packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

// @ts-ignore
import * as acme from "@certd/acme-client";
import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
import * as _ from "lodash-es";
import { Challenge } from "@certd/acme-client/types/rfc8555";
import { IContext } from "@certd/pipeline";
import { ILogger, utils } from "@certd/basic";
import { IDnsProvider, IDomainParser } from "../../dns-provider/index.js";
import punycode from "node:punycode";
import { IOssClient } from "@certd/plugin-lib";
export type CnameVerifyPlan = {
  type?: string;
  domain: string;
  fullRecord: string;
  dnsProvider: IDnsProvider;
};

export type HttpVerifyPlan = {
  type: string;
  domain: string;
  httpUploader: IOssClient;
};

export type DomainVerifyPlan = {
  domain: string;
  type: "cname" | "dns" | "http";
  dnsProvider?: IDnsProvider;
  cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
  httpVerifyPlan?: Record<string, HttpVerifyPlan>;
};
export type DomainsVerifyPlan = {
  [key: string]: DomainVerifyPlan;
};

export type Providers = {
  dnsProvider?: IDnsProvider;
  domainsVerifyPlan?: DomainsVerifyPlan;
};

export type CertInfo = {
  crt: string; //fullchain证书
  key: string; //私钥
  csr: string; //csr
  oc?: string; //仅证书，非fullchain证书
  ic?: string; //中间证书
  pfx?: string;
  der?: string;
  jks?: string;
  one?: string;
};
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
type AcmeServiceOptions = {
  userContext: IContext;
  logger: ILogger;
  sslProvider: SSLProvider;
  eab?: ClientExternalAccountBindingOptions;
  skipLocalVerify?: boolean;
  useMappingProxy?: boolean;
  reverseProxy?: string;
  privateKeyType?: PrivateKeyType;
  signal?: AbortSignal;
  maxCheckRetryCount?: number;
  userId: number;
  domainParser: IDomainParser;
  waitDnsDiffuseTime?: number;
};

export class AcmeService {
  options: AcmeServiceOptions;
  userContext: IContext;
  logger: ILogger;
  sslProvider: SSLProvider;
  skipLocalVerify = true;
  eab?: ClientExternalAccountBindingOptions;
  constructor(options: AcmeServiceOptions) {
    this.options = options;
    this.userContext = options.userContext;
    this.logger = options.logger;
    this.sslProvider = options.sslProvider || "letsencrypt";
    this.eab = options.eab;
    this.skipLocalVerify = options.skipLocalVerify ?? false;
    acme.setLogger((message: any, ...args: any[]) => {
      this.logger.info(message, ...args);
    });
  }

  async getAccountConfig(email: string, urlMapping: UrlMapping): Promise<any> {
    const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
    if (urlMapping && urlMapping.mappings) {
      for (const key in urlMapping.mappings) {
        if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
          const element = urlMapping.mappings[key];
          if (conf.accountUrl?.indexOf(element) > -1) {
            //如果用了代理url，要替换回去
            conf.accountUrl = conf.accountUrl.replace(element, key);
          }
        }
      }
    }
    return conf;
  }

  buildAccountKey(email: string) {
    return `acme.config.${this.sslProvider}.${email}`;
  }

  async saveAccountConfig(email: string, conf: any) {
    await this.userContext.setObj(this.buildAccountKey(email), conf);
  }

  async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
    const mappings = {};
    if (this.sslProvider === "letsencrypt") {
      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
    } else if (this.sslProvider === "google") {
      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
    }
    const urlMapping: UrlMapping = {
      enabled: false,
      mappings,
    };
    const conf = await this.getAccountConfig(email, urlMapping);
    if (conf.key == null) {
      conf.key = await this.createNewKey();
      await this.saveAccountConfig(email, conf);
      this.logger.info(`创建新的Accountkey:${email}`);
    }
    let directoryUrl = "";
    if (isTest) {
      directoryUrl = acme.directory[this.sslProvider].staging;
    } else {
      directoryUrl = acme.directory[this.sslProvider].production;
    }
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
      //测试directory是否可以访问
      const isOk = await this.testDirectory(directoryUrl);
      if (!isOk) {
        this.logger.info("测试访问失败，自动使用代理");
        urlMapping.enabled = true;
      }
    }
    const client = new acme.Client({
      sslProvider: this.sslProvider,
      directoryUrl: directoryUrl,
      accountKey: conf.key,
      accountUrl: conf.accountUrl,
      externalAccountBinding: this.eab,
      backoffAttempts: this.options.maxCheckRetryCount || 20,
      backoffMin: 5000,
      backoffMax: 10000,
      urlMapping,
      signal: this.options.signal,
    });

