From e6aef832d16f3e416237817594468408163da9a5 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 22 Nov 2025 11:12:26 +0000 Subject: [PATCH] Update documentation for new cert_manager.sh features - Updated CHANGELOG.md with comprehensive list of new features in Unreleased section - Enhanced README.md with detailed documentation of all 20+ certificate methods - Updated CLAUDE.md with complete architecture and function reference - Documented new ACME.SH methods: Route53, Google Cloud DNS, DigitalOcean, ZeroSSL - Documented new Certbot integration with 6 different methods - Added self-signed certificate generation documentation - Updated menu structure documentation to reflect new 4-section organization - Expanded command-line interface reference with all new commands - Updated external dependencies and usage requirements sections Changes reflect major expansion from 9 to 20+ certificate issuance options. --- CHANGELOG.md | 42 +++++++++++++ CLAUDE.md | 107 +++++++++++++++++++++++++++------- README.md | 162 +++++++++++++++++++++++++++++++++++++++------------ 3 files changed, 253 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e81c91..f4e413e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,27 @@ ## [Unreleased] +### Added +- **Множественная поддержка DNS провайдеров** - Добавлена поддержка AWS Route53, Google Cloud DNS и DigitalOcean DNS валидации +- **Интеграция Certbot** - Полная поддержка Certbot как альтернативы acme.sh со standalone и webroot методами +- **Поддержка ZeroSSL** - Добавлен ZeroSSL как альтернативный центр сертификации через acme.sh +- **Самоподписанные сертификаты** - Новая опция для генерации самоподписанных сертификатов для тестирования +- **Улучшенная система меню** - Реорганизованное меню с 20+ методами выпуска сертификатов, сгруппированными по типу + +### Методы Certbot (Новые) +- Certbot Standalone режим (валидация через порт 80) +- Certbot Webroot режим (существующий веб-сервер) +- Certbot с плагином Cloudflare DNS +- Certbot с плагином AWS Route53 DNS +- Certbot с плагином Google Cloud DNS +- Certbot с плагином DigitalOcean DNS + +### Расширения ACME.SH (Новые) +- AWS Route53 DNS валидация +- Google Cloud DNS валидация +- DigitalOcean DNS валидация +- Интеграция ZeroSSL CA + ## [1.0.0] - 2025-01-24 ### Added @@ -75,6 +96,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added +- **Multiple DNS Provider Support** - Added support for AWS Route53, Google Cloud DNS, and DigitalOcean DNS validation +- **Certbot Integration** - Full Certbot support as alternative to acme.sh with standalone and webroot methods +- **ZeroSSL Support** - Added ZeroSSL as alternative certificate authority via acme.sh +- **Self-Signed Certificates** - New option to generate self-signed certificates for testing +- **Enhanced Menu System** - Reorganized menu with 20+ certificate issuance methods grouped by type + +### Certbot Methods (New) +- Certbot Standalone mode (port 80 validation) +- Certbot Webroot mode (existing web server) +- Certbot with Cloudflare DNS plugin +- Certbot with AWS Route53 DNS plugin +- Certbot with Google Cloud DNS plugin +- Certbot with DigitalOcean DNS plugin + +### ACME.SH Extensions (New) +- AWS Route53 DNS validation +- Google Cloud DNS validation +- DigitalOcean DNS validation +- ZeroSSL CA integration + ## [1.0.0] - 2025-01-24 ### Added diff --git a/CLAUDE.md b/CLAUDE.md index 3c47a5c..e54b0ef 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -7,36 +7,75 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co This repository contains SSL certificate management scripts for Linux systems: 1. **`tls.sh`** - Original comprehensive 