v1.38.8

build: prepare to build
perf: 支持设置默认的证书申请地址的反向代理
2026-04-27 06:57:25 +08:00 · 2026-02-07 02:27:52 +08:00 · 2026-02-07 02:23:58 +08:00 · 2026-02-07 02:20:27 +08:00 · 2026-02-07 00:03:37 +08:00 · 2026-02-06 23:35:35 +08:00
56 changed files with 467 additions and 185 deletions
@@ -3,6 +3,15 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Bug Fixes
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.38.7"
+  "version": "1.38.8"
 }
@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/publishlab/node-acme-client/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/publishlab/node-acme-client/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/publishlab/node-acme-client/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+
 ## [1.38.7](https://github.com/publishlab/node-acme-client/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Performance Improvements
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.38.7",
+    "version": "1.38.8",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.38.7",
+        "@certd/basic": "^1.38.8",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -601,7 +601,10 @@ class AcmeClient {
        };

        this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, JSON.stringify(this.backoffOpts));
-        return util.retry(verifyFn, this.backoffOpts);
+        const log = (...args)=>{
+            this.logger.info(...args)
+        }
+        return util.retry(verifyFn, this.backoffOpts,log);
    }

    /**
@@ -57,6 +57,32 @@ export function getDirectoryUrl(opts) {
  return list.production
 }

+
+export function getAllSslProviderDomains() {
+  const list = Object.values(directory).map((item) => {
+    let url =  item.production.replace('https://', '')
+    url = url.substring(0, url.indexOf('/'))
+    return url
+  })
+  return list
+}
+
+let sslProviderReverseProxies = {}
+
+function initSslProviderReverseProxies() {
+  for (const sslProvider of getAllSslProviderDomains()) {
+    sslProviderReverseProxies[sslProvider] = ""
+  }
+}
+initSslProviderReverseProxies()
+
+export function getSslProviderReverseProxies() {
+  return sslProviderReverseProxies
+}
+export function setSslProviderReverseProxies(reverseProxies) {
+  Object.assign(sslProviderReverseProxies, reverseProxies)
+}
+
 /**
 * Crypto
 */
@@ -52,11 +52,17 @@ async function retryPromise(fn, attempts, backoff, logger = log) {
    let aborted = false;

    try {
-        const data = await fn(() => { aborted = true; });
+        const setAbort = () => { aborted = true; }
+        const data = await fn(setAbort);
        return data;
    }
    catch (e) {
-        if (aborted || ((backoff.attempts + 1) >= attempts)) {
+        if (aborted){
+            logger(`用户取消重试`);
+            throw e;
+        }
+        if ( ((backoff.attempts + 1) >= attempts)) {
+            logger(`重试次数超过${attempts}次`);
            throw e;
        }

@@ -118,6 +118,9 @@ export const directory: {
 };

 export function getDirectoryUrl(opts:{sslProvider:string, pkType: string}): string;
+export function getAllSslProviderDomains(): string[];
+export function getSslProviderReverseProxies(): Record<string, string>;
+export function setSslProviderReverseProxies(reverseProxies: Record<string, string>): void;

 /**
 * Crypto
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-16:26
+02:23
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,7 +18,7 @@ export function resetLogConfigure() {
  });
 }
 resetLogConfigure();
-export const logger = log4js.getLogger("default");
+export const logger: ILogger = log4js.getLogger("default") as any;

 export function resetLogFilePath(filePath: string) {
  logFilePath = filePath;
@@ -77,6 +77,8 @@ export type ILogger = {
  fatal(message: any, ...args: any[]): void;

  mark(message: any, ...args: any[]): void;
+
+  addSecret(secret: string): void;
 };

 const locale = Intl.DateTimeFormat().resolvedOptions().locale;
@@ -106,10 +108,14 @@ export class PipelineLogger implements ILogger {

  constructor(name: string, write: (text: string) => void) {
    this.customWriter = write;
+    //@ts-ignore
    this.logger = log4js.getLogger(name);
  }

  addSecret(secret: string) {
+    if (!secret) {
+      return;
+    }
    this._secrets.push(secret);
  }

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.7",
-    "@certd/plus-core": "^1.38.7",
+    "@certd/basic": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.7",
+    "@certd/basic": "^1.38.8",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.38.7",
-    "@certd/basic": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
-    "@certd/plugin-lib": "^1.38.7",
-    "@certd/plus-core": "^1.38.7",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -76,6 +76,9 @@ export class SysPrivateSettings extends BaseSettings {

  httpsProxy? = '';
  httpProxy? = '';
+
+  reverseProxies?: Record<string, string> = {};
+
  dnsResultOrder? = '';
  commonCnameEnabled?: boolean = true;

