diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b200f56b..c0c51a84 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -539,7 +539,7 @@ jobs: - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openindiana-vm@v0 + - uses: vmactions/openindiana-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' sync: nfs diff --git a/.github/workflows/OpenIndiana.yml b/.github/workflows/OpenIndiana.yml index 19b1efaa..d17803de 100644 --- a/.github/workflows/OpenIndiana.yml +++ b/.github/workflows/OpenIndiana.yml @@ -61,7 +61,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openindiana-vm@v0 + - uses: vmactions/openindiana-vm@v1 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' nat: | diff --git a/acme.sh b/acme.sh index 5cd2cb3f..645de117 100755 --- a/acme.sh +++ b/acme.sh @@ -2783,6 +2783,7 @@ _clearAPI() { ACME_REVOKE_CERT="" ACME_NEW_NONCE="" ACME_AGREEMENT="" + ACME_RENEWAL_INFO="" } #server @@ -2827,6 +2828,9 @@ _initAPI() { ACME_AGREEMENT=$(echo "$response" | _egrep_o 'termsOfService" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_AGREEMENT + ACME_RENEWAL_INFO=$(echo "$response" | _egrep_o 'renewalInfo" *: *"[^"]*"' | cut -d '"' -f 3) + export ACME_RENEWAL_INFO + _debug "ACME_KEY_CHANGE" "$ACME_KEY_CHANGE" _debug "ACME_NEW_AUTHZ" "$ACME_NEW_AUTHZ" _debug "ACME_NEW_ORDER" "$ACME_NEW_ORDER" @@ -2834,6 +2838,7 @@ _initAPI() { _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT" _debug "ACME_AGREEMENT" "$ACME_AGREEMENT" _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE" + _debug "ACME_RENEWAL_INFO" "$ACME_RENEWAL_INFO" if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi @@ -5840,7 +5845,8 @@ list() { if [ -z "$_domain" ]; then printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Profile${_sep}CA${_sep}Created${_sep}Renew" fi - for di in "${CERT_HOME}"/{*.*,*:*}/; do + for di in "${CERT_HOME}"/*.* "${CERT_HOME}"/*:*; do + [ -d "$di" ] || continue d=$(basename "$di") _debug d "$d" ( @@ -6537,6 +6543,36 @@ deactivate() { done } +#cert +_getAKI() { + _cert="$1" + openssl x509 -in "$_cert" -text -noout | grep "X509v3 Authority Key Identifier" -A 1 | _tail_n 1 | tr -d ' :' +} + +#cert +_getSerial() { + _cert="$1" + openssl x509 -in "$_cert" -serial -noout | cut -d = -f 2 +} + +#cert +_get_ARI() { + _cert="$1" + _aki=$(_getAKI "$_cert") + _ser=$(_getSerial "$_cert") + _debug2 "_aki" "$_aki" + _debug2 "_ser" "$_ser" + + _akiurl="$(echo "$_aki" | _h2b | _base64 | tr -d = | _url_encode)" + _debug2 "_akiurl" "$_akiurl" + _serurl="$(echo "$_ser" | _h2b | _base64 | tr -d = | _url_encode)" + _debug2 "_serurl" "$_serurl" + + _ARI_URL="$ACME_RENEWAL_INFO/$_akiurl.$_serurl" + _get "$_ARI_URL" + +} + # Detect profile file if not specified as environment variable _detect_profile() { if [ -n "$PROFILE" -a -f "$PROFILE" ]; then diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh index 02250ed3..3737ed4e 100644 --- a/deploy/qiniu.sh +++ b/deploy/qiniu.sh @@ -8,6 +8,8 @@ # export QINIU_CDN_DOMAIN="cdn.example.com" # If you have more than one domain, just # export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com" +# Optional: force HTTPS redirect (default: false) +# export QINIU_FORCE_HTTPS="true" QINIU_API_BASE="https://api.qiniu.com" @@ -44,6 +46,12 @@ qiniu_deploy() { QINIU_CDN_DOMAIN="$_cdomain" fi + if [ -z "$QINIU_FORCE_HTTPS" ]; then + QINIU_FORCE_HTTPS="false" + else + _savedomainconf QINIU_FORCE_HTTPS "$QINIU_FORCE_HTTPS" + fi + ## upload certificate string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n') string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n') @@ -69,7 +77,7 @@ qiniu_deploy() { _debug certId "$_certId" ## update domain ssl config - update_body="{\"certid\":$_certId,\"forceHttps\":false}" + update_body="{\"certid\":$_certId,\"forceHttps\":$QINIU_FORCE_HTTPS}" for domain in $QINIU_CDN_DOMAIN; do update_path="/domain/$domain/httpsconf" update_access_token="$(_make_access_token "$update_path")"