From d5b5bcef5631ae2e04d9df7c19be0947351145ab Mon Sep 17 00:00:00 2001
From: neil <gitpc@neilpang.com>
Date: Tue, 10 Dec 2024 20:54:20 +0100
Subject: [PATCH 1/7] support ARI, not finished yet
 https://github.com/acmesh-official/acme.sh/issues/4944

---
 acme.sh | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/acme.sh b/acme.sh
index 9842e3f1..bc146996 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2746,6 +2746,7 @@ _clearAPI() {
   ACME_REVOKE_CERT=""
   ACME_NEW_NONCE=""
   ACME_AGREEMENT=""
+  ACME_RENEWAL_INFO=""
 }
 
 #server
@@ -2790,6 +2791,9 @@ _initAPI() {
     ACME_AGREEMENT=$(echo "$response" | _egrep_o 'termsOfService" *: *"[^"]*"' | cut -d '"' -f 3)
     export ACME_AGREEMENT
 
+    ACME_RENEWAL_INFO=$(echo "$response" | _egrep_o 'renewalInfo" *: *"[^"]*"' | cut -d '"' -f 3)
+    export ACME_RENEWAL_INFO
+
     _debug "ACME_KEY_CHANGE" "$ACME_KEY_CHANGE"
     _debug "ACME_NEW_AUTHZ" "$ACME_NEW_AUTHZ"
     _debug "ACME_NEW_ORDER" "$ACME_NEW_ORDER"
@@ -2797,6 +2801,7 @@ _initAPI() {
     _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT"
     _debug "ACME_AGREEMENT" "$ACME_AGREEMENT"
     _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE"
+    _debug "ACME_RENEWAL_INFO" "$ACME_RENEWAL_INFO"
     if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
       return 0
     fi
@@ -6416,6 +6421,36 @@ deactivate() {
   done
 }
 
+#cert
+_getAKI() {
+  _cert="$1"
+  openssl x509 -in "$_cert" -text -noout | grep "X509v3 Authority Key Identifier" -A 1 | _tail_n 1 | tr -d ' :'
+}
+
+#cert
+_getSerial() {
+  _cert="$1"
+  openssl x509 -in "$_cert" -serial -noout | cut -d = -f 2
+}
+
+#cert
+_get_ARI() {
+  _cert="$1"
+  _aki=$(_getAKI "$_cert")
+  _ser=$(_getSerial "$_cert")
+  _debug2 "_aki" "$_aki"
+  _debug2 "_ser" "$_ser"
+
+  _akiurl="$(echo "$_aki" | _h2b  | _base64  | tr -d = | _url_encode)"
+  _debug2 "_akiurl" "$_akiurl"
+  _serurl="$(echo "$_ser" | _h2b  | _base64  | tr -d = | _url_encode)"
+  _debug2 "_serurl" "$_serurl"
+  
+  _ARI_URL="$ACME_RENEWAL_INFO/$_akiurl.$_serurl"
+  _get "$_ARI_URL"
+
+}
+
 # Detect profile file if not specified as environment variable
 _detect_profile() {
   if [ -n "$PROFILE" -a -f "$PROFILE" ]; then

From 5ddffc9172e9dd00c90f4251e0e37310525db337 Mon Sep 17 00:00:00 2001
From: neil <gitpc@neilpang.com>
Date: Tue, 10 Dec 2024 21:01:37 +0100
Subject: [PATCH 2/7] fix format

---
 acme.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acme.sh b/acme.sh
index bc146996..4290d7a1 100755
--- a/acme.sh
+++ b/acme.sh
@@ -6441,9 +6441,9 @@ _get_ARI() {
   _debug2 "_aki" "$_aki"
   _debug2 "_ser" "$_ser"
 
-  _akiurl="$(echo "$_aki" | _h2b  | _base64  | tr -d = | _url_encode)"
+  _akiurl="$(echo "$_aki" | _h2b | _base64 | tr -d = | _url_encode)"
   _debug2 "_akiurl" "$_akiurl"
-  _serurl="$(echo "$_ser" | _h2b  | _base64  | tr -d = | _url_encode)"
+  _serurl="$(echo "$_ser" | _h2b | _base64 | tr -d = | _url_encode)"
   _debug2 "_serurl" "$_serurl"
   
   _ARI_URL="$ACME_RENEWAL_INFO/$_akiurl.$_serurl"

From ee661e5d7112674cf432a6dacc6455b11c54f38e Mon Sep 17 00:00:00 2001
From: neil <gitpc@neilpang.com>
Date: Tue, 10 Dec 2024 21:02:54 +0100
Subject: [PATCH 3/7] fix format

---
 acme.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 4290d7a1..b7558ee5 100755
--- a/acme.sh
+++ b/acme.sh
@@ -6445,7 +6445,7 @@ _get_ARI() {
   _debug2 "_akiurl" "$_akiurl"
   _serurl="$(echo "$_ser" | _h2b | _base64 | tr -d = | _url_encode)"
   _debug2 "_serurl" "$_serurl"
-  
+
   _ARI_URL="$ACME_RENEWAL_INFO/$_akiurl.$_serurl"
   _get "$_ARI_URL"
 