@@ -4,10 +4,10 @@ import { Repository } from 'typeorm';
 import { SysSettingsEntity } from '../entity/sys-settings.js';
 import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';

-import { BaseService } from '../../../basic/index.js';
-import { cache, logger, setGlobalProxy } from '@certd/basic';
+import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
+import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
 import * as dns from 'node:dns';
-import {mergeUtils} from "@certd/basic";
+import { BaseService } from '../../../basic/index.js';
 import { executorQueue } from '../../basic/service/executor-queue.js';
 const {merge} = mergeUtils;
 /**
@@ -120,7 +120,14 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
  }

  async getPrivateSettings(): Promise<SysPrivateSettings> {
-    return await this.getSetting(SysPrivateSettings);
+    const res = await this.getSetting<SysPrivateSettings>(SysPrivateSettings);
+    const sslProviderDomains = getAllSslProviderDomains();
+    for (const domain of sslProviderDomains) {
+      if (!res.reverseProxies[domain]) {
+        res.reverseProxies[domain] = "";
+      }
+    }
+    return res
  }

  async savePrivateSettings(bean: SysPrivateSettings) {
@@ -145,6 +152,8 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
    if (bean.pipelineMaxRunningCount){
      executorQueue.setMaxRunningCount(bean.pipelineMaxRunningCount);
    }
+
+    setSslProviderReverseProxies(bean.reverseProxies);
  }

  async updateByKey(key: string, setting: any) {
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Performance Improvements
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.38.7",
-    "@certd/basic": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
-    "@certd/plugin-lib": "^1.38.7",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.38.7",
+  "version": "1.38.8",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.7",
-    "@certd/basic": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
-    "@certd/plus-core": "^1.38.7",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
+    "@certd/lib-iframe": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -161,27 +161,30 @@ function openStarModal(vipType: string) {
    return;
  }
  Modal.destroyAll();
-  const goGithub = () => {
-    window.open("https://github.com/certd/certd/");
-  };

-  modal.confirm({
-    title: t("vip.get_7_day_pro_trial"),
-    okText: t("vip.star_now"),
-    onOk() {
-      goGithub();
-      openTrialModal(vipType);
-    },
-    width: 600,
-    content: () => {
-      return (
-        <div class="flex mt-10 mb-10">
-          <div>{t("vip.please_help_star")}</div>
-          <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
-        </div>
-      );
-    },
-  });
+  openTrialModal(vipType);
+
+  // const goGithub = () => {
+  //   window.open("https://github.com/certd/certd/");
+  // };
+
+  // modal.confirm({
+  //   title: t("vip.get_7_day_pro_trial"),
+  //   okText: t("vip.star_now"),
+  //   onOk() {
+  //     goGithub();
+  //     openTrialModal(vipType);
+  //   },
+  //   width: 600,
+  //   content: () => {
+  //     return (
+  //       <div class="flex mt-10 mb-10">
+  //         <div>{t("vip.please_help_star")}</div>
+  //         <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
+  //       </div>
+  //     );
+  //   },
+  // });
 }

 function openUpgrade() {
@@ -511,6 +511,7 @@ export default {
  selectRecordFirst: "Please select records first",
  subdomainHosted: "Hosted Subdomain",
  subdomainHelpText: "If you don't understand what subdomain hosting is,Do not set it randomly, as it may result in the inability to apply for the certificate. please refer to the documentation ",
+  subdomainHelpSupportStart: "Supports * wildcard, indicating that all subdomains of the domain are hosted (free subdomains)",
  subdomainManagement: "Subdomain Management",
  isDisabled: "Is Disabled",
  enabled: "Enabled",
@@ -784,6 +785,7 @@ export default {
      captchaSetting: "Captcha Setting",
      pipelineSetting: "Pipeline Settings",
      oauthSetting: "OAuth2 Settings",
+      networkSetting: "Network Settings",

