Merge branch 'dev' into master

2026-01-12 02:54:42 +08:00 · 2026-01-04 18:26:04 +03:30
parent 70462b5ac3 045e4dee2e
commit ca94221d08
4 changed files with 48 additions and 4 deletions
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@@ -539,7 +539,7 @@ jobs:
    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openindiana-vm@v0
+    - uses: vmactions/openindiana-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        sync: nfs
--- a/.github/workflows/OpenIndiana.yml
+++ b/.github/workflows/OpenIndiana.yml
@@ -61,7 +61,7 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openindiana-vm@v0
+    - uses: vmactions/openindiana-vm@v1
      with:
        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        nat: |
--- a/acme.sh
+++ b/acme.sh
@@ -2783,6 +2783,7 @@ _clearAPI() {
  ACME_REVOKE_CERT=""
  ACME_NEW_NONCE=""
  ACME_AGREEMENT=""
+  ACME_RENEWAL_INFO=""
 }

 #server
@@ -2827,6 +2828,9 @@ _initAPI() {
    ACME_AGREEMENT=$(echo "$response" | _egrep_o 'termsOfService" *: *"[^"]*"' | cut -d '"' -f 3)
    export ACME_AGREEMENT

+    ACME_RENEWAL_INFO=$(echo "$response" | _egrep_o 'renewalInfo" *: *"[^"]*"' | cut -d '"' -f 3)
+    export ACME_RENEWAL_INFO
+
    _debug "ACME_KEY_CHANGE" "$ACME_KEY_CHANGE"
    _debug "ACME_NEW_AUTHZ" "$ACME_NEW_AUTHZ"
    _debug "ACME_NEW_ORDER" "$ACME_NEW_ORDER"
@@ -2834,6 +2838,7 @@ _initAPI() {
    _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT"
    _debug "ACME_AGREEMENT" "$ACME_AGREEMENT"
    _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE"
+    _debug "ACME_RENEWAL_INFO" "$ACME_RENEWAL_INFO"
    if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
      return 0
    fi
@@ -5840,7 +5845,8 @@ list() {
    if [ -z "$_domain" ]; then
      printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Profile${_sep}CA${_sep}Created${_sep}Renew"
    fi
-    for di in "${CERT_HOME}"/{*.*,*:*}/; do
+    for di in "${CERT_HOME}"/*.* "${CERT_HOME}"/*:*; do
+      [ -d "$di" ] || continue
      d=$(basename "$di")
      _debug d "$d"
      (
@@ -6537,6 +6543,36 @@ deactivate() {
  done
 }

+#cert
+_getAKI() {
+  _cert="$1"
+  openssl x509 -in "$_cert" -text -noout | grep "X509v3 Authority Key Identifier" -A 1 | _tail_n 1 | tr -d ' :'
+}
+
+#cert
+_getSerial() {
+  _cert="$1"
+  openssl x509 -in "$_cert" -serial -noout | cut -d = -f 2
+}
+
+#cert
+_get_ARI() {
+  _cert="$1"
+  _aki=$(_getAKI "$_cert")
+  _ser=$(_getSerial "$_cert")
+  _debug2 "_aki" "$_aki"
+  _debug2 "_ser" "$_ser"
+
+  _akiurl="$(echo "$_aki" | _h2b | _base64 | tr -d = | _url_encode)"
+  _debug2 "_akiurl" "$_akiurl"
+  _serurl="$(echo "$_ser" | _h2b | _base64 | tr -d = | _url_encode)"
+  _debug2 "_serurl" "$_serurl"
+
+  _ARI_URL="$ACME_RENEWAL_INFO/$_akiurl.$_serurl"
+  _get "$_ARI_URL"
+
+}
+
 # Detect profile file if not specified as environment variable
 _detect_profile() {
  if [ -n "$PROFILE" -a -f "$PROFILE" ]; then
--- a/deploy/qiniu.sh
+++ b/deploy/qiniu.sh
@@ -8,6 +8,8 @@
 # export QINIU_CDN_DOMAIN="cdn.example.com"
 # If you have more than one domain, just
 # export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
+# Optional: force HTTPS redirect (default: false)
+# export QINIU_FORCE_HTTPS="true"

 QINIU_API_BASE="https://api.qiniu.com"

@@ -44,6 +46,12 @@ qiniu_deploy() {
    QINIU_CDN_DOMAIN="$_cdomain"
  fi

+  if [ -z "$QINIU_FORCE_HTTPS" ]; then
+    QINIU_FORCE_HTTPS="false"
+  else
+    _savedomainconf QINIU_FORCE_HTTPS "$QINIU_FORCE_HTTPS"
+  fi
+
  ## upload certificate
  string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
  string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
@@ -69,7 +77,7 @@ qiniu_deploy() {
  _debug certId "$_certId"

  ## update domain ssl config
-  update_body="{\"certid\":$_certId,\"forceHttps\":false}"
+  update_body="{\"certid\":$_certId,\"forceHttps\":$QINIU_FORCE_HTTPS}"
  for domain in $QINIU_CDN_DOMAIN; do
    update_path="/domain/$domain/httpsconf"
    update_access_token="$(_make_access_token "$update_path")"