acme.sh/.github/workflows/LetsEncrypt.yml

name: LetsEncrypt
on:
  push:
    branches:
      - '*'
    paths:
      - '**.sh'
      - '**.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '**.sh'
      - '**.yml'


jobs:
  CheckToken:
    runs-on: ubuntu-latest
    outputs:
      hasToken: ${{ steps.step_one.outputs.hasToken }}
    env: 
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
    steps:
      - name: Set the value
        id: step_one
        run: |
          if [ "$NGROK_TOKEN" ] ; then
            echo "::set-output name=hasToken::true"
          else
            echo "::set-output name=hasToken::false"
          fi
      - name: Check the value
        run: echo ${{ steps.step_one.outputs.hasToken }}

  Ubuntu:
    runs-on: ubuntu-latest
    needs: CheckToken
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: cd ../acmetest && sudo --preserve-env ./letest.sh

  MacOS:
    runs-on: macos-latest
    needs: Ubuntu
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: cd ../acmetest && sudo --preserve-env ./letest.sh

  Windows:
    runs-on: windows-latest
    needs: MacOS
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
      #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.
      Le_HTTPPort: 8888
    steps:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
    - uses: actions/checkout@v2
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
          choco install --no-progress cygwin
      shell: cmd
    - name: Install cygwin additional packages
      run: |
          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
      shell: cmd
    - name: Set ENV
      shell: cmd
      run: |
          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
    - name: Check ENV
      shell: cmd
      run: |
          echo "PATH=%PATH%"
    - name: Clone acmetest
      shell: cmd
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      shell: cmd
      run: cd ../acmetest && bash.exe -c ./letest.sh

  FreeBSD:
    runs-on: macos-latest
    needs: Windows
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/freebsd-vm@v0.1.2
      with:
        envs: 'NGROK_TOKEN TEST_LOCAL'
        prepare: pkg install -y socat curl
        usesh: true
        run: |
          cd ../acmetest && ./letest.sh

  Solaris:
    runs-on: macos-latest
    needs: FreeBSD
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - uses: vmactions/ngrok-tunnel@v0.0.1
      id: ngrok
      with:
        protocol: http
        port: 8080
    - name: Set envs
      run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/solaris-vm@v0.0.3
      with:
        envs: 'TEST_LOCAL TestingDomain'
        nat: |
          "8080": "80"
        prepare: pkgutil -y -i socat curl
        run: |
          cd ../acmetest && ./letest.sh
remove travis 2020-08-27 14:17:10 +00:00			`name: LetsEncrypt`
no need to run for PR from dev to master 2020-08-28 17:32:10 +00:00			`on:`
			`push:`
			`branches:`
			`- '*'`
filer events 2020-08-29 05:14:28 +00:00			`paths:`
			`- '**.sh'`
trigger build 2020-08-29 15:23:07 +00:00			`- '**.yml'`
no need to run for PR from dev to master 2020-08-28 17:32:10 +00:00			`pull_request:`
			`branches:`
			`- dev`
filer events 2020-08-29 05:14:28 +00:00			`paths:`
			`- '**.sh'`
fix filter to *.yml 2020-09-01 13:39:44 +00:00			`- '**.yml'`
filer events 2020-08-29 05:14:28 +00:00
remove travis 2020-08-27 14:17:10 +00:00
			`jobs:`
check token before run 2020-08-29 15:14:18 +00:00			`CheckToken:`
			`runs-on: ubuntu-latest`
			`outputs:`
			`hasToken: ${{ steps.step_one.outputs.hasToken }}`
			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
			`steps:`
			`- name: Set the value`
			`id: step_one`
fix checktoken 2020-08-29 15:19:21 +00:00			`run: \|`
			`if [ "$NGROK_TOKEN" ] ; then`
			`echo "::set-output name=hasToken::true"`
			`else`
			`echo "::set-output name=hasToken::false"`
			`fi`
check token before run 2020-08-29 15:14:18 +00:00			`- name: Check the value`
			`run: echo ${{ steps.step_one.outputs.hasToken }}`

