家里宽带的80/443端口被封了。为了给3322.org的动态域名生成证书,我还特意在海外的vps做了一个端口映射到宽带的444端口做验证,验证完再改回来。
#!/bin/bash
CertDate=`/root/getCertDate.py`
if [[ $CertDate == *"Renew"* ]]; then
echo "change myddns.3322.org A record to 45.78.x.x"
/etc/init.d/ddns stop
curl "http://user:password@members.3322.net/dyndns/update?hostname=myddns.3322.org&myip=45.78.x.x"
socat TCP6-LISTEN:444,fork,su=nobody TCP:192.168.10.1:443 &
echo "let's wait 120 seconds"
sleep 120
echo "let's renew certs"
/etc/init.d/uhttpd stop
/root/.acme.sh/acme.sh --renew-all
/etc/init.d/uhttpd start
echo "change myddns.3322.org A record back"
curl "http://user:password@members.3322.net/dyndns/update?hostname=myddns.3322.org"
/etc/init.d/ddns start
killall socat
fi
getCertDate.py 用于判断证书到期时间,到期时间做3周内会输出 Renew 的提示信息,脚本发现输出信息含有renew就会执行更新证书操作。