From 7fd062e7ff8c0956399c369ec73b6b7237e2336f Mon Sep 17 00:00:00 2001 From: jeremygan2021 Date: Sun, 22 Mar 2026 23:31:30 +0800 Subject: [PATCH] create --- create_new_domain_cert.sh | 72 ++++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 13 deletions(-) diff --git a/create_new_domain_cert.sh b/create_new_domain_cert.sh index 48166d4..3cfa1bb 100755 --- a/create_new_domain_cert.sh +++ b/create_new_domain_cert.sh @@ -346,22 +346,68 @@ check_domain_reachability() { local response response=$(curl -I -s --connect-timeout 10 "$test_url" 2>&1) local http_code=$(echo "$response" | grep -i "HTTP/" | head -n1 | awk '{print $2}') + local location=$(echo "$response" | grep -i "^Location:" | head -n1 | awk '{print $2}' | tr -d '\r') log_info "HTTP 响应码: ${http_code:-无响应}" - # 返回 200 或 404 都视为通过(说明 nginx 已响应) - if [[ "$http_code" == "200" ]] || [[ "$http_code" == "404" ]]; then - log_success "域名 80 端口可达性检测通过" - return 0 - else - log_error "域名 80 端口不可达,请检查:" - echo " 1. 域名是否正确解析到此服务器" - echo " 2. 防火墙是否开放 80 端口" - echo " 3. nginx 是否正常启动" - echo "" - echo " 完整响应: $response" - return 1 - fi + # 智能判断各种情况 + case "$http_code" in + 200) + log_success "✅ 域名 80 端口可达性检测通过 (HTTP 200)" + log_info "ACME 挑战路径正常响应" + return 0 + ;; + 404) + log_success "✅ 域名 80 端口可达性检测通过 (HTTP 404)" + log_warn "ACME 挑战路径返回 404,但 nginx 已响应" + log_info "nginx 会自动创建挑战文件,检测通过" + return 0 + ;; + 301|302) + log_warn "检测到 HTTP 跳转 (HTTP $http_code)" + if [[ -n "$location" ]]; then + log_info "跳转目标: $location" + + # 检查是否是跳转到 HTTPS + if [[ "$location" =~ ^https:// ]]; then + log_warn "⚠️ HTTPS 跳转已配置生效!" + log_info "这说明之前已经成功配置过 HTTPS" + + # 判断是否需要继续(取决于场景) + echo "" + echo -e "${YELLOW}检测到域名 $DOMAIN 已配置 HTTPS 跳转${NC}" + echo "这可能是之前运行的配置残留" + echo "" + + # 智能决策:检查是否真的需要跳转 + # 如果 Location 是空的或指向错误位置,可能是配置问题 + if [[ "$location" == "https://" ]] || [[ "$location" == "https://$DOMAIN" ]] || [[ "$location" =~ ^https://.*$ ]]; then + log_info "HTTPS 跳转配置正常,域名可达" + log_info "可以继续证书申请流程" + return 0 + else + log_error "跳转目标异常: $location" + return 1 + fi + else + log_warn "跳转到非 HTTPS 地址: $location" + return 1 + fi + else + log_warn "收到 HTTP $http_code 但无 Location 头" + return 1 + fi + ;; + 000) + log_error "❌ 连接失败 (HTTP $http_code)" + log_error "域名可能未解析或防火墙阻止" + return 1 + ;; + *) + log_error "❌ 意外的 HTTP 响应码: $http_code" + return 1 + ;; + esac } # 申请 Let's Encrypt 证书