From e51c59995c9ffacce1f05495cbc3a8cb986923c9 Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Sun, 2 Apr 2023 21:01:08 +0330
Subject: [PATCH] fixed - multi domain ssl path

---
 x-ui.sh | 101 ++++++++++++++++++++++++++++++--------------------------
 1 file changed, 55 insertions(+), 46 deletions(-)

diff --git a/x-ui.sh b/x-ui.sh
index 77a11393be..ebda157c00 100644
--- a/x-ui.sh
+++ b/x-ui.sh
@@ -548,14 +548,7 @@ ssl_cert_issue_standalone() {
     else
         LOGI "install socat succeed..."
     fi
-    #creat a directory for install cert
-    certPath=/root/cert
-    if [ ! -d "$certPath" ]; then
-        mkdir $certPath
-    else
-        rm -rf $certPath
-        mkdir $certPath
-    fi
+
     #get the domain here,and we need verify it
     local domain=""
     read -p "please input your domain:" domain
@@ -570,6 +563,16 @@ ssl_cert_issue_standalone() {
     else
         LOGI "your domain is ready for issuing cert now..."
     fi
+	
+	#create a directory for install cert
+	certPath="/root/cert/${domain}"
+	if [ ! -d "$certPath" ]; then
+		mkdir -p "$certPath"
+	else
+		rm -rf "$certPath"
+		mkdir -p "$certPath"
+	fi
+	
     #get needed port here
     local WebPort=80
     read -p "please choose which port do you use,default will be 80 port:" WebPort
@@ -589,9 +592,9 @@ ssl_cert_issue_standalone() {
         LOGE "issue certs succeed,installing certs..."
     fi
     #install cert
-    ~/.acme.sh/acme.sh --installcert -d ${domain} --ca-file /root/cert/ca.cer \
-        --cert-file /root/cert/${domain}.cer --key-file /root/cert/privkey.pem \
-        --fullchain-file /root/cert/fullchain.pem
+    ~/.acme.sh/acme.sh --installcert -d ${domain} \
+        --key-file /root/cert/${domain}/privkey.pem \
+        --fullchain-file /root/cert/${domain}/fullchain.pem
 
     if [ $? -ne 0 ]; then
         LOGE "install certs failed,exit"
@@ -600,17 +603,18 @@ ssl_cert_issue_standalone() {
     else
         LOGI "install certs succeed,enable auto renew..."
     fi
-    ~/.acme.sh/acme.sh --upgrade --auto-upgrade
-    if [ $? -ne 0 ]; then
-        LOGE "auto renew failed,certs details:"
-        ls -lah cert
-        chmod 755 $certPath
-        exit 1
-    else
-        LOGI "auto renew succeed,certs details:"
-        ls -lah cert
-        chmod 755 $certPath
-    fi
+	
+	~/.acme.sh/acme.sh --upgrade --auto-upgrade
+	if [ $? -ne 0 ]; then
+		LOGE "auto renew failed, certs details:"
+		ls -lah cert/*
+		chmod 755 $certPath/*
+		exit 1
+	else
+		LOGI "auto renew succeed, certs details:"
+		ls -lah cert/*
+		chmod 755 $certPath/*
+	fi
 
 }
 
@@ -631,13 +635,7 @@ ssl_cert_issue_by_cloudflare() {
         CF_Domain=""
         CF_GlobalKey=""
         CF_AccountEmail=""
-        certPath=/root/cert
-        if [ ! -d "$certPath" ]; then
-            mkdir $certPath
-        else
-            rm -rf $certPath
-            mkdir $certPath
-        fi
+        
         LOGD "please input your domain:"
         read -p "Input your domain here:" CF_Domain
         LOGD "your domain is:${CF_Domain},check it..."
@@ -651,6 +649,16 @@ ssl_cert_issue_by_cloudflare() {
         else
             LOGI "your domain is ready for issuing cert now..."
         fi
+		
+		#create a directory for install cert
+		certPath="/root/cert/${CF_Domain}"
+		if [ ! -d "$certPath" ]; then
+			mkdir -p "$certPath"
+		else
+			rm -rf "$certPath"
+			mkdir -p "$certPath"
+		fi
+	
         LOGD "please inout your cloudflare global API key:"
         read -p "Input your key here:" CF_GlobalKey
         LOGD "your cloudflare global API key is:${CF_GlobalKey}"
@@ -672,9 +680,10 @@ ssl_cert_issue_by_cloudflare() {
         else
             LOGI "Certificate issued Successfully, Installing..."
         fi
-        ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \
-            --cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
-            --fullchain-file /root/cert/fullchain.cer
+        ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \
+            --key-file /root/cert/${CF_Domain}/privkey.pem \
+            --fullchain-file /root/cert/${CF_Domain}/fullchain.pem
+
         if [ $? -ne 0 ]; then
             LOGE "install cert failed,exit"
             rm -rf ~/.acme.sh/${CF_Domain}
@@ -682,17 +691,17 @@ ssl_cert_issue_by_cloudflare() {
         else
             LOGI "Certificate installed Successfully,Turning on automatic updates..."
         fi
-        ~/.acme.sh/acme.sh --upgrade --auto-upgrade
-        if [ $? -ne 0 ]; then
-            LOGE "Auto update setup Failed, script exiting..."
-            ls -lah cert
-            chmod 755 $certPath
-            exit 1
-        else
-            LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows"
-            ls -lah cert
-            chmod 755 $certPath
-        fi
+		~/.acme.sh/acme.sh --upgrade --auto-upgrade
+		if [ $? -ne 0 ]; then
+			LOGE "auto renew failed, certs details:"
+			ls -lah cert/*
+			chmod 755 $certPath/*
+			exit 1
+		else
+			LOGI "auto renew succeed, certs details:"
+			ls -lah cert/*
+			chmod 755 $certPath/*
+		fi
     else
         show_menu
     fi
@@ -739,9 +748,9 @@ show_menu() {
   ${green}14.${plain} Disabel x-ui On System Startup
 ————————————————
   ${green}15.${plain} Enable BBR 
-  ${green}16.${plain} Issuse Certs
-  ${green}17.${plain} Update Geoip and Geosite
-  ${green}18.${plain} Enable Firewall and open Ports
+  ${green}16.${plain} Apply for an SSL Certificate
+  ${green}17.${plain} Update Geo Files
+  ${green}18.${plain} Active Firewall and open ports
  "
     show_status
     echo && read -p "Please enter your selection [0-18]: " num