IwoooS DNS / TLS / certbot Owner Response Acceptance
| 項目 |
內容 |
| 日期 |
2026-06-14 |
| 狀態 |
owner_response_acceptance_ledger_ready_no_runtime_action |
| 工具 |
scripts/security/domain-tls-certbot-owner-response-acceptance.py |
| 輸入 |
docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json |
| Snapshot |
docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json |
| runtime gate |
0 |
1. 目的
DNS / TLS / certbot 屬於 C0 公開入口配置。既有 owner confirmation request 已把 4 個 certificate path 需確認關係列出,但若缺少 owner response acceptance 帳本,後續容易把 SAN / wildcard / 共用憑證覆蓋確認、renewal owner 或 ACME route owner 誤判成 DNS query、TLS probe、certbot renew、Nginx reload 或 route smoke 授權。
本文件只定義 owner response 如何收件、補證、隔離、拒收與進 reviewer review。它不是 request sent、不是 owner response received、不是 accepted response、不是 DNS query、不是 live TLS probe、不是 certbot renew、不是 Nginx reload、不是 route smoke,也不是 host write、production write 或 runtime gate 授權。
2. 摘要
| 指標 |
值 |
說明 |
| acceptance candidate count |
4 |
4 個 domain / certificate path relation candidate |
| C0 acceptance candidate count |
4 |
全部位於 188 public gateway / internal tools HTTPS 範圍 |
| acceptance field count |
23 |
每份 candidate 的 metadata-only 欄位 |
| required owner response field count |
13 |
owner / decision / scope / redacted refs / coverage / expiry / renewal / ACME / window / rollback / validation |
| reviewer check count |
13 |
raw cert、private key、credential、execution request、coverage ref 與 runtime gate 檢查 |
| outcome lane count |
7 |
waiting、quarantine、reject、supplement、coverage review、read-only update、waiting runtime gate |
| blocked action count |
20 |
DNS query、TLS probe、certbot renew、Nginx reload、route smoke、secret collection 等 |
| owner response received / accepted |
0 / 0 |
尚未收到,尚未驗收 |
| DNS query / TLS probe / certbot renew / Nginx reload / route smoke |
0 / 0 / 0 / 0 / 0 |
尚未批准且未執行 |
| runtime gate / action button |
0 / 0 |
未開啟 |
3. 四份驗收候選
| Acceptance candidate |
Control tier |
來源 request |
驗收焦點 |
domain_tls_certbot_owner_response_acceptance:gitea.wooo.work |
C0 |
domain_tls_certbot_owner_confirmation:gitea.wooo.work |
憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner |
domain_tls_certbot_owner_response_acceptance:langfuse.wooo.work |
C0 |
domain_tls_certbot_owner_confirmation:langfuse.wooo.work |
憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner |
domain_tls_certbot_owner_response_acceptance:signoz.wooo.work |
C0 |
domain_tls_certbot_owner_confirmation:signoz.wooo.work |
憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner |
domain_tls_certbot_owner_response_acceptance:tsenyang.com |
C0 |
domain_tls_certbot_owner_confirmation:tsenyang.com |
憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner |
4. Owner response 必填欄位
| 欄位 |
規則 |
owner_role_or_team |
只填角色或團隊,不填私人聯絡資料或 credential |
decision |
允許 confirm、defer、reject、request_more_evidence |
decision_reason |
摘要說明,不貼 raw cert、private key、certbot log 或 DNS credential |
affected_scope |
明確列出 domain、certificate path metadata、ACME / route 影響範圍 |
redacted_evidence_refs |
只接受脫敏 ref、ticket id、文件路徑、hash 或摘要 |
certificate_coverage_basis_ref |
SAN / wildcard / 共用憑證覆蓋依據的脫敏 ref |
certificate_expiry_metadata_ref |
憑證到期資訊只能是 owner-provided metadata ref,不得貼 raw cert |
renewal_owner |
未來 renewal 負責角色;不代表可執行 certbot renew |
acme_challenge_route_owner |
HTTP-01 ACME path 與 route smoke owner |
maintenance_window |
未來 probe / renew / reload 的維護窗口;本 response 不開執行權 |
rollback_owner |
未來若進變更的 rollback owner |
validation_plan |
DNS / TLS / ACME / route post-check 指標,不授權執行 |
followup_owner |
後續補證、reviewer 或 runtime gate 負責角色 |
5. Reviewer checks
| Check |
說明 |
owner_identity_present |
owner role / team 必須可追溯 |
decision_and_reason_present |
decision 與 reason 必須同時存在 |
redacted_refs_only |
evidence 只能是脫敏 ref、ticket、hash、文件路徑或摘要 |
raw_certificate_absent |
不得出現 raw certificate payload、完整 SAN dump、private key 或 ACME account key |
secret_value_absent |
不得出現 DNS credential、registrar credential、token、cookie、authorization header 或 Basic Auth |
coverage_basis_ref_present |
覆蓋依據必須是 metadata ref |
expiry_metadata_ref_not_probe |
到期資訊不得由本帳本觸發 live probe |
renewal_owner_separate_from_action |
renewal owner 與 certbot renew action 必須分離 |
acme_route_owner_present |
ACME path 與 route smoke owner 必須清楚 |
maintenance_window_present |
未來執行期操作需維護窗口或明確禁止窗口 |
rollback_owner_present |
rollback owner 與 rollback ref 必須存在 |
validation_plan_present |
validation plan 只列 post-check,不授權執行 |
counts_transition_safe |
只有 reviewer record 可更新 received / accepted / rejected,且不得開 runtime gate |
6. Outcome lanes
| Lane |
意義 |
waiting_owner_response |
尚未收到 owner response |
quarantine_raw_certificate_or_secret |
收到 raw cert、private key、DNS credential 或 certbot account 內容時隔離 |
reject_execution_request |
夾帶 DNS query、TLS probe、certbot renew、Nginx reload 或 host write 要求時拒收 |
request_supplement |
欄位不足、scope 不清或 evidence ref 不可追溯時要求補件 |
ready_for_certificate_coverage_review |
metadata 合格後,只能進憑證覆蓋關係 reviewer review |
owner_review_only_update |
只允許更新只讀 owner review ledger |
waiting_runtime_gate |
即使 owner response accepted,runtime gate 仍等待獨立人工批准 |
7. 禁止事項
- 不做 DNS query。
- 不做 live TLS probe。
- 不執行 certbot renew。
- 不 reload Nginx。
- 不執行 route smoke。
- 不讀 TLS private key。
- 不保存 raw certificate payload、DNS credential、certbot account key、secret value、未脫敏 certbot log、shell history 或 env dump。
- 不修改 DNS record、TLS certificate path、ACME challenge route 或 production host。
- 不開 runtime gate,不建立 action button。
8. 指令
產生 committed snapshot:
驗證 guard:
9. 完成度
| 工作 |
完成度 |
說明 |
| owner response acceptance ledger artifact |
100% |
產生器、snapshot 與文件已固定 |
| DNS / TLS / certbot 只讀治理成熟度 |
74% -> 78% |
收件驗收帳本更完整;不代表 live evidence 或 runtime action |
| owner response received / accepted |
0% |
尚未收到,尚未驗收 |
| certificate coverage confirmed |
0% |
尚未收到 owner-provided metadata ref |
| DNS query / TLS probe |
0% |
尚未批准且未執行 |
| certbot renew / Nginx reload / route smoke |
0% |
尚未批准且未執行 |
| runtime gate / host write |
0% |
未授權且未執行 |