    if (conf.accountUrl == null) {
      const accountPayload = {
        termsOfServiceAgreed: true,
        contact: [`mailto:${email}`],
        externalAccountBinding: this.eab,
      };
      await client.createAccount(accountPayload);
      conf.accountUrl = client.getAccountUrl();
      await this.saveAccountConfig(email, conf);
    }
    return client;
  }

  async createNewKey() {
    const key = await acme.crypto.createPrivateKey(2048);
    return key.toString();
  }

  async challengeCreateFn(authz: any, keyAuthorizationGetter: (challenge: Challenge) => Promise<string>, providers: Providers) {
    this.logger.info("Triggered challengeCreateFn()");

    const fullDomain = authz.identifier.value;
    let domain = await this.options.domainParser.parse(fullDomain);
    this.logger.info("主域名为：" + domain);

    const getChallenge = (type: string) => {
      return authz.challenges.find((c: any) => c.type === type);
    };

    const doHttpVerify = async (challenge: any, httpUploader: IOssClient) => {
      const keyAuthorization = await keyAuthorizationGetter(challenge);
      this.logger.info("http校验");
      const filePath = `.well-known/acme-challenge/${challenge.token}`;
      const fileContents = keyAuthorization;
      this.logger.info(`校验 ${fullDomain} ，准备上传文件：${filePath}`);
      await httpUploader.upload(filePath, Buffer.from(fileContents));
      this.logger.info(`上传文件【${filePath}】成功`);
      return {
        challenge,
        keyAuthorization,
        httpUploader,
      };
    };

    const doDnsVerify = async (challenge: any, fullRecord: string, dnsProvider: IDnsProvider) => {
      this.logger.info("dns校验");
      const keyAuthorization = await keyAuthorizationGetter(challenge);

      const mainDomain = dnsProvider.usePunyCode() ? domain : punycode.toUnicode(domain);
      fullRecord = dnsProvider.usePunyCode() ? fullRecord : punycode.toUnicode(fullRecord);
      const recordValue = keyAuthorization;
      let hostRecord = fullRecord.replace(`${mainDomain}`, "");
      if (hostRecord.endsWith(".")) {
        hostRecord = hostRecord.substring(0, hostRecord.length - 1);
      }

      const recordReq = {
        domain: mainDomain,
        fullRecord,
        hostRecord,
        type: "TXT",
        value: recordValue,
      };
      this.logger.info("添加 TXT 解析记录", JSON.stringify(recordReq));
      const recordRes = await dnsProvider.createRecord(recordReq);
      this.logger.info("添加 TXT 解析记录成功", JSON.stringify(recordRes));
      return {
        recordReq,
        recordRes,
        dnsProvider,
        challenge,
        keyAuthorization,
      };
    };

    let dnsProvider = providers.dnsProvider;
    let fullRecord = `_acme-challenge.${fullDomain}`;

    if (providers.domainsVerifyPlan) {
      //按照计划执行
      const domainVerifyPlan = providers.domainsVerifyPlan[domain];
      if (domainVerifyPlan) {
        if (domainVerifyPlan.type === "dns") {
          dnsProvider = domainVerifyPlan.dnsProvider;
        } else if (domainVerifyPlan.type === "cname") {
          const cnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
          if (cnameVerifyPlan) {
            const cname = cnameVerifyPlan[fullDomain];
            if (cname) {
              dnsProvider = cname.dnsProvider;
              domain = await this.options.domainParser.parse(cname.domain);
              fullRecord = cname.fullRecord;
            }
          } else {
            this.logger.error(`未找到域名${fullDomain}的CNAME校验计划，请修改证书申请配置`);
          }
          if (dnsProvider == null) {
            throw new Error(`未找到域名${fullDomain}CNAME校验计划的DnsProvider，请修改证书申请配置`);
          }
        } else if (domainVerifyPlan.type === "http") {
          const httpVerifyPlan = domainVerifyPlan.httpVerifyPlan;
          if (httpVerifyPlan) {
            const httpChallenge = getChallenge("http-01");
            if (httpChallenge == null) {
              throw new Error("该域名不支持http-01方式校验");
            }
            const plan = httpVerifyPlan[fullDomain];
            return await doHttpVerify(httpChallenge, plan.httpUploader);
          } else {
            throw new Error("未找到域名【" + fullDomain + "】的http校验配置");
          }
        } else {
          throw new Error("不支持的校验类型", domainVerifyPlan.type);
        }
      } else {
        this.logger.info("未找到域名校验计划，使用默认的dnsProvider");
      }
    }

    const dnsChallenge = getChallenge("dns-01");
    return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);
  }

  /**
   * Function used to remove an ACME challenge response
   *
   * @param {object} authz Authorization object
   * @param {object} challenge Selected challenge
   * @param {string} keyAuthorization Authorization key
   * @param recordReq
   * @param recordRes
   * @param dnsProvider dnsProvider
   * @param httpUploader
   * @returns {Promise}
   */

  async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider?: IDnsProvider, httpUploader?: IOssClient) {
    this.logger.info("执行清理");

