Fix SSL domain setup on reinstall: reuse existing certs and avoid false success/failure logs

[Kookiejarz]

What is the pull request?

closes #4002 #3851 #3979

This PR fixes SSL setup logic in interactive install/update scripts for domain certificates.

It resolves cases where:

• an existing cert is detected but not applied to panel paths,
• acme.sh --installcert returns non-zero only because --reloadcmd failed (while cert files were already installed),
• outer flow still prints success even when ssl_cert_issue failed.

Problem

During reinstall / setup with an already-issued domain cert, scripts could show contradictory output:

• Installing certificate failed, exiting.
• followed by ✓ SSL certificate configured successfully with domain: ...

Also, existing certs were treated as hard failure (return 1 / exit 1) instead of being reused and installed to panel cert paths.

Root Cause

1. Existing certificate handling in ssl_cert_issue aborted early.
2. --installcert return code was used as strict success criteria, but acme.sh can exit non-zero when reload command fails even if cert files are written.
3. Caller (prompt_and_setup_ssl) did not gate success message on ssl_cert_issue return status.

Changes

In domain SSL flow, when ${domain} already exists in acme.sh --list, scripts
now:

• log that existing cert is found,
• skip re-issue,
• continue to install cert files to /root/cert/${domain}/... and proceed with panel cert-path setup flow.

For acme.sh --installcert:

• keep execution even if reloadcmd fails (... || true),
• treat installation as successful if both files exist:
  • /root/cert/${domain}/privkey.pem
  • /root/cert/${domain}/fullchain.pem

This avoids false negatives caused only by reload command environment differences.

In prompt_and_setup_ssl (domain option):

• now checks if ssl_cert_issue; then ... else ... fi
• only prints SSL certificate configured successfully on real success
• uses SSL_ISSUED_DOMAIN from current flow (fallback to list lookup only if
  needed)

Files Changed

• install.sh
• update.sh
• x-ui.sh

Validation

• Reproduced with an existing domain cert in acme.sh --list.
• Confirmed flow now reuses existing cert and proceeds to panel cert path setup.

Which part of the application is affected by the change?

• Frontend
• Backend

Type of Changes

• Bug fix
• New feature
• Refactoring
• Other

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 99ce1fcba5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".