Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev

2026-04-03 14:10:54 +08:00 · 2025-12-25 22:20:59 +08:00
parent d0f653da9a cbb8319cfa
commit 373415261e
29 changed files with 1430 additions and 216 deletions
--- a/README.md
+++ b/README.md
@@ -17,6 +17,13 @@ Certd® 是一个免费的全自动证书管理系统，让你的网站证书永
 > 流水线数量现已调整为无限制，欢迎大家使用


+|官方开源地址： | |
+| ---- | ---- |
+| [Github](https://github.com/certd/certd)| ![](https://img.shields.io/github/stars/certd/certd?logo=github)      |    
+| [Gitee](https://gitee.com/certd/certd)  | ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        |
+| [AtomGit](https://atomgit.com/certd/certd) |![](https://atomgit.com/certd/certd/star/badge.svg)        |   
+
+
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     

--- a/README_en.md
+++ b/README_en.md
@@ -13,6 +13,15 @@ Certd® is a free, fully automated certificate management system that ensures yo

 > The number of pipelines is now unlimited. Welcome to use it.

+
+Official Open Source Address: 
+
+[Github](https://github.com/certd/certd)   ![](https://img.shields.io/github/stars/certd/certd?logo=github)        
+[Gitee](https://gitee.com/certd/certd)   ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        
+[AtomGit](https://atomgit.com/certd/certd)       ![](https://atomgit.com/certd/certd/star/badge.svg)   
+
+
+
 ## 1. Features
 This project not only supports automated certificate application but also automated certificate deployment and updates, ensuring your certificates never expire.

--- a/docs/.vitepress/config.ts
+++ b/docs/.vitepress/config.ts
@@ -122,6 +122,7 @@ export default defineConfig({
                        {text: "宝塔动态IP白名单", link: "/guide/use/baota/white_list.md"},
                        {text: "子域名托管", link: "/guide/use/cert/subdomain.md"},
                        {text: "流水线有效期", link: "/guide/use/pipeline/valid.md"},
+                        {text: "IP证书申请", link: "/guide/use/cert/ip.md"},
                    ]
                },
                {
--- a/docs/guide/index.md
+++ b/docs/guide/index.md
@@ -6,6 +6,13 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
 关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具


+| 官方开源地址： | |
+| ---- | ---- |
+| [Github](https://github.com/certd/certd)| ![](https://img.shields.io/github/stars/certd/certd?logo=github)      |    
+| [Gitee](https://gitee.com/certd/certd)  | ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        |
+| [AtomGit](https://atomgit.com/certd/certd) |![](https://atomgit.com/certd/certd/star/badge.svg)        |
+
+
 ![首页](../images/start/home.png)

 ## 1、关于证书续期
--- a/docs/guide/qa/use.md
+++ b/docs/guide/qa/use.md
@@ -43,4 +43,12 @@ service:
      certd_koa_hostname: 0.0.0.0
 ```

+## 6. DNS记录问题
+
+1. DNS 不要设置CAA记录，删除即可
+
+2. DNSSEC相关报错，DNSSEC管理中删除即可
+
+3. DNS 有其他平台申请过的_acme-challenge记录，删除即可
+

--- a/docs/guide/use/baota/white_list.md
+++ b/docs/guide/use/baota/white_list.md
@@ -17,7 +17,7 @@

 > 如果出现过： 100.25.1.5 ， 100.25.4.8
 >
-> 可以尝试配置 100.25.*.5
+> 可以尝试配置 100.25.*.*

 ## 二、nginx代理方案

--- a/docs/guide/use/cert/index.md
+++ b/docs/guide/use/cert/index.md
@@ -1,10 +0,0 @@
-# 证书申请失败情况
-
-
-## DNS记录问题
-
-1. DNS 不要设置CAA记录，删除即可
-
-2. DNSSEC相关报错，DNSSEC管理中删除即可
-
-3. DNS 有其他平台申请过的_acme-challenge记录，删除即可
--- a/docs/guide/use/cert/ip.md
+++ b/docs/guide/use/cert/ip.md
@@ -0,0 +1,11 @@
+# IP证书申请
+certd已支持IP证书申请
+
+> 注意：IP证书有效期只有7天。
+
+## 申请方式
+相比普通的域名证书申请方式区别在于：
+1. 域名栏填写IP
+2. 校验方式选择HTTP（只能HTTP）
+3. 证书颁发机构选择默认的Let's Encrypt
+4. 过期更新天数改成2天