      showRunStrategy: "Show RunStrategy",
      showRunStrategyHelper: "Allow modify the run strategy of the task",
@@ -835,6 +837,11 @@ export default {
      notice: "System Notice",
      noticeHelper: "System notice, will be displayed on the login page",
      noticePlaceholder: "System notice",
+
+      reverseProxy: "Reverse Proxy List",
+      reverseProxyHelper: "Reverse proxy for ACME address, used when applying for certificate",
+      reverseProxyPlaceholder: "http://le.px.handfree.work",
+      reverseProxyEmpty: "No reverse proxy list configured",
    },
  },
  modal: {
@@ -521,6 +521,7 @@ export default {
  selectRecordFirst: "请先勾选记录",
  subdomainHosted: "托管的子域名",
  subdomainHelpText: "如果您不理解什么是子域托管，请不要随意设置（可能导致证书无法申请，以前设置过的cname记录也需要重新配置），可以参考文档",
+  subdomainHelpSupportStart: "支持*号通配符,表示该域名下的子域名都是托管的（免费子域名）",
  subdomainManagement: "子域管理",
  isDisabled: "是否禁用",
  enabled: "启用",
@@ -791,6 +792,7 @@ export default {
      captchaSetting: "验证码设置",
      pipelineSetting: "流水线设置",
      oauthSetting: "第三方登录",
+      networkSetting: "网络设置",

      showRunStrategy: "显示运行策略选择",
      showRunStrategyHelper: "任务设置中是否允许选择运行策略",
@@ -850,6 +852,11 @@ export default {
      notice: "系统公告",
      noticeHelper: "系统公告，将在首页显示",
      noticePlaceholder: "系统公告",
+
+      reverseProxy: "反向代理列表",
+      reverseProxyHelper: "证书颁发机构ACME地址的反向代理，在申请证书时自动使用",
+      reverseProxyPlaceholder: "http://le.px.handfree.work",
+      reverseProxyEmpty: "未配置反向代理",
    },
  },
  modal: {
@@ -93,6 +93,7 @@ export type SuiteSetting = {
 export type SysPrivateSetting = {
  httpProxy?: string;
  httpsProxy?: string;
+  reverseProxies?: any;
  dnsResultOrder?: string;
  commonCnameEnabled?: boolean;
  // 同一个用户同时最大运行流水线数量
@@ -372,6 +372,13 @@ h6 {
  border-spacing: 0;
  overflow: auto;

+  &.cd-table-none-border {
+    border: 0 !important;
+    td, th {
+      border: 0 !important;
+    }
+  }
+
  .fs-loading {
    position: absolute;
    left: 0;
@@ -28,7 +28,7 @@ export async function TwoFactorAuthenticatorGet() {
    url: apiPrefix + "/twoFactor/authenticator/qrcode",
    method: "post",
  });
-  return res as string; //base64
+  return res as { qrcode: string; link: string; secret: string }; //base64
 }

 export async function TwoFactorAuthenticatorSave(req: AuthenticatorSaveReq) {
@@ -57,6 +57,17 @@
            <div class="ml-20">
              <img class="full-w" :src="authenticatorForm.qrcodeSrc" />
            </div>
+            <div class="ml-20 mt-5">
+              <div>您也可以手动添加：</div>
+              <div class="flex mt-5">
+                <a-tag type="primary" color="green" class="mr-2">Secret：</a-tag>
+                <fs-copyable :model-value="authenticatorForm.secret" />
+              </div>
+              <div class="flex mt-5">
+                <a-tag type="primary" color="green" class="mr-2">Link：</a-tag>
+                <fs-copyable :model-value="authenticatorForm.link" />
+              </div>
+            </div>
          </div>
          <h3 class="font-bold m-10">{{ t("certd.step3") }}</h3>
          <div class="ml-20">
@@ -97,6 +108,8 @@ const formState = reactive<Partial<UserTwoFactorSetting>>({
 const authenticatorForm = reactive({
  qrcodeSrc: "",
  verifyCode: "",
+  link: "",
+  secret: "",
  open: false,
 });

@@ -110,9 +123,14 @@ watch(
  async open => {
    if (open) {
      //base64 转图片
-      authenticatorForm.qrcodeSrc = await api.TwoFactorAuthenticatorGet();
+      const { qrcode, link, secret } = await api.TwoFactorAuthenticatorGet();
+      authenticatorForm.qrcodeSrc = qrcode;
+      authenticatorForm.link = link;
+      authenticatorForm.secret = secret;
    } else {
      authenticatorForm.qrcodeSrc = "";
+      authenticatorForm.link = "";
+      authenticatorForm.secret = "";
      authenticatorForm.verifyCode = "";
    }
  }
@@ -1065,7 +1065,7 @@ export default defineComponent({
    }