remove travis 2020-08-27 14:17:10 +00:00			`Ubuntu:`
			`runs-on: ubuntu-latest`
check token before run 2020-08-29 15:14:18 +00:00			`needs: CheckToken`
			`if: "contains(needs.CheckToken.outputs.hasToken, 'true')"`
remove travis 2020-08-27 14:17:10 +00:00			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
Update LetsEncrypt.yml 2020-08-28 01:32:38 +00:00			`TEST_LOCAL: 1`
remove travis 2020-08-27 14:17:10 +00:00			`steps:`
			`- uses: actions/checkout@v2`
			`- name: Install tools`
			`run: sudo apt-get install -y socat`
			`- name: Clone acmetest`
			`run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/`
			`- name: Run acmetest`
--preserve-env 2020-08-30 15:26:10 +00:00			`run: cd ../acmetest && sudo --preserve-env ./letest.sh`
remove travis 2020-08-27 14:17:10 +00:00
			`MacOS:`
			`runs-on: macos-latest`
add Windows 2020-08-28 15:18:05 +00:00			`needs: Ubuntu`
remove travis 2020-08-27 14:17:10 +00:00			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
Update LetsEncrypt.yml 2020-08-28 01:32:38 +00:00			`TEST_LOCAL: 1`
remove travis 2020-08-27 14:17:10 +00:00			`steps:`
			`- uses: actions/checkout@v2`
			`- name: Install tools`
Update LetsEncrypt.yml 2020-10-21 07:00:33 +00:00			`run: brew install socat`
remove travis 2020-08-27 14:17:10 +00:00			`- name: Clone acmetest`
			`run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/`
			`- name: Run acmetest`
--preserve-env 2020-08-30 15:26:10 +00:00			`run: cd ../acmetest && sudo --preserve-env ./letest.sh`
add Windows 2020-08-28 15:18:05 +00:00
			`Windows:`
			`runs-on: windows-latest`
			`needs: MacOS`
			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
			`TEST_LOCAL: 1`
add comments 2020-08-29 01:54:02 +00:00			`#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.`
80 port of github windows server is already used. 2020-08-28 15:54:39 +00:00			`Le_HTTPPort: 8888`
add Windows 2020-08-28 15:18:05 +00:00			`steps:`
update comments 2020-09-01 13:30:56 +00:00			`- name: Set git to use LF`
split shellcheck 2020-09-01 13:34:44 +00:00			`run: \|`
update comments 2020-09-01 13:30:56 +00:00			`git config --global core.autocrlf false`
add Windows 2020-08-28 15:18:05 +00:00			`- uses: actions/checkout@v2`
			`- name: Install cygwin base packages with chocolatey`
			`run: \|`
			`choco config get cacheLocation`
add unzip 2020-08-28 15:31:18 +00:00			`choco install --no-progress cygwin`
add Windows 2020-08-28 15:18:05 +00:00			`shell: cmd`
			`- name: Install cygwin additional packages`
			`run: \|`
add unzip 2020-08-28 15:31:18 +00:00			`C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git`
add Windows 2020-08-28 15:18:05 +00:00			`shell: cmd`
			`- name: Set ENV`
fix set-env 2020-11-18 15:16:36 +00:00			`shell: cmd`
add Windows 2020-08-28 15:18:05 +00:00			`run: \|`
fix set-env 2020-11-18 15:16:36 +00:00			`echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%`
fix set-env 2020-11-18 14:23:36 +00:00			`- name: Check ENV`
fix set-env 2020-11-18 15:16:36 +00:00			`shell: cmd`
fix set-env 2020-11-18 14:23:36 +00:00			`run: \|`
fix set-env 2020-11-18 15:16:36 +00:00			`echo "PATH=%PATH%"`
add Windows 2020-08-28 15:18:05 +00:00			`- name: Clone acmetest`
			`shell: cmd`
update comments 2020-09-01 13:30:56 +00:00			`run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/`
add Windows 2020-08-28 15:18:05 +00:00			`- name: Run acmetest`
			`shell: cmd`
			`run: cd ../acmetest && bash.exe -c ./letest.sh`