--- a/docs/guide/use/forgotpasswd/index.md
+++ b/docs/guide/use/forgotpasswd/index.md
@@ -7,13 +7,14 @@
 services:
  certd:
    environment: # 环境变量
-      - certd_system_resetAdminPasswd=false
+      - certd_system_resetAdminPasswd=true
 ```
 ## 2. 重启容器
 ```shell
 docker compose up -d
 docker logs -f --tail 500 certd
-# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
+# 观察日志，当日志中输出“重置1号管理员用户密码完成”，即可操作下一步
+# 这里会打印1号管理员记录的用户名，如果你修改过管理员用户名，请注意查看此条日志
 ```
 ## 3. 恢复环境变量
 修改docker-compose.yaml，将`certd_system_resetAdminPasswd`改回`false`
@@ -23,4 +24,6 @@ docker logs -f --tail 500 certd
 docker compose up -d
 ```
 ## 5. 默认密码登录
-使用`admin/123456`登录系统，请及时修改管理员密码
+使用`原管理员账号/123456`登录系统，请及时修改管理员密码
+> 默认管理员账号： admin
+> 如果忘记管理员账号，请查看修改密码时的启动日志，会打印管理员账号名
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@@ -233,13 +233,22 @@ export class AcmeService {

    // const origDomain = punycode.toUnicode(domain);
    const origFullDomain = punycode.toUnicode(fullDomain);
+
+    const isIp = utils.domain.isIp(origFullDomain);
+    function checkIpChallenge(type: string) {
+      if (isIp) {
+        throw new Error(`IP证书不支持${type}校验方式，请选择HTTP方式校验`);
+      }
+    }
    if (providers.domainsVerifyPlan) {
      //按照计划执行
      const domainVerifyPlan = providers.domainsVerifyPlan[origFullDomain];
      if (domainVerifyPlan) {
        if (domainVerifyPlan.type === "dns") {
+          checkIpChallenge("dns");
          dnsProvider = domainVerifyPlan.dnsProvider;
        } else if (domainVerifyPlan.type === "cname") {
+          checkIpChallenge("cname");
          const cname: CnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
          if (cname) {
            dnsProvider = cname.dnsProvider;
@@ -274,6 +283,7 @@ export class AcmeService {
    }

    const dnsChallenge = getChallenge("dns-01");
+    checkIpChallenge("dns");
    return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);
  }

--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
@@ -20,7 +20,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {

  @TaskInput({
    title: "更新天数",
-    value: 35,
+    value: 18,
    component: {
      name: "a-input-number",
      vModel: "value",
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
@@ -93,7 +93,7 @@ const preferredChainMergeScript = (() => {
  desc: "免费通配符域名证书申请，支持多个域名打到同一个证书上",
  default: {
    input: {
-      renewDays: 35,
+      renewDays: 18,
      forceUpdate: false,
    },
    strategy: {
--- a/packages/ui/certd-client/src/locales/langs/en-US/guide.ts
+++ b/packages/ui/certd-client/src/locales/langs/en-US/guide.ts
@@ -61,7 +61,7 @@ export default {
    description: "Automatic running",
    setSchedule: "Set Scheduled Execution",
    pipelineSuccessThenSchedule: "Pipeline tests succeed, then configure scheduled triggers so it runs automatically daily",
-    recommendDailyRun: "Recommend configuring to run once daily; new certs requested 35 days before expiry and auto-skipped otherwise",
+    recommendDailyRun: "Recommend configuring to run once daily; new certs requested 18 days before expiry and auto-skipped otherwise",
    setEmailNotification: "Set Email Notifications",
    suggestErrorAndRecoveryEmails: "Suggest listening for 'On Error' and 'Error to Success' to quickly troubleshoot failures (basic version requires mail server setup)",
    tutorialEndTitle: "Tutorial End",
--- a/packages/ui/certd-client/src/locales/langs/zh-CN/guide.ts
+++ b/packages/ui/certd-client/src/locales/langs/zh-CN/guide.ts
@@ -61,7 +61,7 @@ export default {
