fix: Parse PEM chain and import certificate chain (#747)

Split the PEM in certInfo.crt into a leaf certificate and intermediate chain (using a lookbehind regex), trim the blocks, and pass the chain to ImportCertificateCommand only when present. Replace console.log with this.logger.info and log the returned CertificateArn. This ensures the leaf cert is uploaded separately from its chain and avoids sending an empty CertificateChain.
2026-06-10 10:37:34 +08:00 · 2026-06-07 22:28:39 -04:00
parent 61e3f5761c
commit 454912d314
1 changed files with 10 additions and 3 deletions
@@ -30,16 +30,23 @@ export class AwsClient {
      },
    });

-    const cert = certInfo.crt.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----";
+    // Split the full PEM chain: first block is the leaf cert, the rest is the intermediate chain
+    const pemBlocks = certInfo.crt.split(/(?<=-----END CERTIFICATE-----)/);
+    const cert = pemBlocks[0].trim();
+    const chain = pemBlocks
+      .slice(1)
+      .join("")
+      .trim();
+
    // 构建上传参数
    const data = await acmClient.send(
      new ImportCertificateCommand({
        Certificate: Buffer.from(cert),
        PrivateKey: Buffer.from(certInfo.key),
-        // CertificateChain: certificateChain, // 可选
+        CertificateChain: chain ? Buffer.from(chain) : undefined,
      })
    );
-    console.log("Upload successful:", data);
+    this.logger.info(`Upload successful: ${data.CertificateArn}`);
    // 返回证书 ARN（Amazon Resource Name）
    return data.CertificateArn;
  }