    /* http-01 */
    const fullDomain = authz.identifier.value;
    if (challenge.type === "http-01") {
      const filePath = `.well-known/acme-challenge/${challenge.token}`;
      this.logger.info(`Removing challenge response for ${fullDomain} at file: ${filePath}`);
      await httpUploader.remove(filePath);
      this.logger.info(`删除文件【${filePath}】成功`);
    } else if (challenge.type === "dns-01") {
      this.logger.info(`删除 TXT 解析记录:${JSON.stringify(recordReq)} ,recordRes = ${JSON.stringify(recordRes)}`);
      try {
        await dnsProvider.removeRecord({
          recordReq,
          recordRes,
        });
        this.logger.info("删除解析记录成功");
      } catch (e) {
        this.logger.error("删除解析记录出错：", e);
        throw e;
      }
    }
  }

  async order(options: {
    email: string;
    domains: string | string[];
    dnsProvider?: any;
    domainsVerifyPlan?: DomainsVerifyPlan;
    httpUploader?: any;
    csrInfo: any;
    isTest?: boolean;
    privateKeyType?: string;
  }): Promise<CertInfo> {
    const { email, isTest, csrInfo, dnsProvider, domainsVerifyPlan } = options;
    const client: acme.Client = await this.getAcmeClient(email, isTest);

    let domains = options.domains;
    const encodingDomains = [];
    for (const domain of domains) {
      encodingDomains.push(punycode.toASCII(domain));
    }
    domains = encodingDomains;

    /* Create CSR */
    const { commonName, altNames } = this.buildCommonNameByDomains(domains);
    let privateKey = null;
    const privateKeyType = options.privateKeyType || "rsa_2048";
    const privateKeyArr = privateKeyType.split("_");
    const type = privateKeyArr[0];
    let size = 2048;
    if (privateKeyArr.length > 1) {
      size = parseInt(privateKeyArr[1]);
    }

    let encodingType = "pkcs8";
    if (privateKeyArr.length > 2) {
      encodingType = privateKeyArr[2];
    }

    if (type == "ec") {
      const name: any = "P-" + size;
      privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
    } else {
      privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
    }

    let createCsr: any = acme.crypto.createCsr;
    if (encodingType === "pkcs1") {
      //兼容老版本
      createCsr = acme.forge.createCsr;
    }
    const [key, csr] = await createCsr(
      {
        commonName,
        ...csrInfo,
        altNames,
      },
      privateKey
    );

    if (dnsProvider == null && domainsVerifyPlan == null) {
      throw new Error("dnsProvider 、 domainsVerifyPlan不能都为空");
    }

    const providers: Providers = {
      dnsProvider,
      domainsVerifyPlan,
    };
    /* 自动申请证书 */
    const crt = await client.auto({
      csr,
      email: email,
      termsOfServiceAgreed: true,
      skipChallengeVerification: this.skipLocalVerify,
      challengePriority: ["dns-01", "http-01"],
      challengeCreateFn: async (
        authz: acme.Authorization,
        keyAuthorizationGetter: (challenge: Challenge) => Promise<string>
      ): Promise<{ recordReq?: any; recordRes?: any; dnsProvider?: any; challenge: Challenge; keyAuthorization: string }> => {
        return await this.challengeCreateFn(authz, keyAuthorizationGetter, providers);
      },
      challengeRemoveFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider: IDnsProvider, httpUploader: IOssClient): Promise<any> => {
        return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider, httpUploader);
      },
      signal: this.options.signal,
    });

    const crtString = crt.toString();
    const cert: CertInfo = {
      crt: crtString,
      key: key.toString(),
      csr: csr.toString(),
    };
    /* Done */
    this.logger.debug(`CSR:\n${cert.csr}`);
    this.logger.debug(`Certificate:\n${cert.crt}`);
    this.logger.info("证书申请成功");
    return cert;
  }

  buildCommonNameByDomains(domains: string | string[]): {
    commonName: string;
    altNames: string[] | undefined;
  } {
    if (typeof domains === "string") {
      domains = domains.split(",");
    }
    if (domains.length === 0) {
      throw new Error("domain can not be empty");
    }
    const commonName = domains[0];
    let altNames: undefined | string[] = undefined;
    if (domains.length > 1) {
      altNames = _.slice(domains, 1);
    }
    return {
      commonName,
      altNames,
    };
  }

  private async testDirectory(directoryUrl: string) {
    try {
      await utils.http.request({
        url: directoryUrl,
        method: "GET",
        timeout: 10000,
      });
    } catch (e) {
      this.logger.error(`${directoryUrl}，测试访问失败`, e.message);
      return false;
    }
    this.logger.info(`${directoryUrl}，测试访问成功`);
    return true;
  }
}
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								// @ts-ignore
 								import * as acme from "@certd/acme-client";
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
-												chore:

