-
-
Notifications
You must be signed in to change notification settings - Fork 5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5310 from acmesh-official/dev
sync
- Loading branch information
Showing
9 changed files
with
230 additions
and
171 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
#!/usr/bin/env sh | ||
# shellcheck disable=SC2034,SC2154 | ||
|
||
# Script to create certificate to Alibaba Cloud DCDN | ||
# | ||
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun | ||
# | ||
# This deployment required following variables | ||
# export Ali_Key="ALIACCESSKEY" | ||
# export Ali_Secret="ALISECRETKEY" | ||
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi | ||
# | ||
# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates | ||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com" | ||
# If you have multiple CDN domains using the same certificate, just | ||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com" | ||
# | ||
# For regular CDN, see ali_cdn deploy hook | ||
|
||
Ali_DCDN_API="https://dcdn.aliyuncs.com/" | ||
|
||
ali_dcdn_deploy() { | ||
_cdomain="$1" | ||
_ckey="$2" | ||
_ccert="$3" | ||
_cca="$4" | ||
_cfullchain="$5" | ||
|
||
_debug _cdomain "$_cdomain" | ||
_debug _ckey "$_ckey" | ||
_debug _ccert "$_ccert" | ||
_debug _cca "$_cca" | ||
_debug _cfullchain "$_cfullchain" | ||
|
||
# Load dnsapi/dns_ali.sh to reduce the duplicated codes | ||
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 | ||
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" | ||
# shellcheck source=/dev/null | ||
if ! . "$dnsapi_ali"; then | ||
_err "Error loading file $dnsapi_ali. Please check your API file and try again." | ||
return 1 | ||
fi | ||
|
||
_prepare_ali_credentials || return 1 | ||
|
||
_getdeployconf DEPLOY_ALI_DCDN_DOMAIN | ||
if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then | ||
_savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN" | ||
else | ||
DEPLOY_ALI_DCDN_DOMAIN="$_cdomain" | ||
fi | ||
|
||
# read cert and key files and urlencode both | ||
_cert=$(_url_encode upper-hex <"$_cfullchain") | ||
_key=$(_url_encode upper-hex <"$_ckey") | ||
|
||
_debug2 _cert "$_cert" | ||
_debug2 _key "$_key" | ||
|
||
## update domain ssl config | ||
for domain in $DEPLOY_ALI_DCDN_DOMAIN; do | ||
_set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" | ||
if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then | ||
_info "Domain $domain certificate has been deployed successfully" | ||
fi | ||
done | ||
|
||
return 0 | ||
} | ||
|
||
# domain pub pri | ||
_set_dcdn_domain_ssl_certificate_query() { | ||
endpoint=$Ali_DCDN_API | ||
query='' | ||
query=$query'AccessKeyId='$Ali_Key | ||
query=$query'&Action=SetDcdnDomainSSLCertificate' | ||
query=$query'&CertType=upload' | ||
query=$query'&DomainName='$1 | ||
query=$query'&Format=json' | ||
query=$query'&SSLPri='$3 | ||
query=$query'&SSLProtocol=on' | ||
query=$query'&SSLPub='$2 | ||
query=$query'&SignatureMethod=HMAC-SHA1' | ||
query=$query"&SignatureNonce=$(_ali_nonce)" | ||
query=$query'&SignatureVersion=1.0' | ||
query=$query'&Timestamp='$(_timestamp) | ||
query=$query'&Version=2018-01-15' | ||
} |
Oops, something went wrong.