# IwoooS DNS / TLS / certbot Owner Response Acceptance | 項目 | 內容 | |------|------| | 日期 | 2026-06-14 | | 狀態 | `owner_response_acceptance_ledger_ready_no_runtime_action` | | 工具 | `scripts/security/domain-tls-certbot-owner-response-acceptance.py` | | 輸入 | `docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json` | | Snapshot | `docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json` | | runtime gate | `0` | ## 1. 目的 DNS / TLS / certbot 屬於 C0 公開入口配置。既有 owner confirmation request 已把 4 個 certificate path 需確認關係列出,但若缺少 owner response acceptance 帳本,後續容易把 SAN / wildcard / 共用憑證覆蓋確認、renewal owner 或 ACME route owner 誤判成 DNS query、TLS probe、certbot renew、Nginx reload 或 route smoke 授權。 本文件只定義 owner response 如何收件、補證、隔離、拒收與進 reviewer review。它不是 request sent、不是 owner response received、不是 accepted response、不是 DNS query、不是 live TLS probe、不是 certbot renew、不是 Nginx reload、不是 route smoke,也不是 host write、production write 或 runtime gate 授權。 ## 2. 摘要 | 指標 | 值 | 說明 | |------|----|------| | acceptance candidate count | `4` | 4 個 domain / certificate path relation candidate | | C0 acceptance candidate count | `4` | 全部位於 188 public gateway / internal tools HTTPS 範圍 | | acceptance field count | `23` | 每份 candidate 的 metadata-only 欄位 | | required owner response field count | `13` | owner / decision / scope / redacted refs / coverage / expiry / renewal / ACME / window / rollback / validation | | reviewer check count | `13` | raw cert、private key、credential、execution request、coverage ref 與 runtime gate 檢查 | | outcome lane count | `7` | waiting、quarantine、reject、supplement、coverage review、read-only update、waiting runtime gate | | blocked action count | `20` | DNS query、TLS probe、certbot renew、Nginx reload、route smoke、secret collection 等 | | owner response received / accepted | `0 / 0` | 尚未收到,尚未驗收 | | DNS query / TLS probe / certbot renew / Nginx reload / route smoke | `0 / 0 / 0 / 0 / 0` | 尚未批准且未執行 | | runtime gate / action button | `0 / 0` | 未開啟 | ## 3. 四份驗收候選 | Acceptance candidate | Control tier | 來源 request | 驗收焦點 | |----------------------|--------------|--------------|----------| | `domain_tls_certbot_owner_response_acceptance:gitea.wooo.work` | `C0` | `domain_tls_certbot_owner_confirmation:gitea.wooo.work` | 憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner | | `domain_tls_certbot_owner_response_acceptance:langfuse.wooo.work` | `C0` | `domain_tls_certbot_owner_confirmation:langfuse.wooo.work` | 憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner | | `domain_tls_certbot_owner_response_acceptance:signoz.wooo.work` | `C0` | `domain_tls_certbot_owner_confirmation:signoz.wooo.work` | 憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner | | `domain_tls_certbot_owner_response_acceptance:tsenyang.com` | `C0` | `domain_tls_certbot_owner_confirmation:tsenyang.com` | 憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口與 rollback owner | ## 4. Owner response 必填欄位 | 欄位 | 規則 | |------|------| | `owner_role_or_team` | 只填角色或團隊,不填私人聯絡資料或 credential | | `decision` | 允許 `confirm`、`defer`、`reject`、`request_more_evidence` | | `decision_reason` | 摘要說明,不貼 raw cert、private key、certbot log 或 DNS credential | | `affected_scope` | 明確列出 domain、certificate path metadata、ACME / route 影響範圍 | | `redacted_evidence_refs` | 只接受脫敏 ref、ticket id、文件路徑、hash 或摘要 | | `certificate_coverage_basis_ref` | SAN / wildcard / 共用憑證覆蓋依據的脫敏 ref | | `certificate_expiry_metadata_ref` | 