Merge remote-tracking branch 'origin/v2' into v2

# Conflicts:
#	package.json
#	packages/core/pipeline/package.json
#	packages/libs/k8s/package.json
#	packages/plugins/plugin-cert/package.json
#	packages/ui/certd-server/package.json
#	packages/ui/certd-server/src/plugins/plugin-host/lib/ssh.ts
#	packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -18,12 +18,20 @@ export class AcmeService {
   userContext: IContext;
   logger: Logger;
   sslProvider: SSLProvider;
+  skipLocalVerify = true;
   eab?: ClientExternalAccountBindingOptions;
-  constructor(options: { userContext: IContext; logger: Logger; sslProvider: SSLProvider; eab?: ClientExternalAccountBindingOptions }) {
+  constructor(options: {
+    userContext: IContext;
+    logger: Logger;
+    sslProvider: SSLProvider;
+    eab?: ClientExternalAccountBindingOptions;
+    skipLocalVerify?: boolean;
+  }) {
     this.userContext = options.userContext;
     this.logger = options.logger;
     this.sslProvider = options.sslProvider || "letsencrypt";
     this.eab = options.eab;
+    this.skipLocalVerify = options.skipLocalVerify ?? false;
     acme.setLogger((text: string) => {
       this.logger.info(text);
     });
@@ -192,7 +200,7 @@ export class AcmeService {
       csr,
       email: email,
       termsOfServiceAgreed: true,
-      skipChallengeVerification: false,
+      skipChallengeVerification: this.skipLocalVerify,
       challengePriority: ["dns-01"],
       challengeCreateFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string): Promise<any> => {
         return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -39,10 +39,10 @@ export class CertApplyPlugin extends AbstractTaskPlugin {
       span: 24,
     },
     helper:
-      "支持通配符域名，例如： *.foo.com、foo.com、*.test.handsfree.work\n" +
-      "支持多个域名、多个子域名、多个通配符域名打到一个证书上（域名必须是在同一个DNS提供商解析）\n" +
-      "多级子域名要分成多个域名输入（*.foo.com的证书不能用于xxx.yyy.foo.com、foo.com）\n" +
-      "输入一个回车之后，再输入下一个",
+      "1、支持通配符域名，例如： *.foo.com、foo.com、*.test.handsfree.work\n" +
+      "2、支持多个域名、多个子域名、多个通配符域名打到一个证书上（域名必须是在同一个DNS提供商解析）\n" +
+      "3、多级子域名要分成多个域名输入（*.foo.com的证书不能用于xxx.yyy.foo.com、foo.com）\n" +
+      "4、输入一个回车之后，再输入下一个",
   })
   domains!: string;
 
@@ -110,6 +110,17 @@ export class CertApplyPlugin extends AbstractTaskPlugin {
   })
   dnsProviderAccess!: string;
 
+  @TaskInput({
+    title: "跳过本地校验DNS",
+    default: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    helper: "如果重试多次出现Authorization not found TXT record，导致无法申请成功，请尝试开启此选项",
+  })
+  skipLocalVerify = false;
+
   @TaskInput({
     title: "更新天数",
     component: {
@@ -166,7 +177,13 @@ export class CertApplyPlugin extends AbstractTaskPlugin {
     if (this.eabAccessId) {
       eab = await this.ctx.accessService.getById(this.eabAccessId);
     }
-    this.acme = new AcmeService({ userContext: this.userContext, logger: this.logger, sslProvider: this.sslProvider, eab });
+    this.acme = new AcmeService({
+      userContext: this.userContext,
+      logger: this.logger,
+      sslProvider: this.sslProvider,
+      eab,
+      skipLocalVerify: this.skipLocalVerify,
+    });
   }
 
   async execute(): Promise<void> {