    description: "自动运行",
    setSchedule: "设置定时执行",
    pipelineSuccessThenSchedule: "流水线测试成功，接下来配置定时触发，以后每天定时执行就不用管了",
-    recommendDailyRun: "推荐配置每天运行一次，默认到期前35天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
+    recommendDailyRun: "推荐配置每天运行一次，默认到期前18天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
    setEmailNotification: "设置邮件通知",
    suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题",
    tutorialEndTitle: "教程结束",
--- a/packages/ui/certd-server/package.json
+++ b/packages/ui/certd-server/package.json
@@ -6,7 +6,7 @@
  "type": "module",
  "scripts": {
    "start": "cross-env NODE_ENV=production node --optimize-for-size ./bootstrap.js",
-    "dev-start": "cross-env NODE_ENV=dev & mwtsc --watch --run @midwayjs/mock/app",
+    "dev-start": "cross-env NODE_ENV=dev & mwtsc --watch --run  @midwayjs/mock/app",
    "dc": "cd ../../../ && pnpm run dev",
    "dev": "cross-env NODE_ENV=local & pnpm run dev-start",
    "dev-commlocal": "cross-env NODE_ENV=dev-commlocal mwtsc --watch --run @midwayjs/mock/app",
@@ -44,6 +44,7 @@
    "@aws-sdk/client-acm": "^3.699.0",
    "@aws-sdk/client-cloudfront": "^3.699.0",
    "@aws-sdk/client-iam": "^3.699.0",
+    "@aws-sdk/client-route-53": "^3.957.0",
    "@aws-sdk/client-s3": "^3.705.0",
    "@certd/acme-client": "^1.37.16",
    "@certd/basic": "^1.37.16",
--- a/packages/ui/certd-server/src/configuration.ts
+++ b/packages/ui/certd-server/src/configuration.ts
@@ -31,6 +31,20 @@ process.on('uncaughtException', error => {
  }
 });

+// function startHeapLog() {
+//   function format(bytes: any) {
+//     return (bytes / 1024 / 1024).toFixed(2) + ' MB';
+//   }
+//   function log()  {
+//     const mu = process.memoryUsage();
+//     logger.info(`rss:${format(mu.rss)},heapUsed: ${format(mu.heapUsed)},heapTotal: ${format(mu.heapTotal)},external: ${format(mu.external)}`);
+//   }
+//   setInterval(log, 200);
+//   log()
+// }
+
+// startHeapLog();
+
@Configuration({
  detectorOptions: {
    ignore: [
@@ -64,6 +78,9 @@ export class MainConfiguration {
  app: koa.Application;

  async onReady() {
+
+
+
    // add middleware
    // this.app.useMiddleware([ReportMiddleware]);
    // add filter
--- a/packages/ui/certd-server/src/modules/login/service/login-service.ts
+++ b/packages/ui/certd-server/src/modules/login/service/login-service.ts
@@ -242,7 +242,9 @@ export class LoginService {
    }
    const info = await this.userService.findOne({id: oauthBound.userId});
    if (info == null) {
-      throw new CommonException('用户不存在');
+      // 用户已被删除，删除此oauth绑定
+      await this.oauthBoundService.delete([oauthBound.id]);
+      return null
    }
    return this.generateToken(info);
  }
--- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
@@ -1012,7 +1012,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
                  title: "申请证书",
                  runnableType: "step",
                  input: {
-                    renewDays: 35,
+                    renewDays: 18,
                    domains: req.domains,
                    email: req.email,
                    "challengeType": "auto",
--- a/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts
+++ b/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts
@@ -13,6 +13,7 @@ import { RandomUtil } from '../../../../utils/random.js';
 import dayjs from 'dayjs';
 import { DbAdapter } from '../../../db/index.js';
 import { simpleNanoId, utils } from '@certd/basic';
+import { OauthBoundService } from '../../../login/service/oauth-bound-service.js';