    .layout-right {
-      width: 364px;
+      width: 368px;
      height: 100%;
      max-width: 90vw;
    }
@@ -1292,7 +1292,7 @@ export default defineComponent({
  .layout-right {
    position: relative;
    &.collapsed {
-      margin-right: max(-364px, -90vw);
+      margin-right: max(-368px, -90vw);
    }

    .collapse-toggle {
@@ -80,10 +80,13 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
              render() {
                return (
                  <div>
-                    {t("certd.subdomainHelpText")}
-                    <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
-                      {t("certd.subdomainManagement")}
-                    </a>
+                    <div>
+                      1. {t("certd.subdomainHelpText")}
+                      <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
+                        {t("certd.subdomainManagement")}
+                      </a>
+                    </div>
+                    <div>2. {t("certd.subdomainHelpSupportStart")}</div>
                  </div>
                );
              },
@@ -26,6 +26,9 @@
        <a-tab-pane key="pipeline" :tab="t('certd.sys.setting.pipelineSetting')">
          <SettingPipeline v-if="activeKey === 'pipeline'" />
        </a-tab-pane>
+        <a-tab-pane key="network" :tab="t('certd.sys.setting.networkSetting')">
+          <SettingNetwork v-if="activeKey === 'network'" />
+        </a-tab-pane>
      </a-tabs>
    </div>
  </fs-page>
@@ -39,6 +42,7 @@ import SettingSafe from "/@/views/sys/settings/tabs/safe.vue";
 import SettingCaptcha from "/@/views/sys/settings/tabs/captcha.vue";
 import SettingPipeline from "/@/views/sys/settings/tabs/pipeline.vue";
 import SettingOauth from "/@/views/sys/settings/tabs/oauth.vue";
+import SettingNetwork from "/@/views/sys/settings/tabs/network.vue";
 import { useRoute, useRouter } from "vue-router";
 import { ref } from "vue";
 import { useSettingStore } from "/@/store/settings";
@@ -15,33 +15,6 @@
        <a-switch v-model:checked="formState.public.robots" />
      </a-form-item>

-      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
-        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
-        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
-        <div class="flex">
-          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
-          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
-        </div>
-        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
-        <a-select v-model:value="formState.private.dnsResultOrder">
-          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
-          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
-          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
-        </a-select>
-        <div class="helper">{{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a></div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
-        <a-switch v-model:checked="formState.public.showRunStrategy" />
-        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
-      </a-form-item>
-
      <a-form-item :label="t('certd.enableCommonCnameService')" :name="['private', 'commonCnameEnabled']">
        <a-switch v-model:checked="formState.private.commonCnameEnabled" />
        <div class="helper" v-html="t('certd.commonCnameHelper')"></div>
@@ -60,16 +33,14 @@
 </template>

 <script setup lang="tsx">
-import { reactive, ref } from "vue";
-import { SysSettings } from "/@/views/sys/settings/api";
-import * as api from "/@/views/sys/settings/api";
-import { merge } from "lodash-es";
-import { useSettingStore } from "/@/store/settings";
 import { notification } from "ant-design-vue";
-import { util } from "/@/utils";
+import { merge } from "lodash-es";
+import { reactive, ref } from "vue";
+import { useSettingStore } from "/@/store/settings";
+import * as api from "/@/views/sys/settings/api";
+import { SysSettings } from "/@/views/sys/settings/api";
+
 import { useI18n } from "/src/locales";
-import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
-import CaptchaInput from "/@/components/captcha/captcha-input.vue";
 const { t } = useI18n();

 defineOptions({
@@ -84,11 +55,6 @@ const formState = reactive<Partial<SysSettings>>({
  private: {},
 });

