PMExtra
2 months ago
2 changed files with 91 additions and 1 deletions
@ -0,0 +1,88 @@
|
||||
#!/usr/bin/env sh |
||||
# shellcheck disable=SC2034,SC2154 |
||||
|
||||
# Script to create certificate to Alibaba Cloud DCDN |
||||
# |
||||
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun |
||||
# |
||||
# This deployment required following variables |
||||
# export Ali_Key="ALIACCESSKEY" |
||||
# export Ali_Secret="ALISECRETKEY" |
||||
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
||||
# |
||||
# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
||||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com" |
||||
# If you have multiple CDN domains using the same certificate, just |
||||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com" |
||||
# |
||||
# For regular CDN, see ali_cdn deploy hook |
||||
|
||||
Ali_DCDN_API="https://dcdn.aliyuncs.com/" |
||||
|
||||
ali_dcdn_deploy() { |
||||
_cdomain="$1" |
||||
_ckey="$2" |
||||
_ccert="$3" |
||||
_cca="$4" |
||||
_cfullchain="$5" |
||||
|
||||
_debug _cdomain "$_cdomain" |
||||
_debug _ckey "$_ckey" |
||||
_debug _ccert "$_ccert" |
||||
_debug _cca "$_cca" |
||||
_debug _cfullchain "$_cfullchain" |
||||
|
||||
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
||||
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
||||
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
||||
# shellcheck source=/dev/null |
||||
if ! . "$dnsapi_ali"; then |
||||
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
||||
return 1 |
||||
fi |
||||
|
||||
_prepare_ali_credentials || return 1 |
||||
|
||||
_getdeployconf DEPLOY_ALI_DCDN_DOMAIN |
||||
if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then |
||||
_savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN" |
||||
else |
||||
DEPLOY_ALI_DCDN_DOMAIN="$_cdomain" |
||||
fi |
||||
|
||||
# read cert and key files and urlencode both |
||||
_cert=$(_url_encode upper-hex <"$_cfullchain") |
||||
_key=$(_url_encode upper-hex <"$_ckey") |
||||
|
||||
_debug2 _cert "$_cert" |
||||
_debug2 _key "$_key" |
||||
|
||||
## update domain ssl config |
||||
for domain in $DEPLOY_ALI_DCDN_DOMAIN; do |
||||
_set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" |
||||
if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then |
||||
_info "Domain $domain certificate has been deployed successfully" |
||||
fi |
||||
done |
||||
|
||||
return 0 |
||||
} |
||||
|
||||
# domain pub pri |
||||
_set_dcdn_domain_ssl_certificate_query() { |
||||
endpoint=$Ali_DCDN_API |
||||
query='' |
||||
query=$query'AccessKeyId='$Ali_Key |
||||
query=$query'&Action=SetDcdnDomainSSLCertificate' |
||||
query=$query'&CertType=upload' |
||||
query=$query'&DomainName='$1 |
||||
query=$query'&Format=json' |
||||
query=$query'&SSLPri='$3 |
||||
query=$query'&SSLProtocol=on' |
||||
query=$query'&SSLPub='$2 |
||||
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
query=$query'&SignatureVersion=1.0' |
||||
query=$query'&Timestamp='$(_timestamp) |
||||
query=$query'&Version=2018-01-05' |
||||
} |
||||
Loading…
Reference in new issue