fix: 根据SOA记录判断子域名托管有缺陷，改回手动配置子域名托管记录的方式

2026-04-15 05:00:52 +08:00 · 2025-05-05 21:43:39 +08:00
parent 424890a1e1
commit 1b280a2940
8 changed files with 85 additions and 58 deletions
--- a/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts
+++ b/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts
@@ -1,7 +1,6 @@
 import { IDomainParser, ISubDomainsGetter } from "./api";
 //@ts-ignore
 import psl from "psl";
-import { resolveDomainBySoaRecord } from "@certd/acme-client";
 import { logger, utils } from "@certd/basic";

 export class DomainParser implements IDomainParser {
@@ -10,7 +9,7 @@ export class DomainParser implements IDomainParser {
    this.subDomainsGetter = subDomainsGetter;
  }

-  parseDomain(fullDomain: string) {
+  parseDomainByPsl(fullDomain: string) {
    const parsed = psl.parse(fullDomain) as psl.ParsedDomain;
    if (parsed.error) {
      throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
@@ -26,30 +25,34 @@ export class DomainParser implements IDomainParser {
      logger.info(`从缓存获取到主域名:${fullDomain}->${value}`);
      return value;
    }
-    try {
-      const mainDomain = await resolveDomainBySoaRecord(fullDomain);
-      if (mainDomain) {
-        utils.cache.set(cacheKey, mainDomain, {
-          ttl: 2 * 60 * 1000,
-        });
-        logger.info(`获取到主域名:${fullDomain}->${mainDomain}`);
-        return mainDomain;
-      }
-    } catch (e) {
-      logger.error("从SOA获取主域名失败", e.message);
-    }
-
-    // const subDomains = await this.subDomainsGetter.getSubDomains();
-    // if (subDomains && subDomains.length > 0) {
-    //   for (const subDomain of subDomains) {
-    //     if (fullDomain.endsWith(subDomain)) {
-    //       //找到子域名托管
-    //       return subDomain;
-    //     }
+    // try {
+    //   const mainDomain = await resolveDomainBySoaRecord(fullDomain);
+    //   if (mainDomain) {
+    //     utils.cache.set(cacheKey, mainDomain, {
+    //       ttl: 2 * 60 * 1000,
+    //     });
+    //     logger.info(`获取到主域名:${fullDomain}->${mainDomain}`);
+    //     return mainDomain;
    //   }
+    // } catch (e) {
+    //   logger.error("从SOA获取主域名失败", e.message);
    // }

-    const res = this.parseDomain(fullDomain);
+    const subDomains = await this.subDomainsGetter.getSubDomains();
+    if (subDomains && subDomains.length > 0) {
+      for (const subDomain of subDomains) {
+        if (fullDomain.endsWith(subDomain)) {
+          //找到子域名托管
+          utils.cache.set(cacheKey, subDomain, {
+            ttl: 2 * 60 * 1000,
+          });
+          logger.info(`获取到子域名托管域名:${fullDomain}->${subDomain}`);
+          return subDomain;
+        }
+      }
+    }
+
+    const res = this.parseDomainByPsl(fullDomain);
    logger.info(`从psl获取主域名:${fullDomain}->${res}`);
    return res;
  }
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@@ -248,7 +248,10 @@ export class AcmeService {
              fullRecord = cname.fullRecord;
            }
          } else {
-            this.logger.error("未找到域名Cname校验计划，使用默认的dnsProvider");
+            this.logger.error(`未找到域名${fullDomain}的CNAME校验计划，请修改证书申请配置`);
+          }
+          if (dnsProvider == null) {
+            throw new Error(`未找到域名${fullDomain}CNAME校验计划的DnsProvider，请修改证书申请配置`);
          }
        } else if (domainVerifyPlan.type === "http") {
          const httpVerifyPlan = domainVerifyPlan.httpVerifyPlan;