install core && snap refresh core
}

install_certbot(){
  echo "install certbot..."
  ln -s /var/lib/snapd/snap /snap
  snap install --classic certbot
  if [ $(whereis certbot | grep -c '/') -lt 1 ];then
    ln -s /var/lib/snapd/snap/bin/certbot /usr/bin/certbot
  fi
}

if [ $(yum list installed | grep -c "snapd.x86_64") -lt 1 ];then
  echo "正在安装依赖包..."
  install_snapd
  sleep 1
  install_snapd_core
  sleep 1
  install_certbot
fi

case $1 in
'list')
  certbot certificates
  ;;
'add')
  echo "请输入网站根目录："
  read webroot
  echo "请输入网站对应的域名,多个域名用逗号隔开："
  read domain
  certbot certonly --webroot -w ${webroot} -d ${domain}
  ;;
'update')
  echo "正在更新所有已安装证书..."
  certbot renew
  ;;
'cron')
  echo "安装定时更新证书任务"
  user=`who am i | awk '{print $1}'`
  cron_path=/var/spool/cron/${user}
  if [ ! -f ${cron_path} ];then
    echo "${cron_path} 定时任务文件不存在"
    exit 0
  fi
  if [ $(cat ${cron_path} | grep -c 'certbot renew') -lt 1 ];then
    command="certbot renew -q --deploy-hook '/usr/local/openresty/nginx/sbin/nginx -s reload'"
    echo "30 5 1 * * ${command}" >> ${cron_path}
  fi
  echo "安装完成"
  ;;
*)
  echo "list    查看所有已安装的证书"
  echo "add     安装证书"
  echo "update  更新所有已安装且30天内到期的证书"
  echo "cron    安装定时更新证书任务"
  echo "更多certbot命令请访问：https://certbot.eff.org/docs/using.html#certbot-commands"
  ;;
esac

在certbot certonly --webroot时，如果发现 http://你的域名/.well-known/acme-challenge/HGr8U1IeTW4kY_Z6UIyaakzOkyQgPr_7ArlLgtZE8SX验证失败，需要在网站的配置文件里，设置.well-known文件夹下允许访问。

#nginx

listen 80;
...

location ~ /.well-known {
    allow all;
}