-const urlRules = ref({
-  type: "url",
-  message: "请输入正确的URL",
-});
-
 async function loadSysSettings() {
  const data: any = await api.SysSettingsGet();
  merge(formState, data);
@@ -110,43 +76,6 @@ const onFinish = async (form: any) => {
    saveLoading.value = false;
  }
 };
-
-const testProxyLoading = ref(false);
-async function testProxy() {
-  testProxyLoading.value = true;
-  try {
-    const res = await api.TestProxy();
-    let success = true;
-    if (res.google !== true || res.baidu !== true) {
-      success = false;
-    }
-    const content = () => {
-      return (
-        <div>
-          <div>
-            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
-          </div>
-          <div>
-            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
-          </div>
-        </div>
-      );
-    };
-    if (!success) {
-      notification.error({
-        message: t("certd.testFailed"),
-        description: content,
-      });
-      return;
-    }
-    notification.success({
-      message: t("certd.testCompleted"),
-      description: content,
-    });
-  } finally {
-    testProxyLoading.value = false;
-  }
-}
 </script>
 <style lang="less">
 .sys-settings-base {
@@ -0,0 +1,127 @@
+<template>
+  <div class="sys-settings-form sys-settings-network">
+    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
+      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
+        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
+        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
+        <div class="flex">
+          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
+          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
+        </div>
+        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
+        <a-select v-model:value="formState.private.dnsResultOrder">
+          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
+          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
+          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
+        </a-select>
+        <div class="helper">
+          {{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a>
+        </div>
+      </a-form-item>
+      <a-form-item :label="t('certd.sys.setting.reverseProxy')" :name="['private', 'reverseProxy']">
+        <div class="mt-5">
+          <div v-for="(value, key) in formState.private.reverseProxies" :key="key" class="flex items-center p-2 border-b border-gray-300">
+            <span class="flex-1">{{ key }}</span>
+            <span class="flex-1 ml-5"><a-input v-model:value="formState.private.reverseProxies[key]" placeholder="proxy.xxxx.com" allow-clear /></span>
+          </div>
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.reverseProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { proxyRefs, reactive, ref } from "vue";
+import { SysSettings } from "/@/views/sys/settings/api";
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/settings";
+import { message, notification } from "ant-design-vue";
+import { useI18n } from "/src/locales";
+const { t } = useI18n();
+import { util } from "/@/utils";
+defineOptions({
+  name: "SettingNetwork",
+});
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {},
+  private: {},
+});
+
+const urlRules = ref({
+  type: "url",
+  message: "请输入正确的URL",
+});
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+    form.private.reverseProxies = formState.private.reverseProxies;
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: t("certd.saveSuccess"),
+    });
+  } finally {
+    saveLoading.value = false;
+  }
+};
+
+const testProxyLoading = ref(false);
+async function testProxy() {
+  testProxyLoading.value = true;
+  try {
+    const res = await api.TestProxy();
+    let success = true;
+    if (res.google !== true || res.baidu !== true) {
+      success = false;
+    }
+    const content = () => {
+      return (
+        <div>
+          <div>
+            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
+          </div>
+          <div>
+            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
+          </div>
+        </div>
+      );
+    };
+    if (!success) {
+      notification.error({
+        message: t("certd.testFailed"),
+        description: content,
+      });
+      return;
+    }
+    notification.success({
+      message: t("certd.testCompleted"),
+      description: content,
+    });
+  } finally {
+    testProxyLoading.value = false;
+  }
+}
+</script>
+<style lang="less"></style>
@@ -8,6 +8,10 @@
        <a-input-number v-model:value="formState.public.limitUserPipelineCount" />
        <div class="helper">{{ t("certd.limitUserPipelineCountHelper") }}</div>
      </a-form-item>
+      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
+        <a-switch v-model:checked="formState.public.showRunStrategy" />
+        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
+      </a-form-item>
      <a-form-item :label="t('certd.sys.setting.pipelineValidTimeEnabled')" :name="['public', 'pipelineValidTimeEnabled']">
        <div class="flex items-center">
          <a-switch v-model:checked="formState.public.pipelineValidTimeEnabled" :disabled="!settingsStore.isPlus" />
@@ -3,6 +3,15 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Performance Improvements
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -48,20 +48,20 @@
    "@aws-sdk/client-iam": "^3.964.0",
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.7",
-    "@certd/basic": "^1.38.7",
-    "@certd/commercial-core": "^1.38.7",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/commercial-core": "^1.38.8",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.7",
-    "@certd/lib-huawei": "^1.38.7",
-    "@certd/lib-k8s": "^1.38.7",
-    "@certd/lib-server": "^1.38.7",
-    "@certd/midway-flyway-js": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
-    "@certd/plugin-cert": "^1.38.7",
-    "@certd/plugin-lib": "^1.38.7",
-    "@certd/plugin-plus": "^1.38.7",
-    "@certd/plus-core": "^1.38.7",
+    "@certd/jdcloud": "^1.38.8",
+    "@certd/lib-huawei": "^1.38.8",
+    "@certd/lib-k8s": "^1.38.8",
+    "@certd/lib-server": "^1.38.8",
+    "@certd/midway-flyway-js": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-cert": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
+    "@certd/plugin-plus": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -48,8 +48,8 @@ export class UserTwoFactorSettingController extends BaseController {
  @Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
  async authenticatorQrcode() {
    const userId = this.getUserId();
-    const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
-    return this.ok(qrcode);
+    const {qrcode,link,secret} = await this.twoFactorService.getAuthenticatorQrCode(userId);
+    return this.ok({qrcode,link,secret}); 
  }

