From 3c6b707353007d476e758932dfca1e7125e534b1 Mon Sep 17 00:00:00 2001
From: shonenada <shonenada@gmail.com>
Date: Sun, 13 Jan 2019 12:23:15 +0800
Subject: [PATCH] add `QINIU_CDN_DOMAIN` for wildcard certificate

---
 deploy/README.md | 14 ++++++++++++--
 deploy/qiniu.sh  |  6 ++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/deploy/README.md b/deploy/README.md
index 68c1a272..fa2d7189 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -335,8 +335,9 @@ export FABIO="1"
 
 ## 13. Deploy your certificate to Qiniu.com
 
-You should create AccessKey/SecretKey pair in https://portal.qiniu.com/user/key before deploying
-your certificate.
+You should create AccessKey/SecretKey pair in https://portal.qiniu.com/user/key 
+before deploying your certificate, and please ensure you have enabled HTTPS for
+your domain name. You can enable it in https://portal.qiniu.com/cdn/domain.
 
 ```sh
 $ export QINIU_AK="foo"
@@ -348,3 +349,12 @@ then you can deploy certificate by following command:
 ```sh
 $ acme.sh --deploy -d example.com --deploy-hook qiniu
 ```
+
+(Optional), If you are using wildcard certificate,
+you may need export `QINIU_CDN_DOMAIN` to specify which domain
+you want to update:
+
+```sh
+$ export QINIU_CDN_DOMAIN="cdn.example.com"
+$ acme.sh --deploy -d example.com --deploy-hook qiniu
+```
diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh
index e0be60fe..dac1866d 100644
--- a/deploy/qiniu.sh
+++ b/deploy/qiniu.sh
@@ -5,6 +5,7 @@
 # This deployment required following variables
 # export QINIU_AK="QINIUACCESSKEY"
 # export QINIU_SK="QINIUSECRETKEY"
+# export QINIU_CDN_DOMAIN="cdn.example.com"
 
 QINIU_API_BASE="https://api.qiniu.com"
 
@@ -14,6 +15,7 @@ qiniu_deploy() {
   _ccert="$3"
   _cca="$4"
   _cfullchain="$5"
+  _cdndomain="${QINIU_CDN_DOMAIN:-$_cdomain}"
 
   _debug _cdomain "$_cdomain"
   _debug _ckey "$_ckey"
@@ -46,7 +48,7 @@ qiniu_deploy() {
   string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
 
   sslcert_path="/sslcert"
-  sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdomain\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
+  sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$_cdndomain\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}"
   sslcert_access_token="$(_make_sslcreate_access_token "$sslcert_path")"
   _debug sslcert_access_token "$sslcert_access_token"
   export _H1="Authorization: QBox $sslcert_access_token"
@@ -66,7 +68,7 @@ qiniu_deploy() {
   _debug certId "$_certId"
 
   ## update domain ssl config
-  update_path="/domain/$_cdomain/httpsconf"
+  update_path="/domain/$_cdndomain/httpsconf"
   update_body="{\"certid\":$_certId,\"forceHttps\":true}"
   update_access_token="$(_make_sslcreate_access_token "$update_path")"
   _debug update_access_token "$update_access_token"