perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -6,7 +6,7 @@ import { Logger } from "log4js";
 import { IContext } from "@certd/pipeline";
 import { IDnsProvider } from "../../dns-provider/index.js";
 import psl from "psl";
-import { ClientExternalAccountBindingOptions } from "@certd/acme-client";
+import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
 
 export type CertInfo = {
   crt: string;
@@ -14,19 +14,24 @@ export type CertInfo = {
   csr: string;
 };
 export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
+type AcmeServiceOptions = {
+  userContext: IContext;
+  logger: Logger;
+  sslProvider: SSLProvider;
+  eab?: ClientExternalAccountBindingOptions;
+  skipLocalVerify?: boolean;
+  useMappingProxy?: boolean;
+};
+
 export class AcmeService {
+  options: AcmeServiceOptions;
   userContext: IContext;
   logger: Logger;
   sslProvider: SSLProvider;
   skipLocalVerify = true;
   eab?: ClientExternalAccountBindingOptions;
-  constructor(options: {
-    userContext: IContext;
-    logger: Logger;
-    sslProvider: SSLProvider;
-    eab?: ClientExternalAccountBindingOptions;
-    skipLocalVerify?: boolean;
-  }) {
+  constructor(options: AcmeServiceOptions) {
+    this.options = options;
     this.userContext = options.userContext;
     this.logger = options.logger;
     this.sslProvider = options.sslProvider || "letsencrypt";
@@ -61,6 +66,13 @@ export class AcmeService {
     } else {
       directoryUrl = acme.directory[this.sslProvider].production;
     }
+    const urlMapping: UrlMapping = { enabled: false, mappings: {} };
+    if (this.options.useMappingProxy) {
+      urlMapping.enabled = true;
+      urlMapping.mappings = {
+        "acme-v02.api.letsencrypt.org": "letsencrypt-proxy.handsfree.work",
+      };
+    }
     const client = new acme.Client({
       directoryUrl: directoryUrl,
       accountKey: conf.key,
@@ -69,6 +81,7 @@ export class AcmeService {
       backoffAttempts: 30,
       backoffMin: 5000,
       backoffMax: 10000,
+      urlMapping,
     });
 
     if (conf.accountUrl == null) {

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -80,6 +80,17 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
   })
   dnsProviderAccess!: string;
 
+  @TaskInput({
+    title: "使用代理",
+    default: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    helper: "如果acme-v02.api.letsencrypt.org被墙无法连接访问，请尝试开启此选项",
+  })
+  useProxy = false;
+
   @TaskInput({
     title: "跳过本地校验DNS",
     default: false,
@@ -104,6 +115,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       sslProvider: this.sslProvider,
       eab,
       skipLocalVerify: this.skipLocalVerify,
+      useMappingProxy: this.useProxy,
     });
   }