3X-UI panel management script (full functionality) -2. **`cert_manager.sh`** - Simplified SSL certificate management script (certificates only) +2. **`cert_manager.sh`** - Comprehensive SSL certificate management script with support for multiple CAs and validation methods -The `cert_manager.sh` script is a focused version that handles only SSL certificate operations with automatic renewal capabilities. +The `cert_manager.sh` script is a full-featured certificate management tool supporting both acme.sh and Certbot with multiple DNS providers. ## cert_manager.sh Architecture -The simplified SSL certificate script focuses exclusively on certificate management: +The comprehensive SSL certificate management script with 20+ certificate issuance methods: ### Core Functions - **Logging functions**: `LOGD()`, `LOGE()`, `LOGI()` - Color-coded output for debugging, errors, and info - **OS Detection**: Automatically detects Linux distribution and version, supporting Ubuntu, Debian, CentOS, Fedora, Arch, and others -- **Dependency Management**: Automatic installation of required packages (curl, wget, socat, cron) - -### Main Features -1. **Certificate Issuance**: HTTP validation and Cloudflare DNS validation methods -2. **Certificate Management**: Revoke, force renew, list certificates -3. **Automatic Renewal**: Cron-based auto-renewal setup with logging -4. **Dependency Installation**: Auto-installs acme.sh, cron, and other required tools +- **Dependency Management**: Automatic installation of required packages (curl, wget, socat, cron/cronie) + +### Certificate Issuance Methods + +#### ACME.SH Methods (Let's Encrypt/ZeroSSL) +1. **ssl_cert_issue()**: HTTP validation (port 80) +2. **ssl_cert_issue_CF()**: Cloudflare DNS validation +3. **ssl_cert_issue_acme_route53()**: AWS Route53 DNS validation +4. **ssl_cert_issue_acme_gcloud()**: Google Cloud DNS validation +5. **ssl_cert_issue_acme_digitalocean()**: DigitalOcean DNS validation +6. **ssl_cert_issue_acme_zerossl()**: ZeroSSL CA integration + +#### Certbot Methods +1. **ssl_cert_issue_certbot_standalone()**: Standalone mode (port 80) +2. **ssl_cert_issue_certbot_webroot()**: Webroot mode (existing web server) +3. **ssl_cert_issue_certbot_dns_cloudflare()**: Cloudflare DNS plugin +4. **ssl_cert_issue_certbot_dns_route53()**: AWS Route53 DNS plugin +5. **ssl_cert_issue_certbot_dns_google()**: Google Cloud DNS plugin +6. **ssl_cert_issue_certbot_dns_digitalocean()**: DigitalOcean DNS plugin + +#### Other Methods +- **ssl_cert_selfsigned()**: Generate self-signed certificates for testing + +### Certificate Management Functions +- **revoke_certificate()**: Revoke existing certificates +- **force_renew_certificate()**: Force immediate certificate renewal +- **list_certificates()**: Display all installed certificates + +### Infrastructure Functions +- **install_dependencies()**: Auto-install system dependencies (curl, wget, socat, cron) +- **install_acme()**: Install and configure acme.sh +- **install_certbot()**: Install and configure Certbot +- **install_certbot_dns_plugins()**: Install DNS provider plugins for Certbot +- **setup_auto_renewal()**: Configure cron-based automatic renewal +- **check_auto_renewal()**: Verify auto-renewal status and view logs ### Menu System -- `show_menu()`: Simple menu with 9 certificate-focused options +- `show_menu()`: Comprehensive menu with 20+ certificate issuance options organized in 4 sections +- **ACME.SH Methods** (options 1-6): Let's Encrypt/ZeroSSL via acme.sh +- **Certbot Methods** (options 11-16): Alternative via Certbot +- **Certificate Management** (options 21-23): Revoke, renew, list +- **Other Options** (options 31-34): Self-signed, dependencies, auto-renewal - Direct command execution via command line arguments - `before_show_menu()`: Standard return-to-menu pattern ### Command Line Interface ```bash ./cert_manager.sh # Interactive menu -./cert_manager.sh install # Install dependencies -./cert_manager.sh issue # Issue new SSL certificate -./cert_manager.sh cloudflare # Issue SSL certificate via Cloudflare DNS +./cert_manager.sh install # Install dependencies (acme.sh + certbot) +./cert_manager.sh issue # Issue via acme.sh HTTP +./cert_manager.sh cloudflare # Issue via acme.sh Cloudflare DNS +./cert_manager.sh route53 # Issue via acme.sh Route53 DNS +./cert_manager.sh gcloud # Issue via acme.sh Google Cloud DNS +./cert_manager.sh digitalocean # Issue via acme.sh DigitalOcean DNS +./cert_manager.sh zerossl # Issue via acme.sh ZeroSSL CA +./cert_manager.sh certbot-standalone # Issue via Certbot standalone +./cert_manager.sh certbot-webroot # Issue via Certbot webroot +./cert_manager.sh self-signed # Generate self-signed certificate ./cert_manager.sh revoke # Revoke SSL certificate ./cert_manager.sh renew # Force renew SSL certificate ./cert_manager.sh list # List all certificates @@ -65,10 +104,20 @@ The simplified SSL certificate script focuses exclusively on certificate managem - Uses Let's Encrypt as default CA ## External Dependencies -- **acme.sh**: Official ACME client for certificate management +- **acme.sh**: Official ACME client for Let's Encrypt/ZeroSSL certificates +- **Certbot**: Alternative ACME client with plugin ecosystem - **System packages**: curl, wget, socat, cron/cronie -- **Let's Encrypt**: Default certificate authority -- **Cloudflare API**: For DNS validation (optional) +- **Certificate Authorities**: Let's Encrypt (default), ZeroSSL +- **DNS Providers** (optional): + - Cloudflare API: For Cloudflare DNS validation + - AWS Route53 API: For Route53 DNS validation + - Google Cloud DNS API: For Google Cloud DNS validation + - DigitalOcean API: For DigitalOcean DNS validation +- **Certbot DNS Plugins** (installed on demand): + - python3-certbot-dns-cloudflare + - python3-certbot-dns-route53 + - python3-certbot-dns-google + - python3-certbot-dns-digitalocean ## Development Notes - Self-contained single file script @@ -79,8 +128,26 @@ The simplified SSL certificate script focuses exclusively on certificate managem - No build process required - direct bash execution ## Usage Requirements + +### General Requirements - Must run as root user - Internet connectivity required -- Domain must point to server (for HTTP validation) -- Cloudflare API credentials (for DNS validation) -- Port 80 available (for HTTP validation) \ No newline at end of file +- Valid domain name + +### For HTTP Validation (acme.sh/Certbot standalone) +- Domain must point to server +- Port 80 available + +### For Webroot Validation (Certbot webroot) +- Existing web server configured +- Webroot directory accessible + +### For DNS Validation (any provider) +- API credentials for chosen DNS provider: + - **Cloudflare**: Global API Key + Email or API Token + - **AWS Route53**: AWS Access Key ID + Secret Access Key + - **Google Cloud**: Service Account JSON key file + - **DigitalOcean**: API Token + +### For Self-Signed Certificates +- No external requirements (local generation only) \ No newline at end of file diff --git a/README.md b/README.md index 9b9cfa2..45a4936 100644 --- a/README.md +++ b/README.md @@ -33,17 +33,34 @@ sudo ./cert_manager.sh issue # Выпустить сертификат ## 📖 Возможности ### SSL Сертификаты -- ✅ Выпуск сертификатов Let's Encrypt через HTTP валидацию -- ✅ Выпуск wildcard сертификатов через Cloudflare DNS + +#### ACME.SH Методы (Let's Encrypt/ZeroSSL) +- ✅ HTTP валидация (порт 80) +- ✅ Cloudflare DNS валидация +- ✅ AWS Route53 DNS валидация +- ✅ Google Cloud DNS валидация +- ✅ DigitalOcean DNS валидация +- ✅ ZeroSSL как альтернативный CA + +#### Certbot Методы +- ✅ Standalone режим (порт 80) +- ✅ Webroot режим (существующий веб-сервер) +- ✅ Cloudflare DNS плагин +- ✅ AWS Route53 DNS плагин +- ✅ Google Cloud DNS плагин +- ✅ DigitalOcean DNS плагин + +#### Управление Сертификатами - ✅ Отзыв сертификатов - ✅ Принудительное обновление сертификатов - ✅ Просмотр всех установленных сертификатов +- ✅ Генерация самоподписанных сертификатов ### Автоматизация - ✅ Автоматическая установка всех зависимостей - ✅ Настройка cron для автоматического продления - ✅ Логирование процесса обновления -- ✅ Автообновление acme.sh +- ✅ Автообновление acme.sh и certbot ### Поддерживаемые ОС - Ubuntu 20.04+ @@ -67,19 +84,36 @@ sudo ./cert_manager.sh ``` SSL Certificate Management Script - 0. Exit Script -———————————————— - 1. Issue SSL Certificate (HTTP validation) - 2. Issue SSL Certificate (Cloudflare DNS) - 3. Revoke Certificate - 4. Force Renew Certificate - 5. List All Certificates -———————————————— - 6. Install Dependencies - 7. Setup Automatic Renewal - 8. Check Auto-Renewal Status - -Please enter your selection [0-8]: + 0. Exit Script +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + ACME.SH Methods (Let's Encrypt/ZeroSSL) + 1. Issue via acme.sh (HTTP validation) + 2. Issue via acme.sh (Cloudflare DNS) + 3. Issue via acme.sh (AWS Route53 DNS) + 4. Issue via acme.sh (Google Cloud DNS) + 5. Issue via acme.sh (DigitalOcean DNS) + 6. Issue via acme.sh (ZeroSSL CA) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + CERTBOT Methods + 11. Issue via Certbot (Standalone) + 12. Issue via Certbot (Webroot) + 13. Issue via Certbot (Cloudflare DNS) + 14. Issue via Certbot (AWS Route53 DNS) + 15. Issue via Certbot (Google Cloud DNS) + 16. Issue via Certbot (DigitalOcean DNS) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + Certificate Management + 21. Revoke Certificate + 22. Force Renew Certificate + 23. List All Certificates +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + Other Options + 31. Generate Self-Signed Certificate + 32. Install Dependencies + 33. Setup Automatic Renewal + 34. Check Auto-Renewal Status + +Please enter your selection: ``` #### Пример работы - Выпуск сертификата (опция 1): @@ -157,11 +191,20 @@ Please enter your selection [0-8]: 8 ### Командная строка +Скрипт поддерживает прямой вызов функций через командную строку: + | Команда | Описание | |---------|----------| -| `install` | Установить все зависимости | -| `issue` | Выпустить сертификат через HTTP | -| `cloudflare` | Выпустить сертификат через Cloudflare DNS | +| `install` | Установить все зависимости (acme.sh, certbot) | +| `issue` | Выпустить сертификат через HTTP (acme.sh) | +| `cloudflare` | Выпустить сертификат через Cloudflare DNS (acme.sh) | +| `route53` | Выпустить сертификат через AWS Route53 DNS (acme.sh) | +| `gcloud` | Выпустить сертификат через Google Cloud DNS (acme.sh) | +| `digitalocean` | Выпустить сертификат через DigitalOcean DNS (acme.sh) | +| `zerossl` | Выпустить сертификат через ZeroSSL CA (acme.sh) | +| `certbot-standalone` | Выпустить сертификат через Certbot standalone | +| `certbot-webroot` | Выпустить сертификат через Certbot webroot | +| `self-signed` | Создать самоподписанный сертификат | | `revoke` | Отозвать сертификат | | `renew` | Принудительно обновить сертификат | | `list` | Показать все сертификаты | @@ -372,17 +415,34 @@ sudo ./cert_manager.sh issue # Issue certificate ## 📖 Features ### SSL Certificates -- ✅ Issue Let's Encrypt certificates via HTTP validation -- ✅ Issue wildcard certificates via Cloudflare DNS + +#### ACME.SH Methods (Let's Encrypt/ZeroSSL) +- ✅ HTTP validation (port 80) +- ✅ Cloudflare DNS validation +- ✅ AWS Route53 DNS validation +- ✅ Google Cloud DNS validation +- ✅ DigitalOcean DNS validation +- ✅ ZeroSSL as alternative CA + +#### Certbot Methods +- ✅ Standalone mode (port 80) +- ✅ Webroot mode (existing web server) +- ✅ Cloudflare DNS plugin +- ✅ AWS Route53 DNS plugin +- ✅ Google Cloud DNS plugin +- ✅ DigitalOcean DNS plugin + +#### Certificate Management - ✅ Revoke certificates - ✅ Force renew certificates - ✅ View all installed certificates +- ✅ Generate self-signed certificates ### Automation - ✅ Automatic installation of all dependencies - ✅ Setup cron for automatic renewal - ✅ Renewal process logging -- ✅ Auto-update acme.sh +- ✅ Auto-update acme.sh and certbot ### Supported OS - Ubuntu 20.04+ @@ -406,19 +466,36 @@ You will see this menu: ``` SSL Certificate Management Script - 0. Exit Script -———————————————— - 1. Issue SSL Certificate (HTTP validation) - 2. Issue SSL Certificate (Cloudflare DNS) - 3. Revoke Certificate - 4. Force Renew Certificate - 5. List All Certificates -———————————————— - 6. Install Dependencies - 7. Setup Automatic Renewal - 8. Check Auto-Renewal Status - -Please enter your selection [0-8]: + 0. Exit Script +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + ACME.SH Methods (Let's Encrypt/ZeroSSL) + 1. Issue via acme.sh (HTTP validation) + 2. Issue via acme.sh (Cloudflare DNS) + 3. Issue via acme.sh (AWS Route53 DNS) + 4. Issue via acme.sh (Google Cloud DNS) + 5. Issue via acme.sh (DigitalOcean DNS) + 6. Issue via acme.sh (ZeroSSL CA) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + CERTBOT Methods + 11. Issue via Certbot (Standalone) + 12. Issue via Certbot (Webroot) + 13. Issue via Certbot (Cloudflare DNS) + 14. Issue via Certbot (AWS Route53 DNS) + 15. Issue via Certbot (Google Cloud DNS) + 16. Issue via Certbot (DigitalOcean DNS) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + Certificate Management + 21. Revoke Certificate + 22. Force Renew Certificate + 23. List All Certificates +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + Other Options + 31. Generate Self-Signed Certificate + 32. Install Dependencies + 33. Setup Automatic Renewal + 34. Check Auto-Renewal Status + +Please enter your selection: ``` #### Example Usage - Issue Certificate (option 1): @@ -496,11 +573,20 @@ Please enter your selection [0-8]: 8 ### Command Line +The script supports direct function calls via command line: + | Command | Description | |---------|-------------| -| `install` | Install all dependencies | -| `issue` | Issue certificate via HTTP | -| `cloudflare` | Issue certificate via Cloudflare DNS | +| `install` | Install all dependencies (acme.sh, certbot) | +| `issue` | Issue certificate via HTTP (acme.sh) | +| `cloudflare` | Issue certificate via Cloudflare DNS (acme.sh) | +| `route53` | Issue certificate via AWS Route53 DNS (acme.sh) | +| `gcloud` | Issue certificate via Google Cloud DNS (acme.sh) | +| `digitalocean` | Issue certificate via DigitalOcean DNS (acme.sh) | +| `zerossl` | Issue certificate via ZeroSSL CA (acme.sh) | +| `certbot-standalone` | Issue certificate via Certbot standalone | +| `certbot-webroot` | Issue certificate via Certbot webroot | +| `self-signed` | Generate self-signed certificate | | `revoke` | Revoke certificate | | `renew` | Force renew certificate | | `list` | Show all certificates |