From f4a575fee15054eec1b02c82836ed41053a52e81 Mon Sep 17 00:00:00 2001
From: jwaterwater <jwaterwater@qq.com>
Date: Thu, 25 Dec 2025 14:48:44 +0800
Subject: [PATCH 4/7] bug fixed

---
 deploy/ali_cdn.sh  | 2 +-
 deploy/ali_dcdn.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/ali_cdn.sh b/deploy/ali_cdn.sh
index 70a2e532..3c28674e 100644
--- a/deploy/ali_cdn.sh
+++ b/deploy/ali_cdn.sh
@@ -83,6 +83,6 @@ _set_cdn_domain_ssl_certificate_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&Version=2018-05-10'
 }
diff --git a/deploy/ali_dcdn.sh b/deploy/ali_dcdn.sh
index 14ac500a..27d3a726 100644
--- a/deploy/ali_dcdn.sh
+++ b/deploy/ali_dcdn.sh
@@ -83,6 +83,6 @@ _set_dcdn_domain_ssl_certificate_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&Version=2018-01-15'
 }

From 2ad984d8ada9cf4e67ee0c6e61fd76c92d195291 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 1 Jan 2026 13:26:02 +0000
Subject: [PATCH 5/7] feat(qiniu): make forceHttps configurable via environment
 variable

Add QINIU_FORCE_HTTPS environment variable (default: false) to allow
configuring HTTPS redirect behavior for CDN domains.
---
 deploy/qiniu.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh
index 02250ed3..3737ed4e 100644
--- a/deploy/qiniu.sh
+++ b/deploy/qiniu.sh
@@ -8,6 +8,8 @@
 # export QINIU_CDN_DOMAIN="cdn.example.com"
 # If you have more than one domain, just
 # export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
+# Optional: force HTTPS redirect (default: false)
+# export QINIU_FORCE_HTTPS="true"
 
 QINIU_API_BASE="https://api.qiniu.com"
 
@@ -44,6 +46,12 @@ qiniu_deploy() {
     QINIU_CDN_DOMAIN="$_cdomain"
   fi
 
+  if [ -z "$QINIU_FORCE_HTTPS" ]; then
+    QINIU_FORCE_HTTPS="false"
+  else
+    _savedomainconf QINIU_FORCE_HTTPS "$QINIU_FORCE_HTTPS"
+  fi
+
   ## upload certificate
   string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
   string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
@@ -69,7 +77,7 @@ qiniu_deploy() {
   _debug certId "$_certId"
 
   ## update domain ssl config
-  update_body="{\"certid\":$_certId,\"forceHttps\":false}"
+  update_body="{\"certid\":$_certId,\"forceHttps\":$QINIU_FORCE_HTTPS}"
   for domain in $QINIU_CDN_DOMAIN; do
     update_path="/domain/$domain/httpsconf"
     update_access_token="$(_make_access_token "$update_path")"

From b08bb2ef69b087ebf36f0cae37471b1e0561f68c Mon Sep 17 00:00:00 2001
From: Jacobo de Vera <devel@jacobodevera.com>
Date: Fri, 2 Jan 2026 12:08:22 +0000
Subject: [PATCH 6/7] Fix list command for POSIX sh by avoiding brace expansion

---
 acme.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index fc2afcc8..645de117 100755
--- a/acme.sh
+++ b/acme.sh
@@ -5845,7 +5845,8 @@ list() {
     if [ -z "$_domain" ]; then
       printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Profile${_sep}CA${_sep}Created${_sep}Renew"
     fi
-    for di in "${CERT_HOME}"/{*.*,*:*}/; do
+    for di in "${CERT_HOME}"/*.* "${CERT_HOME}"/*:*; do
+      [ -d "$di" ] || continue
       d=$(basename "$di")
       _debug d "$d"
       (

From 045e4dee2ed765a8a9d8f8c44fdd6358ce9aae70 Mon Sep 17 00:00:00 2001
From: neil <gitpc@neilpang.com>
Date: Fri, 2 Jan 2026 16:24:06 +0100
Subject: [PATCH 7/7] use openindiana-vm@v1

---
 .github/workflows/DNS.yml         | 2 +-
 .github/workflows/OpenIndiana.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml
index b200f56b..c0c51a84 100644
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@@ -539,7 +539,7 @@ jobs:
     - uses: actions/checkout@v4
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openindiana-vm@v0
+    - uses: vmactions/openindiana-vm@v1
       with:
         envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
         sync: nfs
diff --git a/.github/workflows/OpenIndiana.yml b/.github/workflows/OpenIndiana.yml
index 19b1efaa..d17803de 100644
--- a/.github/workflows/OpenIndiana.yml
+++ b/.github/workflows/OpenIndiana.yml
@@ -61,7 +61,7 @@ jobs:
       run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openindiana-vm@v0
+    - uses: vmactions/openindiana-vm@v1
       with:
         envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
         nat: |