From ec44ba9335068fdf6f5163c0009997441d4ba2c2 Mon Sep 17 00:00:00 2001
From: CityFun <31820853+zhengkunwang223@users.noreply.github.com>
Date: Wed, 13 Aug 2025 16:14:07 +0800
Subject: [PATCH] fix: Fix the issue of system certificates not auto-renewing.
 (#9978)

---
 agent/app/service/website_utils.go | 13 +++++------
 agent/utils/req_helper/core.go     | 35 ++++++++++++++++--------------
 2 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/agent/app/service/website_utils.go b/agent/app/service/website_utils.go
index 1fa887b8f..beae895f6 100644
--- a/agent/app/service/website_utils.go
+++ b/agent/app/service/website_utils.go
@@ -1143,13 +1143,12 @@ func saveCertificateFile(websiteSSL *model.WebsiteSSL, logger *log.Logger) {
 }
 
 func GetSystemSSL() (bool, uint) {
-	sslSetting, err := settingRepo.Get(settingRepo.WithByKey("SSL"))
-	if err != nil {
-		return false, 0
-	}
-	if sslSetting.Value == "enable" {
-		sslID, _ := settingRepo.Get(settingRepo.WithByKey("SSLID"))
-		idValue, _ := strconv.Atoi(sslID.Value)
+	var sslSetting model.Setting
+	_ = global.CoreDB.Model(&model.Setting{}).Where("key = ?", "SSL").First(&sslSetting).Error
+	if sslSetting.Value == "Enable" {
+		var sslIDSetting model.Setting
+		_ = global.CoreDB.Model(&model.Setting{}).Where("key = ?", "SSLID").First(&sslIDSetting).Error
+		idValue, _ := strconv.Atoi(sslIDSetting.Value)
 		if idValue > 0 {
 			return true, uint(idValue)
 		}
diff --git a/agent/utils/req_helper/core.go b/agent/utils/req_helper/core.go
index bf8e3cdd6..800b22924 100644
--- a/agent/utils/req_helper/core.go
+++ b/agent/utils/req_helper/core.go
@@ -2,34 +2,37 @@ package req_helper
 
 import (
 	"bytes"
+	"crypto/tls"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/agent/app/model"
+	"github.com/1Panel-dev/1Panel/agent/global"
 	"net/http"
-
-	"github.com/1Panel-dev/1Panel/agent/app/repo"
 )
 
 func PostLocalCore(url string) error {
-	settingRepo := repo.NewISettingRepo()
-	port, err := settingRepo.GetValueByKey("ServerPort")
-	if err != nil {
-		return err
-	}
-	sslStatus, err := settingRepo.GetValueByKey("SSL")
-	if err != nil {
-		return err
-	}
+	var serverPortSetting model.Setting
+	_ = global.CoreDB.Model(&model.Setting{}).Where("key = ?", "ServerPort").First(&serverPortSetting).Error
+	var sslStatusSetting model.Setting
+	_ = global.CoreDB.Model(&model.Setting{}).Where("key = ?", "SSL").First(&sslStatusSetting).Error
+
 	var prefix string
-	if sslStatus == "Disable" {
-		prefix = "http://"
+	if sslStatusSetting.Value == "Disable" {
+		prefix = "http"
 	} else {
-		prefix = "https://"
+		prefix = "https"
 	}
-	reloadURL := fmt.Sprintf("%s://127.0.0.1:%s/api/v2%s", prefix, port, url)
+
+	reloadURL := fmt.Sprintf("%s://127.0.0.1:%s/api/v2%s", prefix, serverPortSetting.Value, url)
 	req, err := http.NewRequest("POST", reloadURL, bytes.NewBuffer([]byte{}))
 	if err != nil {
 		return err
 	}
-	client := &http.Client{}
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	client := &http.Client{
+		Transport: tr,
+	}
 	defer client.CloseIdleConnections()
 	resp, err := client.Do(req)
 	if err != nil {