add freebsd 2020-09-24 13:37:51 +00:00			`FreeBSD:`
			`runs-on: macos-latest`
			`needs: Windows`
			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
			`TEST_LOCAL: 1`
			`steps:`
			`- uses: actions/checkout@v2`
			`- name: Clone acmetest`
			`run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/`
Syncing with the original repo (#2) * change arvan api script * change Author name * change name actor * Updated --preferred-chain to issue ISRG properly To support different openssl crl2pkcs7 help cli format * dnsapi/pdns: also normalize json response in detecting root zone * Chain (#3408) * fix https://github.com/acmesh-official/acme.sh/issues/3384 match the issuer to the root CA cert subject * fix format * fix https://github.com/acmesh-official/acme.sh/issues/3384 * remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384 * upgrade freebsd and solaris * duckdns - fix "integer expression expected" errors (#3397) * fix "integer expression expected" errors * duckdns fix * Update dns_duckdns.sh * Update dns_duckdns.sh * Implement smtp notify hook Support notifications via direct SMTP server connection. Uses Python (2.7.x or 3.4+) to communicate with SMTP server. * Make shfmt happy (I'm open to better ways of formatting the heredoc that embeds the Python script.) * Only save config if send is successful * Add instructions for reporting bugs * Prep for curl or Python; clean up SMTP_* variable usage * Implement curl version of smtp notify-hook * More than one blank line is an abomination, apparently I will not try to use whitespace to group code visually * Fix: Unifi deploy hook support Unifi Cloud Key (#3327) * fix: unifi deploy hook also update Cloud Key nginx certs When running on a Unifi Cloud Key device, also deploy to /etc/ssl/private/cloudkey.{crt,key} and reload nginx. This makes the new cert available for the Cloud Key management app running via nginx on port 443 (as well as the port 8443 Unifi Controller app the deploy hook already supported). Fixes #3326 * Improve settings documentation comments * Improve Cloud Key pre-flight error messaging * Fix typo * Add support for UnifiOS (Cloud Key Gen2) Since UnifiOS does not use the Java keystore (like a Unifi Controller or Cloud Key Gen1 deploy), this also reworks the settings validation and error messaging somewhat. * PR review fixes * Detect unsupported Cloud Key java keystore location * Don't try to restart inactive services (and remove extra spaces from reload command) * Clean up error messages and internal variables * Change to _getdeployconf/_savedeployconf * Switch from cp to cat to preserve file permissions * feat: add huaweicloud error handling * fix: fix freebsd and solaris * support openssl 3.0 fix https://github.com/acmesh-official/acme.sh/issues/3399 * make the fix for rsa key only * Use PROJECT_NAME and VER for X-Mailer header Also add X-Mailer header to Python version * Add _clearaccountconf_mutable() * Rework read/save config to not save default values Add and use _readaccountconf_mutable_default and _saveaccountconf_mutable_default helpers to capture common default value handling. New approach also eliminates need for separate underscore-prefixed version of each conf var. * Implement _rfc2822_date helper * Clean email headers and warn on unsupported address format Just in case, make sure CR or NL don't end up in an email header. * Clarify _readaccountconf_mutable_default * Add Date email header in Python implementation * Use email.policy.default in Python 3 implementation Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.) * Prefer Python to curl when both available * Change default SMTP_SECURE to "tls" Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.) * Update dns_dp.sh 没有encode中文字符会导致提交失败 * No need to include EC parameters explicitly with the private key. (they are embedded) * Fixes response handling and thereby allow issuing of subdomain certs * Adds comment * fix https://github.com/acmesh-official/acme.sh/issues/3402 * dnsapi/ionos: Use POST instead of PATCH for adding TXT record The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary. * fix https://github.com/acmesh-official/acme.sh/issues/3433 * fix https://github.com/acmesh-official/acme.sh/issues/3019 * fix format * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * fix https://github.com/acmesh-official/acme.sh/issues/3312 * fix format * feat: add dns_porkbun * fix: prevent rate limit Co-authored-by: Vahid Fardi <vahid.fardi@snapp.cab> Co-authored-by: neil <github@neilpang.com> Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com> Co-authored-by: manuel <manuel@mausz.at> Co-authored-by: jerrm <jerrm@users.noreply.github.com> Co-authored-by: medmunds <medmunds@gmail.com> Co-authored-by: Mike Edmunds <github@to.mikeedmunds.com> Co-authored-by: Easton Man <manyang.me@outlook.com> Co-authored-by: czeming <loser_wind@163.com> Co-authored-by: Geert Hendrickx <geert@hendrickx.be> Co-authored-by: Kristian Johansson <kristian.johansson86@gmail.com> Co-authored-by: Lukas Brocke <lukas@brocke.net> Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com> Co-authored-by: neil <win10@neilpang.com> Co-authored-by: Quentin Dreyer <quentin.dreyer@rgsystem.com> 2021-03-20 15:01:09 +00:00			`- uses: vmactions/freebsd-vm@v0.1.2`
add freebsd 2020-09-24 13:37:51 +00:00			`with:`
			`envs: 'NGROK_TOKEN TEST_LOCAL'`
add curl to freebsd 2020-09-24 14:18:38 +00:00			`prepare: pkg install -y socat curl`
update freebsd 2020-10-09 14:33:21 +00:00			`usesh: true`
add freebsd 2020-09-24 13:37:51 +00:00			`run: \|`
			`cd ../acmetest && ./letest.sh`
add Windows 2020-08-28 15:18:05 +00:00
fix for Solaris, and add Solaris to Github actions 2020-11-22 13:41:22 +00:00			`Solaris:`
