|
|
受论坛帖子启发,想用AI写一份Github Actions,利用acme.sh申请证书的yaml文件。但遇到了问题:当CA为zerossl时,证书申请失败,letencrypt_test测试正常。
以下是yaml文件:
name: Auto SSL
on:
watch:
types: [started]
schedule:
- cron: "0 17 * * *"
workflow_dispatch:
env:
ACME: /home/runner/.acme.sh/acme.sh
EMAIL: ${{ secrets.ACCOUNT_EMAIL }}
DNSAPI: ${{ secrets.DNSAPI }}
CA: ${{ vars.CA }}
BACKUP_CA: ${{ vars.BACKUP_CA }}
DOH_USE: ${{ vars.DOH_USE }}
ECC_KEYLENGTH: ${{ vars.ECC_KEYLENGTH }}
RSA_KEYLENGTH: ${{ vars.RSA_KEYLENGTH }}
ZEROSSL_EAB_KEY_ID: ${{ secrets.ZEROSSL_EAB_KEY_ID }}
ZEROSSL_EAB_HMAC_KEY: ${{ secrets.ZEROSSL_EAB_HMAC_KEY }}
jobs:
build:
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.repository.owner.id == github.event.sender.id
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Git
run: |
git config --global user.email $EMAIL
git config --global user.name acme
- name: Install Dependencies
run: |
sudo apt-get update && sudo apt-get install -y tree
wget -O yq_linux_amd64 https://github.com/mikefarah/yq/releases/download/v4.28.1/yq_linux_amd64
chmod +x yq_linux_amd64
sudo mv yq_linux_amd64 /usr/local/bin/yq
- name: Install & Configure acme.sh
run: |
curl https://get.acme.sh | sh -s email=$EMAIL
echo "$DNSAPI" >> /home/runner/.acme.sh/account.conf
ZEROSSL_CONF_PATH="/home/runner/.acme.sh/ca/acme.zerossl.com/v2/DV90/ca.conf"
mkdir -p "$(dirname "$ZEROSSL_CONF_PATH")"
echo "CA_EAB_KEY_ID='${{ secrets.ZEROSSL_EAB_KEY_ID }}'" > "$ZEROSSL_CONF_PATH"
echo "CA_EAB_HMAC_KEY='${{ secrets.ZEROSSL_EAB_HMAC_KEY }}'" >> "$ZEROSSL_CONF_PATH"
cat "$ZEROSSL_CONF_PATH"
- name: Update Certificate Status
run: |
CURRENT_TIME=$(date +"%Y-%m-%d %H:%M:%S")
CERT_FILE="Certificate.md"
echo "## Certificate Status (Updated at $CURRENT_TIME)" > $CERT_FILE
echo "| Domain Group | Primary Domain | Expiry Date (ECC) | Issuer O (ECC) | Issuer CN (ECC) | Expiry Date (RSA) | Issuer O (RSA) | Issuer CN (RSA) |" >> $CERT_FILE
echo "|--------------|----------------|------------------|---------------|----------------|-------------------|----------------|-----------------|" >> $CERT_FILE
while IFS= read -r provider; do
provider=${provider#- }
while IFS= read -r domain_group; do
domain_group=${domain_group#- }
domain_group=$(echo "$domain_group" | sed 's/ && / /g')
primary_domain=$(echo "$domain_group" | awk '{print $1}')
expiry_date_ecc="N/A"
issuer_o_ecc="N/A"
issuer_cn_ecc="N/A"
expiry_date_rsa="N/A"
issuer_o_rsa="N/A"
issuer_cn_rsa="N/A"
if [ -f "./ssl/$primary_domain/ECC/$primary_domain.cer" ]; then
expiry_date_ecc=$(openssl x509 -enddate -noout -in "./ssl/$primary_domain/ECC/$primary_domain.cer" | cut -d= -f2)
issuer_info=$(openssl x509 -issuer -noout -in "./ssl/$primary_domain/ECC/$primary_domain.cer")
issuer_o_ecc=$(echo "$issuer_info" | grep -oP 'O = \K[^,]*')
issuer_cn_ecc=$(echo "$issuer_info" | grep -oP 'CN = \K.*')
fi
if [ -f "./ssl/$primary_domain/RSA/$primary_domain.cer" ]; then
expiry_date_rsa=$(openssl x509 -enddate -noout -in "./ssl/$primary_domain/RSA/$primary_domain.cer" | cut -d= -f2)
issuer_info=$(openssl x509 -issuer -noout -in "./ssl/$primary_domain/RSA/$primary_domain.cer")
issuer_o_rsa=$(echo "$issuer_info" | grep -oP 'O = \K[^,]*')
issuer_cn_rsa=$(echo "$issuer_info" | grep -oP 'CN = \K.*')
fi
echo "| $domain_group | $primary_domain | $expiry_date_ecc | $issuer_o_ecc | $issuer_cn_ecc | $expiry_date_rsa | $issuer_o_rsa | $issuer_cn_rsa |" >> $CERT_FILE
done
及环境变量:
|
|
发表于 2024-10-7 18:57:00