  @Post("/authenticator/save", { summary: Constants.per.authOnly })
@@ -33,7 +33,8 @@ export class TwoFactorService {

    //生成qrcode base64
    const qrcode = await import("qrcode");
-    return await qrcode.toDataURL(qrcodeContent);
+    const qrcodeBase64 = await qrcode.toDataURL(qrcodeContent);
+    return {qrcode:qrcodeBase64,link:qrcodeContent,secret}

  }

@@ -1,5 +1,5 @@
-import {ISubDomainsGetter} from "@certd/plugin-cert";
-import {SubDomainService} from "../sub-domain-service.js";
+import { ISubDomainsGetter } from "@certd/plugin-cert";
+import { SubDomainService } from "../sub-domain-service.js";
 import { DomainService } from "../../../cert/service/domain-service.js";

 export class SubDomainsGetter implements ISubDomainsGetter {
@@ -18,18 +18,39 @@ export class SubDomainsGetter implements ISubDomainsGetter {
  }

  async hasSubDomain(fullDomain: string) {
+    let arr = fullDomain.split(".")
    const subDomains = await this.getSubDomains()
-     if (subDomains && subDomains.length > 0) {
+    if (subDomains && subDomains.length > 0) {
      const fullDomainDot = "." + fullDomain;
      for (const subDomain of subDomains) {
        if (fullDomainDot.endsWith("." + subDomain)) {
          //找到子域名托管
          return subDomain;
        }
+
+        if (subDomain.startsWith("*.")) {
+          //如果子域名配置的是泛域名，说明这一层及以下的子域名都是托管的
+          //以fullDomain在这一层的子域名作为返回值
+          const nonStarDomain = subDomain.slice(1)
+          if (fullDomainDot.endsWith(nonStarDomain)) {
+            //提取fullDomain在这一层的子域名
+            const fullArr = arr.reverse()
+            const subArr = subDomain.split(".").reverse()
+            let strBuilder = ""
+            for (let i =0 ;i<subArr.length;i++) {
+              if (strBuilder) {
+                strBuilder = fullArr[i] + "." + strBuilder
+              } else {
+                strBuilder = fullArr[i]
+              }
+            }
+            return strBuilder
+          }
+        }
+
      }
    }
-    let arr = fullDomain.split(".")
-    while(arr.length>0){
+    while (arr.length > 0) {
      const subDomain = arr.join(".")
      const domain = await this.domainService.findOne({
        where: {
@@ -38,10 +59,10 @@ export class SubDomainsGetter implements ISubDomainsGetter {
          challengeType: "dns",
        }
      })
-      if(domain){
+      if (domain) {
        return subDomain
      }
-       arr = arr.slice(1)
+      arr = arr.slice(1)
    }
    return null
  }
@@ -151,6 +151,7 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
  }

  async SetCdnDomainSSLCertificate(client: any, params: { CertId: number; DomainName: string,CertName:string,CertRegion:string }) {
+    this.logger.info('设置CDN: ',JSON.stringify(params));
    const requestOption = {
      method: 'POST',
      formatParams: false,
@@ -1,13 +1,12 @@
 // @ts-ignore
 import * as acme from "@certd/acme-client";
 import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
-import * as _ from "lodash-es";
 import { Challenge } from "@certd/acme-client/types/rfc8555.js";
-import { IContext } from "@certd/pipeline";
 import { ILogger, utils } from "@certd/basic";
+import { IContext } from "@certd/pipeline";
+import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 import punycode from "punycode.js";
 import { IOssClient } from "../../../plugin-lib/index.js";
-import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 export type CnameVerifyPlan = {
  type?: string;
  domain: string;
@@ -112,11 +111,26 @@ export class AcmeService {
  }