 export type RegisterType = 'username' | 'mobile' | 'email';
 export type ForgotPasswordType = 'mobile' | 'email';
@@ -42,6 +43,10 @@ export class UserService extends BaseService<UserEntity> {
  @Inject()
  dbAdapter: DbAdapter;

+   @Inject()
+  oauthBoundService: OauthBoundService;
+
+
  //@ts-ignore
  getRepository() {
    return this.repository;
@@ -311,6 +316,9 @@ export class UserService extends BaseService<UserEntity> {
      throw new CommonException('不能删除管理员');
    }
    await super.delete(ids);
+    await this.oauthBoundService.deleteWhere({
+      userId: In(ids),
+    });
  }

  async isAdmin(userId: any) {
--- a/packages/ui/certd-server/src/plugins/plugin-aws/access.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/access.ts
@@ -1,6 +1,9 @@
 import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';

 export const AwsRegions = [
+  { label: 'cn-north-1', value: 'cn-north-1' },
+  { label: 'cn-northwest-1', value: 'cn-northwest-1' },
+  { label: '---------------', value: '--',disabled: true },
  { label: 'us-east-1', value: 'us-east-1' },
  { label: 'us-east-2', value: 'us-east-2' },
  { label: 'us-west-1', value: 'us-west-1' },
@@ -61,6 +64,18 @@ export class AwsAccess extends BaseAccess {
    helper: '请妥善保管您的安全访问密钥。您可以在AWS管理控制台的IAM中创建新的访问密钥。',
  })
  secretAccessKey = '';
+
+  @AccessInput({
+    title: 'region',
+    component: {
+      name:"a-select",
+      options: AwsRegions,
+    },
+    required: true,
+    helper: '请选择您的默认AWS区域，默认us-east-1',
+    options: AwsRegions,
+  })
+  region = '';
 }

 new AwsAccess();
--- a/packages/ui/certd-server/src/plugins/plugin-aws/aws-route53-provider.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/aws-route53-provider.ts
@@ -0,0 +1,62 @@
+import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
+import { AwsClient } from './libs/aws-client.js';
+import { AwsAccess } from './access.js';
+
+
+@IsDnsProvider({
+  name: 'aws-route53',
+  title: 'AWS Route53',
+  desc: 'AWS Route53 DNS解析提供商',
+  accessType: 'aws',
+  icon: 'svg:icon-aws',
+  order:0,
+})
+export class AwsRoute53Provider extends AbstractDnsProvider {
+  
+  client: AwsClient;
+  async onInstance() {
+    const access: AwsAccess = this.ctx.access as AwsAccess
+    this.client = new AwsClient({ access: access, logger: this.logger, region:access.region || 'us-east-1' });
+  }
+
+  async createRecord(options: CreateRecordOptions): Promise<any> {
+    const { fullRecord, value, type, domain } = options;
+    this.logger.info('添加域名解析：', fullRecord, value, domain);
+    // const domain = await this.matchDomain(fullRecord);
+
+    const {ZoneId,ZoneName} = await this.client.route53GetHostedZoneId(domain);
+    this.logger.info(`获取到hostedZoneId:${ZoneId},name:${ZoneName},domain:${domain}`);
+    
+    await this.client.route53ChangeRecord({
+      hostedZoneId: ZoneId,
+      fullRecord: fullRecord,
+      type: type,
+      value: value,
+      action: 'CREATE',
+    });
+    return {
+      hostedZoneId: ZoneId,
+    }
+  }
+
+ 
+  async removeRecord(options: RemoveRecordOptions<any>): Promise<any> {
+    const { fullRecord, value,type } = options.recordReq;
+    const record = options.recordRes;
+    const hostedZoneId = record.hostedZoneId;
+
+    try{
+      await this.client.route53ChangeRecord({
+        hostedZoneId: hostedZoneId,
+        fullRecord: fullRecord,
+        type: type,
+        value: value,
+        action: 'DELETE',
+      });
+    }catch(e){