			`runs-on: macos-latest`
			`needs: FreeBSD`
			`env:`
			`NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}`
			`TEST_LOCAL: 1`
			`steps:`
			`- uses: actions/checkout@v2`
			`- uses: vmactions/ngrok-tunnel@v0.0.1`
			`id: ngrok`
			`with:`
			`protocol: http`
			`port: 8080`
			`- name: Set envs`
			`run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV`
			`- name: Clone acmetest`
			`run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/`
Syncing with the original repo (#2) * change arvan api script * change Author name * change name actor * Updated --preferred-chain to issue ISRG properly To support different openssl crl2pkcs7 help cli format * dnsapi/pdns: also normalize json response in detecting root zone * Chain (#3408) * fix https://github.com/acmesh-official/acme.sh/issues/3384 match the issuer to the root CA cert subject * fix format * fix https://github.com/acmesh-official/acme.sh/issues/3384 * remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384 * upgrade freebsd and solaris * duckdns - fix "integer expression expected" errors (#3397) * fix "integer expression expected" errors * duckdns fix * Update dns_duckdns.sh * Update dns_duckdns.sh * Implement smtp notify hook Support notifications via direct SMTP server connection. Uses Python (2.7.x or 3.4+) to communicate with SMTP server. * Make shfmt happy (I'm open to better ways of formatting the heredoc that embeds the Python script.) * Only save config if send is successful * Add instructions for reporting bugs * Prep for curl or Python; clean up SMTP_* variable usage * Implement curl version of smtp notify-hook * More than one blank line is an abomination, apparently I will not try to use whitespace to group code visually * Fix: Unifi deploy hook support Unifi Cloud Key (#3327) * fix: unifi deploy hook also update Cloud Key nginx certs When running on a Unifi Cloud Key device, also deploy to /etc/ssl/private/cloudkey.{crt,key} and reload nginx. This makes the new cert available for the Cloud Key management app running via nginx on port 443 (as well as the port 8443 Unifi Controller app the deploy hook already supported). Fixes #3326 * Improve settings documentation comments * Improve Cloud Key pre-flight error messaging * Fix typo * Add support for UnifiOS (Cloud Key Gen2) Since UnifiOS does not use the Java keystore (like a Unifi Controller or Cloud Key Gen1 deploy), this also reworks the settings validation and error messaging somewhat. * PR review fixes * Detect unsupported Cloud Key java keystore location * Don't try to restart inactive services (and remove extra spaces from reload command) * Clean up error messages and internal variables * Change to _getdeployconf/_savedeployconf * Switch from cp to cat to preserve file permissions * feat: add huaweicloud error handling * fix: fix freebsd and solaris * support openssl 3.0 fix https://github.com/acmesh-official/acme.sh/issues/3399 * make the fix for rsa key only * Use PROJECT_NAME and VER for X-Mailer header Also add X-Mailer header to Python version * Add _clearaccountconf_mutable() * Rework read/save config to not save default values Add and use _readaccountconf_mutable_default and _saveaccountconf_mutable_default helpers to capture common default value handling. New approach also eliminates need for separate underscore-prefixed version of each conf var. * Implement _rfc2822_date helper * Clean email headers and warn on unsupported address format Just in case, make sure CR or NL don't end up in an email header. * Clarify _readaccountconf_mutable_default * Add Date email header in Python implementation * Use email.policy.default in Python 3 implementation Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.) * Prefer Python to curl when both available * Change default SMTP_SECURE to "tls" Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.) * Update dns_dp.sh 没有encode中文字符会导致提交失败 * No need to include EC parameters explicitly with the private key. (they are embedded) * Fixes response handling and thereby allow issuing of subdomain certs * Adds comment * fix https://github.com/acmesh-official/acme.sh/issues/3402 * dnsapi/ionos: Use POST instead of PATCH for adding TXT record The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary. * fix https://github.com/acmesh-official/acme.sh/issues/3433 * fix https://github.com/acmesh-official/acme.sh/issues/3019 * fix format * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * fix https://github.com/acmesh-official/acme.sh/issues/3312 * fix format * feat: add dns_porkbun * fix: prevent rate limit Co-authored-by: Vahid Fardi <vahid.fardi@snapp.cab> Co-authored-by: neil <github@neilpang.com> Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com> Co-authored-by: manuel <manuel@mausz.at> Co-authored-by: jerrm <jerrm@users.noreply.github.com> Co-authored-by: medmunds <medmunds@gmail.com> Co-authored-by: Mike Edmunds <github@to.mikeedmunds.com> Co-authored-by: Easton Man <manyang.me@outlook.com> Co-authored-by: czeming <loser_wind@163.com> Co-authored-by: Geert Hendrickx <geert@hendrickx.be> Co-authored-by: Kristian Johansson <kristian.johansson86@gmail.com> Co-authored-by: Lukas Brocke <lukas@brocke.net> Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com> Co-authored-by: neil <win10@neilpang.com> Co-authored-by: Quentin Dreyer <quentin.dreyer@rgsystem.com> 2021-03-20 15:01:09 +00:00			`- uses: vmactions/solaris-vm@v0.0.3`
fix for Solaris, and add Solaris to Github actions 2020-11-22 13:41:22 +00:00			`with:`
			`envs: 'TEST_LOCAL TestingDomain'`
			`nat: \|`
			`"8080": "80"`
			`prepare: pkgutil -y -i socat curl`
			`run: \|`
			`cd ../acmetest && ./letest.sh`