											
										
										
											2024-11-08 23:43:19 +08:00
+								import * as _ from "lodash-es";
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								import { Challenge } from "@certd/acme-client/types/rfc8555";
-												chore: basic 从pipeline中移除

											
										
										
											2024-11-04 15:14:56 +08:00
+								import { IContext } from "@certd/pipeline";
-												chore: 整理依赖

											
										
										
											2024-11-06 01:17:36 +08:00
+								import { ILogger, utils } from "@certd/basic";
-												pref: 支持子域名托管的域名证书申请

											
										
										
											2025-04-11 12:13:57 +08:00
+								import { IDnsProvider, IDomainParser } from "../../dns-provider/index.js";
-												perf: 支持中文域名

											
										
										
											2025-04-24 11:55:14 +08:00
+								import punycode from "node:punycode";
-												perf: 数据库备份支持oss

											
										
										
											2025-04-25 01:26:04 +08:00
+								import { IOssClient } from "@certd/plugin-lib";
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								export type CnameVerifyPlan = {
-												chore:

											
										
										
											2025-01-03 00:12:15 +08:00
+								  type?: string;
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								  domain: string;
 								  fullRecord: string;
 								  dnsProvider: IDnsProvider;
 								};
-												chore:

											
										
										
											2025-01-03 00:12:15 +08:00
+								export type HttpVerifyPlan = {
 								  type: string;
 								  domain: string;
-												perf: 数据库备份支持oss

											
										
										
											2025-04-25 01:26:04 +08:00
+								  httpUploader: IOssClient;
-												chore:

											
										
										
											2025-01-03 00:12:15 +08:00
+								};
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								export type DomainVerifyPlan = {
 								  domain: string;
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								  type: "cname" | "dns" | "http";
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								  dnsProvider?: IDnsProvider;
 								  cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
-												chore:

											
										
										
											2025-01-03 00:12:15 +08:00
+								  httpVerifyPlan?: Record<string, HttpVerifyPlan>;
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								};
 								export type DomainsVerifyPlan = {
 								  [key: string]: DomainVerifyPlan;
 								};
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								export type Providers = {
 								  dnsProvider?: IDnsProvider;
 								  domainsVerifyPlan?: DomainsVerifyPlan;
 								};
-												feat: ui模式

BREAKING CHANGE: 接口配置变更

											
										
										
											2023-05-23 18:01:20 +08:00
+								export type CertInfo = {
-												docs: 证书说明

											
										
										
											2024-12-12 16:45:40 +08:00
+								  crt: string; //fullchain证书
 								  key: string; //私钥
 								  csr: string; //csr
 								  oc?: string; //仅证书，非fullchain证书
 								  ic?: string; //中间证书
-												chore: 1

											
										
										
											2024-09-06 00:13:21 +08:00
+								  pfx?: string;
 								  der?: string;
-												chore: 证书支持jks格式

											
										
										
											2024-10-30 01:44:02 +08:00
+								  jks?: string;
-												chore:

											
										
										
											2024-12-17 22:45:14 +08:00
+								  one?: string;
-												feat: ui模式

BREAKING CHANGE: 接口配置变更

											
										
										
											2023-05-23 18:01:20 +08:00
+								};
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								export type SSLProvider = "letsencrypt" | "google" | "zerossl";
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								type AcmeServiceOptions = {
 								  userContext: IContext;
-												chore: 整理依赖

											
										
										
											2024-11-06 01:17:36 +08:00
+								  logger: ILogger;
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								  sslProvider: SSLProvider;
 								  eab?: ClientExternalAccountBindingOptions;
 								  skipLocalVerify?: boolean;
 								  useMappingProxy?: boolean;
-												chore:

											
										
										
											2024-10-10 15:32:25 +08:00
+								  reverseProxy?: string;
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								  privateKeyType?: PrivateKeyType;
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								  signal?: AbortSignal;
-												fix: 修复dns.la域名申请失败的bug

											
										
										
											2025-03-21 11:07:15 +08:00
+								  maxCheckRetryCount?: number;
-												pref: 支持子域名托管的域名证书申请

											
										
										
											2025-04-11 12:13:57 +08:00
+								  userId: number;
 								  domainParser: IDomainParser;
-												chore: 等待解析生效时长可自定义

											
										
										
											2025-05-06 11:04:02 +08:00
+								  waitDnsDiffuseTime?: number;
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								};
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								export class AcmeService {
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								  options: AcmeServiceOptions;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  userContext: IContext;
-												chore: 整理依赖

											
										