+      this.logger.warn(`删除域名解析失败：${e.message} : ${hostedZoneId} ${fullRecord} ${value} ${type} `, );
+    }
+  }
+}
+
+new AwsRoute53Provider();
--- a/packages/ui/certd-server/src/plugins/plugin-aws/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/index.ts
@@ -1,2 +1,3 @@
 export * from './plugins/index.js';
 export * from './access.js';
+export * from './aws-route53-provider.js';
--- a/packages/ui/certd-server/src/plugins/plugin-aws/libs/aws-acm-client.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/libs/aws-acm-client.ts
@@ -1,40 +0,0 @@
-// 导入所需的 SDK 模块
-import { AwsAccess } from '../access.js';
-import { CertInfo } from '@certd/plugin-cert';
-
-type AwsAcmClientOptions = { access: AwsAccess; region: string };
-
-export class AwsAcmClient {
-  options: AwsAcmClientOptions;
-  access: AwsAccess;
-  region: string;
-  constructor(options: AwsAcmClientOptions) {
-    this.options = options;
-    this.access = options.access;
-    this.region = options.region;
-  }
-  async importCertificate(certInfo: CertInfo) {
-    // 创建 ACM 客户端
-    const { ACMClient, ImportCertificateCommand } = await import('@aws-sdk/client-acm');
-    const acmClient = new ACMClient({
-      region: this.region, // 替换为您的 AWS 区域
-      credentials: {
-        accessKeyId: this.access.accessKeyId, // 从环境变量中读取
-        secretAccessKey: this.access.secretAccessKey,
-      },
-    });
-
-    const cert = certInfo.crt.split('-----END CERTIFICATE-----')[0] + '-----END CERTIFICATE-----';
-    // 构建上传参数
-    const data = await acmClient.send(
-      new ImportCertificateCommand({
-        Certificate: Buffer.from(cert),
-        PrivateKey: Buffer.from(certInfo.key),
-        // CertificateChain: certificateChain, // 可选
-      })
-    );
-    console.log('Upload successful:', data);
-    // 返回证书 ARN（Amazon Resource Name）
-    return data.CertificateArn;
-  }
-}
--- a/packages/ui/certd-server/src/plugins/plugin-aws/libs/aws-client.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/libs/aws-client.ts
@@ -0,0 +1,136 @@
+// 导入所需的 SDK 模块
+import { AwsAccess } from '../access.js';
+import { CertInfo } from '@certd/plugin-cert';
+import {ILogger, utils} from '@certd/basic';
+type AwsClientOptions = { access: AwsAccess; region: string, logger:ILogger };
+
+export class AwsClient {
+  options: AwsClientOptions;
+  access: AwsAccess;
+  region: string;
+  logger: ILogger;
+  constructor(options: AwsClientOptions) {
+    this.options = options;
+    this.access = options.access;
+    this.region = options.region;
+    this.logger = options.logger;
+  }
+  async importCertificate(certInfo: CertInfo) {
+    // 创建 ACM 客户端
+    const { ACMClient, ImportCertificateCommand } = await import('@aws-sdk/client-acm');
+    const acmClient = new ACMClient({
+      region: this.region, // 替换为您的 AWS 区域
+      credentials: {
+        accessKeyId: this.access.accessKeyId, // 从环境变量中读取
+        secretAccessKey: this.access.secretAccessKey,
+      },
+    });
+
+    const cert = certInfo.crt.split('-----END CERTIFICATE-----')[0] + '-----END CERTIFICATE-----';
+    // 构建上传参数
+    const data = await acmClient.send(
+      new ImportCertificateCommand({
+        Certificate: Buffer.from(cert),
+        PrivateKey: Buffer.from(certInfo.key),
+        // CertificateChain: certificateChain, // 可选
+      })
+    );
+    console.log('Upload successful:', data);
+    // 返回证书 ARN（Amazon Resource Name）
+    return data.CertificateArn;
+  }
+
+
+  async route53ClientGet() {
