diff --git a/class/core/site_api.py b/class/core/site_api.py
index f8dd7acab..c4724adcc 100755
--- a/class/core/site_api.py
+++ b/class/core/site_api.py
@@ -130,18 +130,15 @@ class site_api:
             if siteConf.find('301-START') != -1:
                 return public.returnJson(False, '检测到您的站点做了301重定向设置，请先关闭重定向!')
 
-        path = '/etc/letsencrypt/live/' + siteName
-        csrpath = path + "/fullchain.pem"  # 生成证书路径
-        keypath = path + "/privkey.pem"  # 密钥文件路径
+        letpath = '/etc/letsencrypt/live/' + siteName
+        csrpath = letpath + "/fullchain.pem"  # 生成证书路径
+        keypath = letpath + "/privkey.pem"  # 密钥文件路径
 
         actionstr = updateOf
         siteInfo = public.M('sites').where(
             'name=?', (siteName,)).field('id,name,path').find()
-        # runPath = self.getRunPath(get)
+        path = self.getSitePath(siteName)
         srcPath = siteInfo['path']
-        # if runPath != False and runPath != '/':
-        #     siteInfo['path'] += runPath
-        # path = siteInfo['path']
 
         # 检测acem是否安装
         if public.isAppleSystem():
@@ -179,35 +176,89 @@ class site_api:
             domainsTmp.append(domainTmp)
         domains = domainsTmp
 
-        home_path = public.getServerDir() + '/openresty/nginx/conf/cert/' + \
-            domains[0]
-        home_cert = home_path + '/fullchain.cer'
-        home_key = home_path + '/' + domains[0] + '.key'
-
         domainCount = 0
         for domain in domains:
             if public.checkIp(domain):
                 continue
             if domain.find('*.') != -1:
                 return public.returnJson(False, '泛域名不能使用【文件验证】的方式申请证书!')
-            if public.M('domain').where('name=?', (domain,)).count():
-                p = siteInfo['path']
-            else:
-                p = public.M('binding').where(
-                    'domain=?', (domain,)).getField('path')
-            path = p
             execStr += ' -w ' + path
             execStr += ' -d ' + domain
             domainCount += 1
         if domainCount == 0:
             return public.returnJson(False, '请选择域名(不包括IP地址与泛域名)!')
-        print execStr
+
+        home_path = public.getServerDir() + '/openresty/nginx/conf/cert/' + \
+            domains[0]
+        home_cert = home_path + '/fullchain.cer'
+        home_key = home_path + '/' + domains[0] + '.key'
+
+        if not os.path.exists(home_cert):
+            home_path = '/.acme.sh/' + domains[0]
+            home_cert = home_path + '/fullchain.cer'
+            home_key = home_path + '/' + domains[0] + '.key'
+
+        if not os.path.exists(home_cert):
+            home_path = '/root/.acme.sh/' + domains[0]
+            home_cert = home_path + '/fullchain.cer'
+            home_key = home_path + '/' + domains[0] + '.key'
+
+        if public.isAppleSystem():
+            user = public.execShell(
+                "who | sed -n '2, 1p' |awk '{print $1}'")[0].strip()
+            acem = '/Users/' + user + '/.acme.sh/'
+            if not os.path.exists(home_cert):
+                home_path = acem + domains[0]
+                home_cert = home_path + '/fullchain.cer'
+                home_key = home_path + '/' + domains[0] + '.key'
 
         cmd = 'export ACCOUNT_EMAIL=' + email + ' && ' + execStr
-        # result = public.execShell(cmd)
+        result = public.execShell(cmd)
+
+        print home_cert
+
+        if not os.path.exists(home_cert.replace("\*", "*")):
+            data = {}
+            data['err'] = result
+            data['out'] = result[0]
+            data['msg'] = '签发失败,我们无法验证您的域名:<p>1、检查域名是否绑定到对应站点</p>\
+                <p>2、检查域名是否正确解析到本服务器,或解析还未完全生效</p>\
+                <p>3、如果您的站点设置了反向代理,或使用了CDN,请先将其关闭</p>\
+                <p>4、如果您的站点设置了301重定向,请先将其关闭</p>\
+                <p>5、如果以上检查都确认没有问题，请尝试更换DNS服务商</p>'
+            data['result'] = {}
+            if result[1].find('new-authz error:') != -1:
+                data['result'] = json.loads(
+                    re.search("{.+}", result[1]).group())
+                if data['result']['status'] == 429:
+                    data['msg'] = '签发失败,您尝试申请证书的失败次数已达上限!<p>1、检查域名是否绑定到对应站点</p>\
+                        <p>2、检查域名是否正确解析到本服务器,或解析还未完全生效</p>\
+                        <p>3、如果您的站点设置了反向代理,或使用了CDN,请先将其关闭</p>\
+                        <p>4、如果您的站点设置了301重定向,请先将其关闭</p>\
+                        <p>5、如果以上检查都确认没有问题，请尝试更换DNS服务商</p>'
+            data['status'] = False
+            return public.getJson(data)
+
+        if not os.path.exists(letpath):
+            public.ExecShell("mkdir -p " + letpath)
+        public.ExecShell("ln -sf \"" + home_cert + "\" \"" + csrpath + '"')
+        public.ExecShell("ln -sf \"" + home_key + "\" \"" + keypath + '"')
+        public.ExecShell('echo "let" > "' + letpath + '/README"')
+        if(actionstr == '2'):
+            return public.returnJson(True, '证书已更新!')
+
+        # 写入配置文件
+        # result = self.SetSSLConf(get)
+        result['csr'] = public.readFile(csrpath)
+        result['key'] = public.readFile(keypath)
+        public.restartWeb()
+
+        print execStr
         print domains
         print file
-        return public.returnJson(True, 'OK')
+        print result[0]
+        print result[1]
+        return public.getJson(True, 'OK')
 
     def getIndexApi(self):
         sid = request.form.get('id', '').encode('utf-8')
@@ -438,6 +489,15 @@ class site_api:
             return path[0:-1]
         return path
 
+    def getSitePath(self, siteName):
+        file = self.getHostConf(siteName)
+        if os.path.exists(file):
+            conf = public.readFile(file)
+            rep = '\s*root\s*(.+);'
+            path = re.search(rep, conf).groups()[0]
+            return path
+        return ''
+
     def getHostConf(self, siteName):
         return public.getServerDir() + '/openresty/nginx/conf/vhost/' + siteName + '.conf'