										
											2024-11-06 01:17:36 +08:00
+								  logger: ILogger;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								  sslProvider: SSLProvider;
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								  skipLocalVerify = true;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								  eab?: ClientExternalAccountBindingOptions;
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								  constructor(options: AcmeServiceOptions) {
 								    this.options = options;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    this.userContext = options.userContext;
 								    this.logger = options.logger;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    this.sslProvider = options.sslProvider || "letsencrypt";
 								    this.eab = options.eab;
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								    this.skipLocalVerify = options.skipLocalVerify ?? false;
-												chore: 1

											
										
										
											2024-11-01 02:19:00 +08:00
+								    acme.setLogger((message: any, ...args: any[]) => {
 								      this.logger.info(message, ...args);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    });
 								  }
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								  async getAccountConfig(email: string, urlMapping: UrlMapping): Promise<any> {
-												fix: 修复使用代理的情况下申请证书失败的bug

											
										
										
											2024-08-21 10:34:50 +08:00
+								    const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								    if (urlMapping && urlMapping.mappings) {
 								      for (const key in urlMapping.mappings) {
 								        if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
 								          const element = urlMapping.mappings[key];
 								          if (conf.accountUrl?.indexOf(element) > -1) {
 								            //如果用了代理url，要替换回去
 								            conf.accountUrl = conf.accountUrl.replace(element, key);
 								          }
 								        }
 								      }
-												fix: 修复使用代理的情况下申请证书失败的bug

											
										
										
											2024-08-21 10:34:50 +08:00
+								    }
 								    return conf;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  buildAccountKey(email: string) {
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    return `acme.config.${this.sslProvider}.${email}`;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  async saveAccountConfig(email: string, conf: any) {
-												refactor: huawei

											
										
										
											2023-05-09 14:11:01 +08:00
+								    await this.userContext.setObj(this.buildAccountKey(email), conf);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
-												perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

											
										
										
											2024-10-22 16:21:35 +08:00
+								    const mappings = {};
-												chore:

											
										
										
											2024-10-23 10:34:55 +08:00
+								    if (this.sslProvider === "letsencrypt") {
-												perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

											
										
										
											2024-10-22 16:21:35 +08:00
+								      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
-												chore:

											
										
										
											2024-10-23 10:34:55 +08:00
+								    } else if (this.sslProvider === "google") {
-												perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

											
										
										
											2024-10-22 16:21:35 +08:00
+								      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
 								    }
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								    const urlMapping: UrlMapping = {
 								      enabled: false,
-												perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

											
										
										
											2024-10-22 16:21:35 +08:00
+								      mappings,
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								    };
 								    const conf = await this.getAccountConfig(email, urlMapping);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (conf.key == null) {
 								      conf.key = await this.createNewKey();
 								      await this.saveAccountConfig(email, conf);
-												perf: 修复windows下无法执行第二条命令的bug

											
										
										
											2024-09-04 18:29:39 +08:00
+								      this.logger.info(`创建新的Accountkey:${email}`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    }
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    let directoryUrl = "";
 								    if (isTest) {
 								      directoryUrl = acme.directory[this.sslProvider].staging;
 								    } else {
 								      directoryUrl = acme.directory[this.sslProvider].production;
 								    }
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								    if (this.options.useMappingProxy) {
 								      urlMapping.enabled = true;
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								    } else {
 								      //测试directory是否可以访问
 								      const isOk = await this.testDirectory(directoryUrl);
 								      if (!isOk) {
 								        this.logger.info("测试访问失败，自动使用代理");
 								        urlMapping.enabled = true;
 								      }
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								    }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    const client = new acme.Client({
-												perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

											
										
										
											2024-10-22 16:21:35 +08:00
+								      sslProvider: this.sslProvider,
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								      directoryUrl: directoryUrl,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      accountKey: conf.key,
 								      accountUrl: conf.accountUrl,
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								      externalAccountBinding: this.eab,
-												fix: 修复dns.la域名申请失败的bug

											
										
										
											2025-03-21 11:07:15 +08:00
+								      backoffAttempts: this.options.maxCheckRetryCount || 20,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      backoffMin: 5000,
 								      backoffMax: 10000,
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								      urlMapping,
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								      signal: this.options.signal,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    });
 								    if (conf.accountUrl == null) {
 								      const accountPayload = {
 								        termsOfServiceAgreed: true,
 								        contact: [`mailto:${email}`],
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								        externalAccountBinding: this.eab,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      };
 								      await client.createAccount(accountPayload);
 								      conf.accountUrl = client.getAccountUrl();
 								      await this.saveAccountConfig(email, conf);
 								    }
 								    return client;
 								  }
 								  async createNewKey() {
-												perf: 修复windows下无法执行第二条命令的bug

											
										
