默认案例如下:https://club.fnnas.com/forum.php?mod=viewthread&tid=16025
原始方案:
#!/bin/bash
#配置
CERT_NAME="xxx.com"
PANEL_CERT_PATH="/vol2/1000/certs"
FNOS_CERT_PATH="/usr/trim/var/trim_connect/ssls/xxx.com/1740193347"
# 重命名
mv "$PANEL_CERT_PATH/fullchain.pem" "$PANEL_CERT_PATH/$CERT_NAME.crt"
mv "$PANEL_CERT_PATH/privkey.pem" "$PANEL_CERT_PATH/$CERT_NAME.key"
# 将新证书文件复制到旧证书文件的路径
cp "$PANEL_CERT_PATH/$CERT_NAME.*" "$FNOS_CERT_PATH/" -av
# 设置新证书文件权限为 755
chmod 0755 "$FNOS_CERT_PATH/*"
# 获取新证书的到期日期并更新数据库中的证书有效期
NEW_EXPIRY_DATE=$(openssl x509 -enddate -noout -in "$FNOS_CERT_PATH/$CERT_NAME.crt" | sed "s/^.*=\(.*\)$/\1/")
NEW_EXPIRY_TIMESTAMP=$(date -d "$NEW_EXPIRY_DATE" +%s%3N) # 获取毫秒级时间戳
# 更新数据库中的证书有效期
psql -U postgres -d trim_connect -c "UPDATE cert SET valid_to=$NEW_EXPIRY_TIMESTAMP WHERE domain='$CERT_NAME'"
# 重启服务
systemctl restart webdav.service
systemctl restart smbftpd.service
systemctl restart trim_nginx.service
优化方案:
#!/bin/bash
set -e
#你要签名的证书域名
CERT_NAME="NAS.XXXX.COM"
#证书存放路径,需要根据自身修改。
PANEL_CERT_PATH="/vol1/1000/certs"
FNOS_CERT_BASE="/usr/trim/var/trim_connect/ssls/$CERT_NAME"
FNOS_CERT_PATH=$(ls -dt "$FNOS_CERT_BASE"/* | head -n 1)
# 复制证书(已经是 crt / key,不再 mv)
cp -av \
"$PANEL_CERT_PATH/$CERT_NAME.crt" \
"$PANEL_CERT_PATH/$CERT_NAME.key" \
"$FNOS_CERT_PATH/"
# 设置权限(私钥必须更严格)
chmod 0755 "$FNOS_CERT_PATH/$CERT_NAME.crt"
chmod 0755 "$FNOS_CERT_PATH/$CERT_NAME.key"
# 读取证书到期时间
NEW_EXPIRY_DATE=$(openssl x509 -enddate -noout -in "$FNOS_CERT_PATH/$CERT_NAME.crt" | cut -d= -f2)
NEW_EXPIRY_TIMESTAMP=$(date -d "$NEW_EXPIRY_DATE" +%s%3N)
# 更新数据库
psql -U postgres -d trim_connect \
-c "UPDATE cert SET valid_to=$NEW_EXPIRY_TIMESTAMP WHERE domain='$CERT_NAME'"
# 重启服务
systemctl restart trim_nginx.service
systemctl restart webdav.service
systemctl restart smbftpd.service
