Browse Source

Update Qiniu's domain settings after uploading certificate

pull/2027/head
shonenada 6 years ago
parent
commit
3bc6628227
No known key found for this signature in database GPG Key ID: 76A1B4666B0495CB
  1. 2
      acme.sh
  2. 41
      deploy/qiniu.sh

2
acme.sh

@ -1580,7 +1580,7 @@ _inithttp() {
fi fi
if [ -z "$_ACME_CURL" ] && _exists "curl"; then if [ -z "$_ACME_CURL" ] && _exists "curl"; then
_ACME_CURL="curl -L --dump-header $HTTP_HEADER "
_ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER "
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
_CURL_DUMP="$(_mktemp)" _CURL_DUMP="$(_mktemp)"
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "

41
deploy/qiniu.sh

@ -44,30 +44,53 @@ qiniu_deploy() {
string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain") string_fullchain=$(awk '{printf "%s\\n", $0}' "$_cfullchain")
string_key=$(awk '{printf "%s\\n", $0}' "$_ckey") string_key=$(awk '{printf "%s\\n", $0}' "$_ckey")
body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}"
sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\""$string_fullchain"\",\"pri\":\"$string_key\"}"
create_ssl_url="$QINIU_API_BASE/sslcert" create_ssl_url="$QINIU_API_BASE/sslcert"
ACCESSTOKEN="$(_make_sslcreate_access_token)"
export _H1="Authorization: QBox $ACCESSTOKEN"
sslcert_access_token="$(_make_sslcreate_access_token "/sslcert\\n")"
_debug sslcert_access_token "$sslcert_access_token"
export _H1="Authorization: QBox $sslcert_access_token"
_response=$(_post "$body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline")
sslcert_response=$(_post "$sslcerl_body" "$create_ssl_url" 0 "POST" "application/json" | _dbase64 "multiline")
success_response="certID" success_response="certID"
if test "${_response#*$success_response}" == "$_response"; then
_err "Error in deploying certificate:"
_err "$_response"
if test "${sslcert_response#*$success_response}" == "$sslcert_response"; then
_err "Error in creating certificate:"
_err "$sslcert_response"
return 1 return 1
fi fi
_debug response "$_response"
_debug sslcert_response "$sslcert_response"
_info "Certificate successfully uploaded, updating domain $_cdomain"
_certId=$(printf "%s" $sslcert_response | sed -e "s/^.*certID\":\"//" -e "s/\"\}$//")
_debug certId "$_certId"
update_path="/domain/$_cdomain/httpsconf"
update_url="$QINIU_API_BASE$update_path"
update_body="{\"certid\":\""$_certId"\",\"forceHttps\":true}"
update_access_token="$(_make_sslcreate_access_token "$update_path\\n")"
_debug update_access_token "$update_access_token"
export _H1="Authorization: QBox $update_access_token"
update_response=$(_post "$update_body" "$update_url" 0 "PUT" "application/json" | _dbase64 "multiline")
err_response="error"
if test "${update_response#*$err_response}" != "$update_response"; then
_err "Error in updating domain:"
_err "$update_response"
return 1
fi
_debug update_response "$update_response"
_info "Certificate successfully deployed" _info "Certificate successfully deployed"
return 0 return 0
} }
_make_sslcreate_access_token() { _make_sslcreate_access_token() {
_data="/sslcert\\n"
_data="$1"
_token="$(printf "$_data" | openssl sha1 -hmac $Le_Deploy_Qiniu_SK -binary | openssl base64 -e)" _token="$(printf "$_data" | openssl sha1 -hmac $Le_Deploy_Qiniu_SK -binary | openssl base64 -e)"
echo "$Le_Deploy_Qiniu_AK:$_token" echo "$Le_Deploy_Qiniu_AK:$_token"
} }
Loading…
Cancel
Save