										
											2024-09-04 18:29:39 +08:00
+								    const key = await acme.crypto.createPrivateKey(2048);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    return key.toString();
 								  }
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								  async challengeCreateFn(authz: any, keyAuthorizationGetter: (challenge: Challenge) => Promise<string>, providers: Providers) {
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    this.logger.info("Triggered challengeCreateFn()");
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								    const fullDomain = authz.identifier.value;
-												pref: 支持子域名托管的域名证书申请

											
										
										
											2025-04-11 12:13:57 +08:00
+								    let domain = await this.options.domainParser.parse(fullDomain);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								    this.logger.info("主域名为：" + domain);
 								    const getChallenge = (type: string) => {
 								      return authz.challenges.find((c: any) => c.type === type);
 								    };
-												perf: 数据库备份支持oss

											
										
										
											2025-04-25 01:26:04 +08:00
+								    const doHttpVerify = async (challenge: any, httpUploader: IOssClient) => {
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								      const keyAuthorization = await keyAuthorizationGetter(challenge);
 								      this.logger.info("http校验");
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								      const filePath = `.well-known/acme-challenge/${challenge.token}`;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      const fileContents = keyAuthorization;
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								      this.logger.info(`校验 ${fullDomain} ，准备上传文件：${filePath}`);
-												perf: http校验方式，支持七牛云oss、阿里云oss、腾讯云cos

											
										
										
											2025-01-04 01:45:24 +08:00
+								      await httpUploader.upload(filePath, Buffer.from(fileContents));
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								      this.logger.info(`上传文件【${filePath}】成功`);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								      return {
 								        challenge,
 								        keyAuthorization,
-												perf: http校验方式，支持七牛云oss、阿里云oss、腾讯云cos

											
										
										
											2025-01-04 01:45:24 +08:00
+								        httpUploader,
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								      };
 								    };
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								    const doDnsVerify = async (challenge: any, fullRecord: string, dnsProvider: IDnsProvider) => {
 								      this.logger.info("dns校验");
 								      const keyAuthorization = await keyAuthorizationGetter(challenge);
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
-												perf: 支持中文域名

											
										
										
											2025-04-24 11:55:14 +08:00
+								      const mainDomain = dnsProvider.usePunyCode() ? domain : punycode.toUnicode(domain);
-												perf: 支持阿里云中文域名申请

											
										
										
											2025-04-25 18:04:24 +08:00
+								      fullRecord = dnsProvider.usePunyCode() ? fullRecord : punycode.toUnicode(fullRecord);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								      const recordValue = keyAuthorization;
-												perf: 支持中文域名

											
										
										
											2025-04-24 11:55:14 +08:00
+								      let hostRecord = fullRecord.replace(`${mainDomain}`, "");
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								      if (hostRecord.endsWith(".")) {
 								        hostRecord = hostRecord.substring(0, hostRecord.length - 1);
 								      }
 								      const recordReq = {
-												perf: 支持中文域名

											
										
										
											2025-04-24 11:55:14 +08:00
+								        domain: mainDomain,
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								        fullRecord,
 								        hostRecord,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								        type: "TXT",
 								        value: recordValue,
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								      };
 								      this.logger.info("添加 TXT 解析记录", JSON.stringify(recordReq));
 								      const recordRes = await dnsProvider.createRecord(recordReq);
 								      this.logger.info("添加 TXT 解析记录成功", JSON.stringify(recordRes));
 								      return {
 								        recordReq,
 								        recordRes,
 								        dnsProvider,
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								        challenge,
 								        keyAuthorization,
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								      };
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								    };
 								    let dnsProvider = providers.dnsProvider;
 								    let fullRecord = `_acme-challenge.${fullDomain}`;
 								    if (providers.domainsVerifyPlan) {
 								      //按照计划执行
 								      const domainVerifyPlan = providers.domainsVerifyPlan[domain];
 								      if (domainVerifyPlan) {
 								        if (domainVerifyPlan.type === "dns") {
 								          dnsProvider = domainVerifyPlan.dnsProvider;
 								        } else if (domainVerifyPlan.type === "cname") {
 								          const cnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
 								          if (cnameVerifyPlan) {
 								            const cname = cnameVerifyPlan[fullDomain];
 								            if (cname) {
 								              dnsProvider = cname.dnsProvider;
-												pref: 支持子域名托管的域名证书申请

											
										
										
											2025-04-11 12:13:57 +08:00
+								              domain = await this.options.domainParser.parse(cname.domain);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								              fullRecord = cname.fullRecord;
 								            }
 								          } else {
-												fix: 根据SOA记录判断子域名托管有缺陷，改回手动配置子域名托管记录的方式

											
										
										
											2025-05-05 21:43:39 +08:00
+								            this.logger.error(`未找到域名${fullDomain}的CNAME校验计划，请修改证书申请配置`);
 								          }
 								          if (dnsProvider == null) {
 								            throw new Error(`未找到域名${fullDomain}CNAME校验计划的DnsProvider，请修改证书申请配置`);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								          }
 								        } else if (domainVerifyPlan.type === "http") {
 								          const httpVerifyPlan = domainVerifyPlan.httpVerifyPlan;
 								          if (httpVerifyPlan) {
 								            const httpChallenge = getChallenge("http-01");
-												chore:

