From 15780cf43abd9f2425712dc2ff85613a6a462aa3 Mon Sep 17 00:00:00 2001
From: Whispering Wind <151555003+ReturnFI@users.noreply.github.com>
Date: Sun, 27 Apr 2025 23:05:30 +0330
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Improve=20SSL=20certificate=20ha?=
 =?UTF-8?q?ndling=20with=20auto-renewal=20detection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/scripts/normalsub/normalsub.sh | 47 ++++++++++++++---------------
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/core/scripts/normalsub/normalsub.sh b/core/scripts/normalsub/normalsub.sh
index 2adbafe..a02b6ae 100644
--- a/core/scripts/normalsub/normalsub.sh
+++ b/core/scripts/normalsub/normalsub.sh
@@ -2,16 +2,6 @@
 source /etc/hysteria/core/scripts/utils.sh
 define_colors
 
-# install_dependencies() {
-#     echo "Installing necessary dependencies..."
-#     apt-get install certbot -y > /dev/null 2>&1
-#     if [ $? -ne 0 ]; then
-#         echo -e "${red}Error: Failed to install certbot. ${NC}"
-#         exit 1
-#     fi
-#     echo -e "${green}Certbot installed successfully. ${NC}"
-# }
-
 update_env_file() {
     local domain=$1
     local port=$2
@@ -54,14 +44,23 @@ start_service() {
         return
     fi
 
-    # install_dependencies
-    # systemctl stop caddy.service > /dev/null 2>&1 # We stopped caddy service just after its installation
-
-    echo "Generating SSL certificates for $domain..."
-    certbot certonly --standalone --agree-tos --register-unsafely-without-email -d "$domain"
-    if [ $? -ne 0 ]; then
-        echo -e "${red}Error: Failed to generate SSL certificates. ${NC}"
-        exit 1
+    echo "Checking SSL certificates for $domain..."
+    if certbot certificates | grep -q "$domain"; then
+        echo -e "${yellow}Certificate for $domain already exists. Renewing...${NC}"
+        certbot renew --cert-name "$domain"
+        if [ $? -ne 0 ]; then
+            echo -e "${red}Error: Failed to renew SSL certificate. ${NC}"
+            exit 1
+        fi
+        echo -e "${green}Certificate renewed successfully. ${NC}"
+    else
+        echo -e "${yellow}Requesting new certificate for $domain...${NC}"
+        certbot certonly --standalone --agree-tos --register-unsafely-without-email -d "$domain"
+        if [ $? -ne 0 ]; then
+            echo -e "${red}Error: Failed to generate SSL certificate. ${NC}"
+            exit 1
+        fi
+        echo -e "${green}Certificate generated successfully. ${NC}"
     fi
 
     update_env_file "$domain" "$port"
@@ -86,12 +85,12 @@ stop_service() {
         source /etc/hysteria/core/scripts/normalsub/.env
     fi
 
-    if [ -n "$HYSTERIA_DOMAIN" ]; then
-        echo -e "${yellow}Deleting SSL certificate for domain: $HYSTERIA_DOMAIN...${NC}"
-        certbot delete --cert-name "$HYSTERIA_DOMAIN" --non-interactive > /dev/null 2>&1
-    else
-        echo -e "${red}HYSTERIA_DOMAIN not found in .env. Skipping certificate deletion.${NC}"
-    fi
+    # if [ -n "$HYSTERIA_DOMAIN" ]; then
+    #     echo -e "${yellow}Deleting SSL certificate for domain: $HYSTERIA_DOMAIN...${NC}"
+    #     certbot delete --cert-name "$HYSTERIA_DOMAIN" --non-interactive > /dev/null 2>&1
+    # else
+    #     echo -e "${red}HYSTERIA_DOMAIN not found in .env. Skipping certificate deletion.${NC}"
+    # fi
 
     systemctl stop hysteria-normal-sub.service > /dev/null 2>&1
     systemctl disable hysteria-normal-sub.service > /dev/null 2>&1