fix: cert renewal, add ip cert support

hiddify-com · hiddify-com · commit f7ee39b04a54 · 2026-01-23T03:19:01.000+03:30
diff --git a/acme.sh/cert_utils.sh b/acme.sh/cert_utils.sh
@@ -10,9 +10,22 @@ is_ok_domain_zerossl() {
         if [[ $domain == *.$tld ]]; then
             return 1 # Domain is restricted
         fi
+        
     done
     return 0 # Domain is not restricted
 }
+isipv4() {
+  [[ $1 =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] || return 1
+  IFS='.' read -r a b c d <<< "$1"
+  for o in $a $b $c $d; do
+    (( o >= 0 && o <= 255 )) || return 1
+  done
+  return 0
+}
+
+isipv6() {
+  [[ $1 =~ ^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$ ]]
+}
 function get_cert() {
     cd /opt/hiddify-manager/acme.sh/
     source ./lib/acme.sh.env
@@ -25,6 +38,7 @@ function get_cert() {
     if [ ${#DOMAIN} -le 64 ]; then
         mkdir -p /opt/hiddify-manager/acme.sh/www/.well-known/acme-challenge
         echo "location /.well-known/acme-challenge {root /opt/hiddify-manager/acme.sh/www/;}" >/opt/hiddify-manager/nginx/parts/acme.conf
+        chown -R nginx /opt/hiddify-manager/acme.sh/www/
         # systemctl reload --now hiddify-nginx
 
         DOMAIN_IP=$(dig +short -t a $DOMAIN.)
@@ -39,11 +53,18 @@ function get_cert() {
         # if [ "$SERVER_IPv6" != "" ]; then
         #     flags="--listen-v6"
         # fi
-
-        acme.sh --issue -w /opt/hiddify-manager/acme.sh/www/ -d $DOMAIN --log $(pwd)/../log/system/acme.log --server letsencrypt --pre-hook "systemctl restart hiddify-nginx"
-        if is_ok_domain_zerossl "$DOMAIN"; then
-            acme.sh --issue -w /opt/hiddify-manager/acme.sh/www/ -d $DOMAIN --log $(pwd)/../log/system/acme.log --pre-hook "systemctl restart hiddify-nginx"
+        alias acmecmd=acme.sh --issue -w /opt/hiddify-manager/acme.sh/www/ --log $(pwd)/../log/system/acme.log --pre-hook "systemctl restart hiddify-nginx"
+        if isipv4 "$DOMAIN"; then
+            acmecmd -d $DOMAIN --server letsencrypt --certificate-profile shortlived --days 6 
+        elif isipv6 "$DOMAIN"; then
+            acmecmd -d [$DOMAIN] --server letsencrypt --certificate-profile shortlived --days 6 
+        else 
+            acmecmd -d $DOMAIN --server letsencrypt
+            if is_ok_domain_zerossl "$DOMAIN"; then
+                acmecmd -d $DOMAIN 
+            fi
         fi
+        
 
         cp $ssl_cert_path/$DOMAIN.crt $ssl_cert_path/$DOMAIN.crt.bk
         cp $ssl_cert_path/$DOMAIN.crt.key $ssl_cert_path/$DOMAIN.crt.key.bk
diff --git a/acme.sh/run.sh b/acme.sh/run.sh
@@ -1,3 +1,4 @@
+cd $(dirname -- "$0")
 source ../common/utils.sh
 source ./cert_utils.sh
 
diff --git a/common/daily_actions.sh b/common/daily_actions.sh
@@ -5,4 +5,8 @@ cd $( dirname -- "$0"; )
 
 
 # systemctl restart systemd-journald
-# sysctl -w vm.drop_caches=3
+# sysctl -w vm.drop_caches=3
+
+
+
+bash /opt/hiddify-manager/acme.sh/run.sh
diff --git a/common/install.sh b/common/install.sh
@@ -75,7 +75,8 @@ bash google-bbr.sh > /dev/null
 
 
 echo "@reboot root /opt/hiddify-manager/install.sh --no-gui --no-log >> /opt/hiddify-manager/log/system/reboot.log 2>&1" >/etc/cron.d/hiddify_reinstall_on_reboot
-echo "@daily root /opt/hiddify-manager/common/daily_actions.sh >> /opt/hiddify-manager/log/system/daily_actions.log 2>&1" >/etc/cron.d/hiddify_daily_memory_release
+mv /etc/cron.d/hiddify_daily_memory_release /etc/cron.d/hiddify_daily
+echo "@daily root /opt/hiddify-manager/common/daily_actions.sh >> /opt/hiddify-manager/log/system/daily_actions.log 2>&1" >/etc/cron.d/hiddify_daily
 service cron reload
 
 if [ "${MODE}" != "docker" ];then
diff --git a/hiddify-panel/src b/hiddify-panel/src
@@ -1 +1 @@
-Subproject commit 3dc2383e68d3504b806b10e169acf5d9530d33e3
+Subproject commit 9976c2af93d783fac6566c81d81e6f2095c4e471

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+cd $(dirname -- "$0")`
`1`	`2`	`source ../common/utils.sh`
`2`	`3`	`source ./cert_utils.sh`
`3`	`4`