											
										
										
											2025-01-05 01:02:41 +08:00
+								            if (httpChallenge == null) {
 								              throw new Error("该域名不支持http-01方式校验");
 								            }
-												perf: http校验方式，支持七牛云oss、阿里云oss、腾讯云cos

											
										
										
											2025-01-04 01:45:24 +08:00
+								            const plan = httpVerifyPlan[fullDomain];
 								            return await doHttpVerify(httpChallenge, plan.httpUploader);
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								          } else {
 								            throw new Error("未找到域名【" + fullDomain + "】的http校验配置");
 								          }
 								        } else {
 								          throw new Error("不支持的校验类型", domainVerifyPlan.type);
 								        }
 								      } else {
 								        this.logger.info("未找到域名校验计划，使用默认的dnsProvider");
 								      }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    }
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
 								    const dnsChallenge = getChallenge("dns-01");
 								    return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  /**
 								   * Function used to remove an ACME challenge response
 								   *
 								   * @param {object} authz Authorization object
 								   * @param {object} challenge Selected challenge
 								   * @param {string} keyAuthorization Authorization key
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								   * @param recordReq
 								   * @param recordRes
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								   * @param dnsProvider dnsProvider
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								   * @param httpUploader
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								   * @returns {Promise}
 								   */
-												perf: 数据库备份支持oss

											
										
										
											2025-04-25 01:26:04 +08:00
+								  async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider?: IDnsProvider, httpUploader?: IOssClient) {
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								    this.logger.info("执行清理");
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
 								    /* http-01 */
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								    const fullDomain = authz.identifier.value;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (challenge.type === "http-01") {
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								      const filePath = `.well-known/acme-challenge/${challenge.token}`;
 								      this.logger.info(`Removing challenge response for ${fullDomain} at file: ${filePath}`);
 								      await httpUploader.remove(filePath);
 								      this.logger.info(`删除文件【${filePath}】成功`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    } else if (challenge.type === "dns-01") {
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								      this.logger.info(`删除 TXT 解析记录:${JSON.stringify(recordReq)} ,recordRes = ${JSON.stringify(recordRes)}`);
-												refactor: huawei

											
										
										
											2023-05-09 13:52:25 +08:00
+								      try {
 								        await dnsProvider.removeRecord({
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								          recordReq,
 								          recordRes,
-												refactor: huawei

											
										
										
											2023-05-09 13:52:25 +08:00
+								        });
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								        this.logger.info("删除解析记录成功");
-												refactor: huawei

											
										
										
											2023-05-09 13:52:25 +08:00
+								      } catch (e) {
 								        this.logger.error("删除解析记录出错：", e);
 								        throw e;
 								      }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    }
 								  }
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								  async order(options: {
 								    email: string;
 								    domains: string | string[];
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								    dnsProvider?: any;
 								    domainsVerifyPlan?: DomainsVerifyPlan;
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								    httpUploader?: any;
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    csrInfo: any;
 								    isTest?: boolean;
 								    privateKeyType?: string;
 								  }): Promise<CertInfo> {
-												fix: 修复http上传方式无法清除记录文件的bug

											
										
										
											2025-04-27 01:52:42 +08:00
+								    const { email, isTest, csrInfo, dnsProvider, domainsVerifyPlan } = options;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    const client: acme.Client = await this.getAcmeClient(email, isTest);
-												perf: 支持中文域名

											
										
										
											2025-04-24 11:55:14 +08:00
+								    let domains = options.domains;
 								    const encodingDomains = [];
 								    for (const domain of domains) {
 								      encodingDomains.push(punycode.toASCII(domain));
 								    }
 								    domains = encodingDomains;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    /* Create CSR */
 								    const { commonName, altNames } = this.buildCommonNameByDomains(domains);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    let privateKey = null;
-												chore:

											
										
										
											2024-08-25 12:07:47 +08:00
+								    const privateKeyType = options.privateKeyType || "rsa_2048";
 								    const privateKeyArr = privateKeyType.split("_");
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								    const type = privateKeyArr[0];
-												chore:

											
										
										
											2024-09-06 22:32:29 +08:00
+								    let size = 2048;
 								    if (privateKeyArr.length > 1) {
 								      size = parseInt(privateKeyArr[1]);
 								    }
-												perf: 证书支持旧版RSA，pkcs1

											
										
										
											2024-09-23 14:32:57 +08:00
 								    let encodingType = "pkcs8";
 								    if (privateKeyArr.length > 2) {
 								      encodingType = privateKeyArr[2];
 								    }
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								    if (type == "ec") {
 								      const name: any = "P-" + size;
-												perf: 证书支持旧版RSA，pkcs1

											
										
										
											2024-09-23 14:32:57 +08:00
+								      privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    } else {
-												perf: 证书支持旧版RSA，pkcs1

											
										
										
											2024-09-23 14:32:57 +08:00
+								      privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    }
-												perf: 证书支持旧版RSA，pkcs1

											
										
										
											2024-09-23 14:32:57 +08:00
 								    let createCsr: any = acme.crypto.createCsr;
 								    if (encodingType === "pkcs1") {
 								      //兼容老版本
 								      createCsr = acme.forge.createCsr;
 								    }
 								    const [key, csr] = await createCsr(
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								      {
 								        commonName,
 								        ...csrInfo,
 								        altNames,
 								      },
 								      privateKey
 								    );
-												perf: 证书支持旧版RSA，pkcs1

											
										
										
											2024-09-23 14:32:57 +08:00
-												fix: 修复http上传方式无法清除记录文件的bug

											
										
										
											2025-04-27 01:52:42 +08:00
+								    if (dnsProvider == null && domainsVerifyPlan == null) {
 								      throw new Error("dnsProvider 、 domainsVerifyPlan不能都为空");
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    }
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
 								    const providers: Providers = {
 								      dnsProvider,
 								      domainsVerifyPlan,
 								    };
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    /* 自动申请证书 */
 								    const crt = await client.auto({
 								      csr,
 								      email: email,
 								      termsOfServiceAgreed: true,
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								      skipChallengeVerification: this.skipLocalVerify,
-												chore:

											
										
										
											2025-01-03 00:12:15 +08:00
+								      challengePriority: ["dns-01", "http-01"],
-												feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

											
										
										
											2024-10-07 03:21:16 +08:00
+								      challengeCreateFn: async (
 								        authz: acme.Authorization,
-												perf: 优化acme sdk

											
										
										
											2025-01-03 01:17:20 +08:00
+								        keyAuthorizationGetter: (challenge: Challenge) => Promise<string>
 								      ): Promise<{ recordReq?: any; recordRes?: any; dnsProvider?: any; challenge: Challenge; keyAuthorization: string }> => {
 								        return await this.challengeCreateFn(authz, keyAuthorizationGetter, providers);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      },
-												fix: 修复http上传方式无法清除记录文件的bug

											
										
										
											2025-04-27 01:52:42 +08:00
+								      challengeRemoveFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider: IDnsProvider, httpUploader: IOssClient): Promise<any> => {
-												perf: 支持http校验方式申请证书

											
										
										
											2025-01-02 00:28:13 +08:00
+								        return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider, httpUploader);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      },
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								      signal: this.options.signal,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    });
-												feat: 支持中间证书

											
										
										
											2024-09-22 23:19:10 +08:00
+								    const crtString = crt.toString();
-												feat: ui模式

BREAKING CHANGE: 接口配置变更

											
										
										
											2023-05-23 18:01:20 +08:00
+								    const cert: CertInfo = {
-												feat: 支持中间证书

											
										
										
											2024-09-22 23:19:10 +08:00
+								      crt: crtString,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      key: key.toString(),
 								      csr: csr.toString(),
 								    };
 								    /* Done */
 								    this.logger.debug(`CSR:\n${cert.csr}`);
 								    this.logger.debug(`Certificate:\n${cert.crt}`);
 								    this.logger.info("证书申请成功");
 								    return cert;
 								  }
 								  buildCommonNameByDomains(domains: string | string[]): {
 								    commonName: string;
 								    altNames: string[] | undefined;
 								  } {
 								    if (typeof domains === "string") {
 								      domains = domains.split(",");
 								    }
 								    if (domains.length === 0) {
 								      throw new Error("domain can not be empty");
 								    }
 								    const commonName = domains[0];
 								    let altNames: undefined | string[] = undefined;
 								    if (domains.length > 1) {
 								      altNames = _.slice(domains, 1);
 								    }
 								    return {
 								      commonName,
 								      altNames,
 								    };
 								  }
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
 								  private async testDirectory(directoryUrl: string) {
 								    try {
-												chore:

											
										
										
											2024-09-09 17:29:09 +08:00
+								      await utils.http.request({
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								        url: directoryUrl,
 								        method: "GET",
-												chore:

											
										
										
											2024-09-04 11:26:56 +08:00
+								        timeout: 10000,
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								      });
 								    } catch (e) {
-												chore:

											
										
										
											2024-10-25 10:57:38 +08:00
+								      this.logger.error(`${directoryUrl}，测试访问失败`, e.message);
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								      return false;
 								    }
 								    this.logger.info(`${directoryUrl}，测试访问成功`);
 								    return true;
 								  }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								}