  async getAcmeClient(email: string): Promise<acme.Client> {
-    const mappings = {};
-    if (this.sslProvider === "letsencrypt") {
-      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
-    } else if (this.sslProvider === "google") {
-      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
+
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+    let targetUrl = directoryUrl.replace("https://", "");
+    targetUrl = targetUrl.substring(0, targetUrl.indexOf("/"));
+    
+    const mappings = {
+      "acme-v02.api.letsencrypt.org": "le.px.certd.handfree.work",
+      "dv.acme-v02.api.pki.goog": "gg.px.certd.handfree.work",
+    };
+    const reverseProxies = acme.getSslProviderReverseProxies();
+    if (reverseProxies) {
+      for (const key in reverseProxies) {
+        const value = reverseProxies[key];
+        if (value) {
+          mappings[key] = value;
+        }
+      }
+    }
+    if (this.options.reverseProxy && targetUrl) {
+      mappings[targetUrl] = this.options.reverseProxy;
    }
    const urlMapping: UrlMapping = {
      enabled: false,
@@ -128,7 +142,7 @@ export class AcmeService {
      await this.saveAccountConfig(email, conf);
      this.logger.info(`创建新的Accountkey:${email}`);
    }
-    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
@@ -147,7 +161,7 @@ export class AcmeService {
      externalAccountBinding: this.eab,
      backoffAttempts: this.options.maxCheckRetryCount || 20,
      backoffMin: 5000,
-      backoffMax: 1000*1000,
+      backoffMax: 30 * 1000,
      urlMapping,
      signal: this.options.signal,
      logger: this.logger,
@@ -434,11 +448,7 @@ export class AcmeService {
    if (domains.length === 0) {
      throw new Error("domain can not be empty");
    }
-    // const commonName = domains[0];
-    // let altNames: undefined | string[] = undefined;
-    // if (domains.length > 1) {
-    //   altNames = _.slice(domains, 1);
-    // }
+
    return {
      // commonName,
      altNames: domains,
@@ -458,6 +458,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
    this.eab = eab;
    const subDomainsGetter = await this.ctx.serviceGetter.get<ISubDomainsGetter>("subDomainsGetter");
    const domainParser = new DomainParser(subDomainsGetter, this.logger);
+
    this.acme = new AcmeService({
      userId: this.ctx.user.id,
      userContext: this.userContext,
@@ -673,6 +674,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      },
    };
  }
+
+  async onGetReverseProxyList() {
+    const sysSettingsService:any = await this.ctx.serviceGetter.get("sysSettingsService");
+    const sysSettings = await sysSettingsService.getPrivateSettings();
+    return sysSettings.reverseProxyList || []
+  }
 }

 new CertApplyPlugin();
@@ -60,6 +60,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
  abstract doCertApply(): Promise<CertReader>;

  async execute(): Promise<string | void> {
+    this.logger.addSecret(this.pfxPassword);
    const oldCert = await this.condition();
    if (oldCert != null) {
      await this.output(oldCert, false);
Author	SHA1	Message	Date
xiaojunnuo	4fda6cbcde	v1.38.8	2026-02-07 02:27:52 +08:00
xiaojunnuo	2bbba897ec	build: prepare to build	2026-02-07 02:23:58 +08:00
xiaojunnuo	0cfb94b0ba	perf: 支持设置默认的证书申请地址的反向代理	2026-02-07 02:20:27 +08:00
xiaojunnuo	3f7ac93932	perf: 子域名托管域名支持配置通配符	2026-02-07 00:03:37 +08:00
xiaojunnuo	96c36b4f6a	chore: aliyun cdn log	2026-02-06 23:35:35 +08:00
xiaojunnuo	febd6d32cf	perf: 双重验证显示secret	2026-02-06 23:26:57 +08:00
xiaojunnuo	cbd8699801	chore: 移除 github star	2026-02-06 23:04:39 +08:00
xiaojunnuo	74400aacc6	chore: 敏感数据隐藏输出	2026-02-06 16:49:19 +08:00
xiaojunnuo	9f55c3605a	chore: 1	2026-02-06 16:36:57 +08:00
xiaojunnuo	8d61e8179f	chore: 1	2026-02-06 16:29:53 +08:00
xiaojunnuo	f250889c3e	Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev	2026-02-06 16:26:32 +08:00
xiaojunnuo	00f67d86d6	perf: 优化申请证书最大超时时长	2026-02-06 16:26:26 +08:00
@@ -1 +1 @@
 :26
 :23