🔱: [acme] sync upgrade with 4 commits [trident-sync]

Example for on-demand tls-alpn-01 Example disclaimer, fallback cert Replace CircleCI with GitHub Actions
2026-04-23 19:57:27 +08:00 · 2024-02-01 19:24:13 +00:00
parent fc9e71bed2
commit 7e8842b452
21 changed files with 441 additions and 240 deletions
@@ -0,0 +1,61 @@
+#!/bin/bash
+#
+# Install CoreDNS for testing.
+#
+set -euo pipefail
+
+# Download and install
+wget -nv "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" -O /tmp/coredns.tgz
+
+tar zxvf /tmp/coredns.tgz -C /usr/local/bin
+chown root:root /usr/local/bin/coredns
+chmod 0755 /usr/local/bin/coredns
+
+mkdir -p /etc/coredns
+
+# Zones
+tee /etc/coredns/db.example.com << EOF
+\$ORIGIN example.com.
+@       3600 IN SOA ns.coredns.invalid. master.coredns.invalid. (
+                                2017042745  ; serial
+                                7200        ; refresh
+                                3600        ; retry
+                                1209600     ; expire
+                                3600        ; minimum
+                                )
+
+        3600 IN NS ns1.example.com.
+        3600 IN NS ns2.example.com.
+
+ns1     3600 IN A 127.0.0.1
+ns2     3600 IN A 127.0.0.1
+
+@       3600 IN A 127.0.0.1
+www     3600 IN CNAME example.com.
+EOF
+
+# Config
+tee /etc/coredns/Corefile << EOF
+example.com {
+    errors
+    log
+    bind 127.53.53.53
+    file /etc/coredns/db.example.com
+}
+
+test.example.com {
+    errors
+    log
+    bind 127.53.53.53
+    forward . 127.0.0.1:${PEBBLECTS_DNS_PORT}
+}
+
+. {
+    errors
+    log
+    bind 127.53.53.53
+    forward . 8.8.8.8
+}
+EOF
+
+exit 0
@@ -0,0 +1,13 @@
+#!/bin/bash
+#
+# Install Pebble Challenge Test Server for testing.
+#
+set -euo pipefail
+
+# Download and install
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+
+chown root:root /usr/local/bin/pebble-challtestsrv
+chmod 0755 /usr/local/bin/pebble-challtestsrv
+
+exit 0
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Install Pebble for testing.
+#
+set -euo pipefail
+
+CONFIG_NAME="pebble-config.json"
+
+# Use Pebble EAB config if enabled
+set +u
+if [[ -n $ACME_CAP_EAB_ENABLED ]] && [[ $ACME_CAP_EAB_ENABLED -eq 1 ]]; then
+    CONFIG_NAME="pebble-config-external-account-bindings.json"
+fi
+set -u
+
+# Download certs and config
+mkdir -p /etc/pebble
+
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/pebble.minica.pem" -O /etc/pebble/ca.cert.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/localhost/cert.pem" -O /etc/pebble/cert.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/localhost/key.pem" -O /etc/pebble/key.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${CONFIG_NAME}" -O /etc/pebble/pebble.json
+
+# Download and install Pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+
+chown root:root /usr/local/bin/pebble
+chmod 0755 /usr/local/bin/pebble
+
+# Config
+sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+
+exit 0
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Wait for ACME server to accept connections.
+#
+set -euo pipefail
+
+MAX_ATTEMPTS=15
+ATTEMPT=0
+
+# Loop until ready
+while ! curl --cacert "${ACME_CA_CERT_PATH}" -s -D - "${ACME_DIRECTORY_URL}" | grep '^HTTP.*200' > /dev/null 2>&1; do
+    ATTEMPT=$((ATTEMPT + 1))
+
+    # Max attempts
+    if [[ $ATTEMPT -gt $MAX_ATTEMPTS ]]; then
+        echo "[!] Waited ${ATTEMPT} attempts for server to become ready, exit 1"
+        exit 1
+    fi
+
+    # Retry
+    echo "[-] Waiting 1 second for server to become ready, attempt: ${ATTEMPT}/${MAX_ATTEMPTS}, check: ${ACME_DIRECTORY_URL}, cert: ${ACME_CA_CERT_PATH}"
+    sleep 1
+done
+
+# Ready
+echo "[+] Server ready!"
+exit 0