+    const { Route53Client } = await import('@aws-sdk/client-route-53');
+    return new Route53Client({
+      region: this.region,
+      credentials: {
+        accessKeyId: this.access.accessKeyId, // 从环境变量中读取
+        secretAccessKey: this.access.secretAccessKey,
+      },
+    });
+  }
+
+   async route53GetHostedZoneId(name:string) :Promise<{ZoneId:string,ZoneName:string}> {
+    const hostedZones = await this.route53ListHostedZones(name);
+    const zoneId = hostedZones[0].Id.replace('/hostedzone/','');
+    this.logger.info(`获取到hostedZoneId:${zoneId},name:${hostedZones[0].Name}`);
+    return {
+      ZoneId: zoneId,
+      ZoneName: hostedZones[0].Name,
+    };
+  }
+  async route53ListHostedZones(name:string) :Promise<{Id:string,Name:string}[]> {
+    const {  ListHostedZonesByNameCommand } =await import("@aws-sdk/client-route-53"); // ES Modules import
+
+    const client = await this.route53ClientGet();
+    const input = { // ListHostedZonesByNameRequest
+      DNSName: name,
+    };
+    const command = new ListHostedZonesByNameCommand(input);
+    const response = await this.doRequest(()=>client.send(command));
+    if (response.HostedZones.length === 0) {
+      throw new Error(`找不到 HostedZone ${name}`);
+    }
+    this.logger.info(`获取到hostedZoneId:${JSON.stringify(response.HostedZones)}`);
+    return response.HostedZones;
+  }
+
+  async route53ChangeRecord(req:{
+    hostedZoneId:string,fullRecord:string,type:string, value:string, action:"CREATE"|"DELETE"}){
+    const {  ChangeResourceRecordSetsCommand} =await import("@aws-sdk/client-route-53"); // ES Modules import
+    // const { Route53Client, ChangeResourceRecordSetsCommand } = require("@aws-sdk/client-route-53"); // CommonJS import
+    // import type { Route53ClientConfig } from "@aws-sdk/client-route-53";
+    const client = await this.route53ClientGet();
+
+    const appendBody:any = {}
+    if(req.action === 'CREATE'){
+      appendBody.TTL = 60;
+    }
+    const input = { // ChangeResourceRecordSetsRequest
+      HostedZoneId: req.hostedZoneId, // required
+      ChangeBatch: { // ChangeBatch
+        Changes: [ // Changes // required
+          { // Change
+            Action: req.action as any , // required
+            ResourceRecordSet: { // ResourceRecordSet
+              Name: req.fullRecord+".", // required
+              Type: req.type.toUpperCase() as any,
+              ResourceRecords: [ // ResourceRecords
+                { // ResourceRecord
+                  Value: `"${req.value}"`, // required
+                },
+              ],
+              ...appendBody
+            },
+          },
+        ],
+      },
+    };
+    this.logger.info(`添加域名解析参数：${JSON.stringify(input)}`);
+    const command = new ChangeResourceRecordSetsCommand(input);
+    const response = await this.doRequest(()=>client.send(command));
+    console.log('Add record successful:', JSON.stringify(response));
+    await utils.sleep(3000);
+    return response;
+    /*
+    // { // ChangeResourceRecordSetsResponse
+//   ChangeInfo: { // ChangeInfo
+//     Id: "STRING_VALUE", // required
+//     Status: "PENDING" || "INSYNC", // required
+//     SubmittedAt: new Date("TIMESTAMP"), // required
+//     Comment: "STRING_VALUE",
+//   },
+// };*/
+  }
+
+  async doRequest<T>(call:()=>Promise<T>):Promise<T>{
+    try{
+      return await call();
+    }catch(err){
+      this.logger.error(`调用接口失败:${err.Error?.Message || err.message},requestId:${err.requestId}`);
+      throw err;
+    }
+  }
+}