憑證到期資訊只能是 owner-provided metadata ref,不得貼 raw cert | | `renewal_owner` | 未來 renewal 負責角色;不代表可執行 certbot renew | | `acme_challenge_route_owner` | HTTP-01 ACME path 與 route smoke owner | | `maintenance_window` | 未來 probe / renew / reload 的維護窗口;本 response 不開執行權 | | `rollback_owner` | 未來若進變更的 rollback owner | | `validation_plan` | DNS / TLS / ACME / route post-check 指標,不授權執行 | | `followup_owner` | 後續補證、reviewer 或 runtime gate 負責角色 | ## 5. Reviewer checks | Check | 說明 | |-------|------| | `owner_identity_present` | owner role / team 必須可追溯 | | `decision_and_reason_present` | decision 與 reason 必須同時存在 | | `redacted_refs_only` | evidence 只能是脫敏 ref、ticket、hash、文件路徑或摘要 | | `raw_certificate_absent` | 不得出現 raw certificate payload、完整 SAN dump、private key 或 ACME account key | | `secret_value_absent` | 不得出現 DNS credential、registrar credential、token、cookie、authorization header 或 Basic Auth | | `coverage_basis_ref_present` | 覆蓋依據必須是 metadata ref | | `expiry_metadata_ref_not_probe` | 到期資訊不得由本帳本觸發 live probe | | `renewal_owner_separate_from_action` | renewal owner 與 certbot renew action 必須分離 | | `acme_route_owner_present` | ACME path 與 route smoke owner 必須清楚 | | `maintenance_window_present` | 未來執行期操作需維護窗口或明確禁止窗口 | | `rollback_owner_present` | rollback owner 與 rollback ref 必須存在 | | `validation_plan_present` | validation plan 只列 post-check,不授權執行 | | `counts_transition_safe` | 只有 reviewer record 可更新 received / accepted / rejected,且不得開 runtime gate | ## 6. Outcome lanes | Lane | 意義 | |------|------| | `waiting_owner_response` | 尚未收到 owner response | | `quarantine_raw_certificate_or_secret` | 收到 raw cert、private key、DNS credential 或 certbot account 內容時隔離 | | `reject_execution_request` | 夾帶 DNS query、TLS probe、certbot renew、Nginx reload 或 host write 要求時拒收 | | `request_supplement` | 欄位不足、scope 不清或 evidence ref 不可追溯時要求補件 | | `ready_for_certificate_coverage_review` | metadata 合格後,只能進憑證覆蓋關係 reviewer review | | `owner_review_only_update` | 只允許更新只讀 owner review ledger | | `waiting_runtime_gate` | 即使 owner response accepted,runtime gate 仍等待獨立人工批准 | ## 7. 禁止事項 1. 不做 DNS query。 2. 不做 live TLS probe。 3. 不執行 certbot renew。 4. 不 reload Nginx。 5. 不執行 route smoke。 6. 不讀 TLS private key。 7. 不保存 raw certificate payload、DNS credential、certbot account key、secret value、未脫敏 certbot log、shell history 或 env dump。 8. 不修改 DNS record、TLS certificate path、ACME challenge route 或 production host。 9. 不開 runtime gate,不建立 action button。 ## 8. 指令 產生 committed snapshot: ```bash python3 scripts/security/domain-tls-certbot-owner-response-acceptance.py \ --root . \ --owner-confirmation-request-report docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json \ --output docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json \ --generated-at 2026-06-14T23:05:00+08:00 ``` 驗證 guard: ```bash python3 scripts/security/security-mirror-progress-guard.py --root . ``` ## 9. 完成度 | 工作 | 完成度 | 說明 | |------|--------|------| | owner response acceptance ledger artifact | `100%` | 產生器、snapshot 與文件已固定 | | DNS / TLS / certbot 只讀治理成熟度 | `74% -> 78%` | 收件驗收帳本更完整;不代表 live evidence 或 runtime action | | owner response received / accepted | `0%` | 尚未收到,尚未驗收 | | certificate coverage confirmed | `0%` | 尚未收到 owner-provided metadata ref | | DNS query / TLS probe | `0%` | 尚未批准且未執行 | | certbot renew / Nginx reload / route smoke | `0%` | 尚未批准且未執行 | | runtime gate / host write | `0%` | 未授權且未執行 |