--- a/packages/ui/certd-server/src/plugins/plugin-aws/plugins/plugin-deploy-to-cloudfront.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/plugins/plugin-deploy-to-cloudfront.ts
@@ -1,7 +1,7 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
 import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
 import { AwsAccess, AwsRegions } from "../access.js";
-import { AwsAcmClient } from "../libs/aws-acm-client.js";
+import { AwsClient } from "../libs/aws-client.js";
 import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
 import { optionsUtils } from "@certd/basic";

@@ -115,9 +115,10 @@ export class AwsDeployToCloudFront extends AbstractTaskPlugin {
  }

  private async uploadToACM(access: AwsAccess, cert: CertInfo) {
-    const acmClient = new AwsAcmClient({
+    const acmClient = new AwsClient({
      access,
      region: this.region,
+      logger: this.logger,
    });
    const awsCertARN = await acmClient.importCertificate(cert);
    this.logger.info('证书上传成功,id=', awsCertARN);
--- a/packages/ui/certd-server/src/plugins/plugin-aws/plugins/plugin-upload-to-acm.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aws/plugins/plugin-upload-to-acm.ts
@@ -1,7 +1,7 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
 import { CertInfo } from '@certd/plugin-cert';
 import { AwsAccess, AwsRegions } from '../access.js';
-import { AwsAcmClient } from '../libs/aws-acm-client.js';
+import { AwsClient } from '../libs/aws-client.js';
 import { CertApplyPluginNames} from '@certd/plugin-cert';
@IsTaskPlugin({
  name: 'AwsUploadToACM',
@@ -59,9 +59,10 @@ export class AwsUploadToACM extends AbstractTaskPlugin {
  async execute(): Promise<void> {
    const { cert, accessId, region } = this;
    const access = await this.getAccess<AwsAccess>(accessId);
-    const acmClient = new AwsAcmClient({
+    const acmClient = new AwsClient({
      access,
      region,
+      logger: this.logger,
    });
    this.awsCertARN = await acmClient.importCertificate(cert);
    this.logger.info('证书上传成功,id=', this.awsCertARN);
--- a/packages/ui/certd-server/src/plugins/plugin-huawei/plugins/deploy-to-obs/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-huawei/plugins/deploy-to-obs/index.ts
@@ -170,13 +170,15 @@ export class HauweiDeployCertToOBS extends AbstractTaskPlugin {
    const params:any = {
      Bucket: bucket,
      DomainName: domain,
-      Name: this.buildCertName( domain)
+      DomainBody:{
+        Name: this.buildCertName( domain),  
+      }
    };
    if (typeof cert === 'string'){
-      params.CertificateId= cert
+      params.DomainBody.CertificateId= cert
    }else{
-      params.Certificate= cert.crt
-      params.PrivateKey = cert.key
+      params.DomainBody.Certificate= cert.crt
+      params.DomainBody.PrivateKey = cert.key
    }
    const res = await obsClient.setBucketCustomDomain(params)
    this.checkRet(res)
--- a/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/delete-expiring-cert/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/delete-expiring-cert/index.ts
@@ -54,8 +54,8 @@ export class TencentDeleteExpiringCert extends AbstractPlusTaskPlugin {
  @TaskInput({
    title: '即将过期天数',
    helper:
-      '仅删除有效期小于此天数的证书,\n<span class="color-red">注意：`1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数改为35天，保证删除之前就已经替换掉即将过期证书</span>',
-    value: 30,
+      '仅删除有效期小于此天数的证书',
+    value: 18,
    component: {
      name: 'a-input-number',
      vModel: 'value',
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml