chore: 优化安装脚本

chore: 1
perf: 支持一键安装脚本
2026-04-24 20:38:52 +08:00 · 2026-04-23 01:24:49 +08:00 · 2026-04-23 01:17:15 +08:00 · 2026-04-23 01:03:54 +08:00 · 2026-04-22 23:48:12 +08:00 · 2026-04-22 23:47:02 +08:00
107 changed files with 10709 additions and 297 deletions
@@ -145,6 +145,20 @@ async doRequest(req: { action: string, data?: any }) {
        utils: typeof utils;
        accessService: IAccessService;
      }
+
+      // this.ctx.http 只有request方法
+      // 方法参数
+      export type HttpRequestConfig<D = any> = {
+        skipSslVerify?: boolean;
+        skipCheckRes?: boolean;
+        logParams?: boolean;
+        logRes?: boolean;
+        logData?: boolean;
+        httpProxy?: string;
+        returnOriginRes?: boolean;
+      } & AxiosRequestConfig<D>;
+
+      
   */
  const res = await this.ctx.http.request({
    url: "https://api.demo.cn/api/",
@@ -105,6 +105,28 @@ async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
 }
 ```

+### 6. 实现 getDomainListPage 方法
+```typescript
+  /**
+   * 实现获取域名列表
+   */
+  async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    const pager = new Pager(req);
+    const res = await this.http.request({
+      // 请求接口获取域名列表
+    })
+    const list = res.Domains?.map(item => ({
+      id: item.Id,
+      domain: item.DomainName,
+    })) || []
+
+    return {
+      list,
+      total: res.Total,
+    }
+  }
+```
+
 ### 6. 实例化插件

 ```typescript
@@ -204,11 +226,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {

    this.logger.info('删除域名解析成功:', fullRecord, value);
  }
+
+  /**
+   * 实现获取域名列表
+   */
+  async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    const pager = new Pager(req);
+    const res = await this.http.request({
+      // 请求接口获取域名列表
+    })
+    const list = res.Domains?.map(item => ({
+      id: item.Id,
+      domain: item.DomainName,
+    })) || []
+
+    return {
+      list,
+      total: res.Total,
+    }
+  }
 }

 // 实例化这个 provider，将其自动注册到系统中
-if (isDev()) {
-  // 你的实现 要去掉这个 if，不然生产环境将不会显示
-  new DemoDnsProvider();
-}
+new DemoDnsProvider();
+
 ```
@@ -3,6 +3,25 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Bug Fixes
+
+* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
+* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
+* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
+* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
+* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
+
+### Performance Improvements
+
+* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
+* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
+* 流水线修改编辑之后，增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
+* 修复检查全部某些情况下无效的bug，优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
+* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
+* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Bug Fixes
@@ -95,7 +95,15 @@ https://certd.handfree.work/
 3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
 4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) ： 首充翻倍，每月仅需2.2元    
 [<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
-5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
+
+5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)（自动安装 Docker，Certd）：
+```bash
+ curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
+```
+
+6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
+
+

 #### Docker镜像说明：
 * 国内镜像地址:
@@ -0,0 +1,340 @@
+#!/bin/bash
+set -e
+
+CERTD_VERSION="${CERTD_VERSION:-latest}"
+INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
+COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
+COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
+
+DOCKER_MIRROR="https://mirrors.aliyun.com"
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+check_command() {
+    command -v "$1" >/dev/null 2>&1
+}
+
+get_local_ip() {
+    LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
+    if [ -z "$LOCAL_IP" ]; then
+        LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
+    fi
+    if [ -z "$LOCAL_IP" ]; then
+        LOCAL_IP="127.0.0.1"
+    fi
+    echo "$LOCAL_IP"
+}
+
+get_public_ip() {
+    PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
+    if [ -z "$PUBLIC_IP" ]; then
+        PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
+    fi
+    if [ -z "$PUBLIC_IP" ]; then
+        PUBLIC_IP=""
+    fi
+    echo "$PUBLIC_IP"
+}
+
+show_access_urls() {
+    LOCAL_IP=$(get_local_ip)
+    PUBLIC_IP=$(get_public_ip)
+
+    echo ""
+    echo "=========================================="
+    log_info "安装完成!"
+    echo "=========================================="
+    echo ""
+    echo "访问地址:"
+    if [ -n "$PUBLIC_IP" ]; then
+        echo -e "  ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
+    fi
+    echo -e "  ${GREEN}局域网:${NC}  http://$LOCAL_IP:7001"
+    echo ""
+    echo "配置文件: $COMPOSE_FILE"
+    echo ""
+    echo "常用命令:"
+    echo "  cd $INSTALL_DIR"
+    echo "  docker compose logs -f     # 查看日志"
+    echo "  docker compose restart     # 重启服务"
+    echo "  docker compose down        # 停止服务"
+    echo ""
+}
+
+detect_os() {
+    if [ -f /etc/os-release ]; then
+        . /etc/os-release
+        OS=$ID
+        VER=$VERSION_ID
+    elif [ -f /etc/centos-release ]; then
+        OS="centos"
+    elif [ -f /etc/redhat-release ]; then
+        OS="rhel"
+    else
+        OS="unknown"
+    fi
+}
+
+check_docker() {
+    if check_command docker; then
+        DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
+        log_info "Docker 已安装: $DOCKER_VERSION"
+        return 0
+    else
+        log_warn "Docker 未安装"
+        return 1
+    fi
+}
+
+check_docker_compose() {
+    if check_command docker-compose; then
+        COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
+        log_info "Docker Compose 已安装: $COMPOSE_VERSION"
+        return 0
+    elif docker compose version >/dev/null 2>&1; then
+        log_info "Docker Compose (插件版) 已安装"
+        return 0
+    else
+        log_warn "Docker Compose 未安装"
+        return 1
+    fi
+}
+
+install_docker_ubuntu() {
+    log_info "正在安装 Docker (Ubuntu/Debian)..."
+    apt-get update
+    apt-get install -y ca-certificates curl gnupg lsb-release
+
+    mkdir -p /etc/apt/keyrings
+    curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
+    curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+    apt-get update
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+    systemctl enable docker
+    systemctl start docker
+
+    log_info "Docker 安装完成"
+}
+
+install_docker_centos() {
+    log_info "正在安装 Docker (CentOS/RHEL)..."
+    yum install -y yum-utils
+    yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
+    yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+    systemctl enable docker
+    systemctl start docker
+
+    log_info "Docker 安装完成"
+}
+
+install_dockerrocky() {
+    log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
+    dnf install -y yum-utils
+    dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
+    dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+    systemctl enable docker
+    systemctl start docker
+
+    log_info "Docker 安装完成"
+}
+
+install_docker_debian() {
+    log_info "正在安装 Docker (Debian)..."
+    apt-get update
+    apt-get install -y ca-certificates curl gnupg2
+
+    mkdir -p /etc/apt/keyrings
+    curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
+
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
+
+    apt-get update
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+    systemctl enable docker
+    systemctl start docker
+
+    log_info "Docker 安装完成"
+}
+
+install_docker() {
+    detect_os
+    log_info "检测到操作系统: $OS"
+
+    case $OS in
+        ubuntu)
+            install_docker_ubuntu
+            ;;
+        debian)
+            install_docker_debian
+            ;;
+        centos)
+            install_docker_centos
+            ;;
+        rhel|rocky|almalinux)
+            install_dockerrocky
+            ;;
+        *)
+            log_error "不支持的操作系统: $OS"
+            log_info "请手动安装 Docker"
+            exit 1
+            ;;
+    esac
+}
+
+install_docker_compose_standalone() {
+    log_info "正在安装 Docker Compose (独立版本)..."
+
+    COMPOSE_URLS=(
+        "https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
+        "https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
+        "https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
+    )
+
+    for url in "${COMPOSE_URLS[@]}"; do
+        log_info "尝试从: $url"
+        if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
+            chmod +x /usr/local/bin/docker-compose
+            log_info "Docker Compose 安装完成"
+            return 0
+        fi
+        log_warn "下载失败，尝试下一个源..."
+    done
+
+    log_error "Docker Compose 安装失败"
+    return 1
+}
+
+install_docker_compose() {
+    if check_command docker && docker compose version >/dev/null 2>&1; then
+        log_info "Docker Compose 插件已可用"
+        return 0
+    fi
+
+    if check_command docker-compose; then
+        log_info "Docker Compose 独立版本已安装"
+        return 0
+    fi
+
+    install_docker_compose_standalone
+}
+
+download_compose_file() {
+    log_info "正在下载 docker-compose.yaml..."
+    mkdir -p "$INSTALL_DIR"
+
+    if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
+        mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
+        log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
+
+        if [ "$CERTD_VERSION" != "latest" ]; then
+            sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
+            log_info "已修改镜像版本为: $CERTD_VERSION"
+        fi
+    else
+        log_error "下载失败，请检查网络连接"
+        exit 1
+    fi
+}
+
+start_certd() {
+    log_info "正在启动 Certd 容器..."
+    cd "$INSTALL_DIR"
+
+    if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
+        log_info "Certd 启动成功!"
+    elif docker-compose -f "$COMPOSE_FILE" up -d; then
+        log_info "Certd 启动成功!"
+    fi
+
+    sleep 2
+    docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+}
+
+show_usage() {
+    echo "用法: $0 [选项]"
+    echo ""
+    echo "选项:"
+    echo "  -v, --version VERSION    指定 Certd 版本 (默认: latest)"
+    echo "  -p, --path PATH          指定安装路径 (默认: /opt/certd)"
+    echo "  -h, --help               显示帮助信息"
+    echo ""
+    echo "示例:"
+    echo "  $0                      # 使用默认配置安装"
+    echo "  $0 -v 1.29.0            # 安装指定版本"
+    echo "  $0 -p /data/certd       # 安装到指定目录"
+}
+
+main() {
+    echo "=========================================="
+    echo "         Certd 一键安装脚本"
+    echo "=========================================="
+    echo ""
+
+    while [[ $# -gt 0 ]]; do
+        case $1 in
+            -v|--version)
+                CERTD_VERSION="$2"
+                shift 2
+                ;;
+            -p|--path)
+                INSTALL_DIR="$2"
+                COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
+                shift 2
+                ;;
+            -h|--help)
+                show_usage
+                exit 0
+                ;;
+            *)
+                log_error "未知选项: $1"
+                show_usage
+                exit 1
+                ;;
+        esac
+    done
+
+    log_info "Certd 版本: $CERTD_VERSION"
+    log_info "安装路径: $INSTALL_DIR"
+    echo ""
+
+    DOCKER_INSTALLED=true
+    COMPOSE_INSTALLED=true
+
+    if ! check_docker; then
+        echo ""
+        log_info "正在安装 Docker..."
+        install_docker
+    fi
+
+    if ! check_docker_compose; then
+        echo ""
+        log_info "正在安装 Docker Compose..."
+        install_docker_compose
+    fi
+
+    download_compose_file
+    start_certd
+
+    show_access_urls
+}
+
+main "$@"
@@ -3,6 +3,25 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Bug Fixes
+
+* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
+* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
+* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
+* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
+* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
+
+### Performance Improvements
+
+* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
+* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
+* 流水线修改编辑之后，增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
+* 修复检查全部某些情况下无效的bug，优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
+* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
+* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Bug Fixes
@@ -1,6 +1,19 @@
 # Docker方式部署

-## 一、安装
+## 一、 一键脚本安装（推荐）
+
+如果您的服务器未安装 Docker，该脚本会自动为您安装 Docker 和 Docker Compose，并启动 Certd 容器。
+
+```bash
+curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
+```
+
+> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。    
+> 如需指定版本，可使用参数：`-v 1.29.0`    
+> 如需指定数据保存路径，可使用参数：`-p /data/certd`   
+
+
+## 二、手动安装

 ### 1. 环境准备

@@ -36,45 +36,48 @@
 | 32.| **Gcore** | Gcore | 
 | 33.| **Github授权** |  | 
 | 34.| **godaddy授权** |  | 
-| 35.| **金山云授权** |  | 
-| 36.| **FTP授权** |  | 
-| 37.| **七牛OSS授权** |  | 
-| 38.| **腾讯云COS授权** | 腾讯云对象存储授权，包含地域和存储桶 | 
-| 39.| **s3/minio授权** | S3/minio oss授权 | 
-| 40.| **namesilo授权** |  | 
-| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 | 
-| 42.| **1panel授权** | 账号和密码 | 
-| 43.| **支付宝** |  | 
-| 44.| **白山云授权** |  | 
-| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | 
-| 46.| **cdnfly授权** |  | 
-| 47.| **k8s授权** |  | 
-| 48.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
-| 49.| **LeCDN授权** |  | 
-| 50.| **lucky** |  | 
-| 51.| **猫云授权** |  | 
-| 52.| **plesk授权** |  | 
-| 53.| **长亭雷池授权** |  | 
-| 54.| **群晖登录授权** |  | 
-| 55.| **uniCloud** | unicloud授权 | 
-| 56.| **微信支付** |  | 
-| 57.| **易盾rcdn授权** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
-| 58.| **易发云短信** | sms.yfyidc.cn/ | 
-| 59.| **易盾DCDN授权** | https://user.yiduncdn.com | 
-| 60.| **易支付** |  | 
-| 61.| **proxmox** |  | 
-| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 | 
-| 63.| **UCloud授权** | 优刻得授权 | 
-| 64.| **又拍云** |  | 
-| 65.| **网宿授权** |  | 
-| 66.| **西部数码授权** |  | 
-| 67.| **我爱云授权** | 我爱云CDN | 
-| 68.| **新网授权（代理方式）** |  | 
-| 69.| **新网授权** |  | 
-| 70.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
-| 71.| **Zenlayer授权** | Zenlayer授权 | 
-| 72.| **GoEdge授权** |  | 
-| 73.| **雨云授权** | https://app.rainyun.com/ | 
+| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 | 
+| 36.| **金山云授权** |  | 
+| 37.| **FTP授权** |  | 
+| 38.| **七牛OSS授权** |  | 
+| 39.| **腾讯云COS授权** | 腾讯云对象存储授权，包含地域和存储桶 | 
+| 40.| **s3/minio授权** | S3/minio oss授权 | 
+| 41.| **namesilo授权** |  | 
+| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 | 
+| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager，并为代理主机证书部署提供授权。 | 
+| 44.| **1panel授权** | 账号和密码 | 
+| 45.| **支付宝** |  | 
+| 46.| **白山云授权** |  | 
+| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | 
+| 48.| **cdnfly授权** |  | 
+| 49.| **k8s授权** |  | 
+| 50.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
+| 51.| **LeCDN授权** |  | 
+| 52.| **lucky** |  | 
+| 53.| **猫云授权** |  | 
+| 54.| **plesk授权** |  | 
+| 55.| **长亭雷池授权** |  | 
+| 56.| **群晖登录授权** |  | 
+| 57.| **uniCloud** | unicloud授权 | 
+| 58.| **微信支付** |  | 
+| 59.| **易盾rcdn授权** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
+| 60.| **易发云短信** | sms.yfyidc.cn/ | 
+| 61.| **易盾DCDN授权** | https://user.yiduncdn.com | 
+| 62.| **易支付** |  | 
+| 63.| **proxmox** |  | 
+| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 | 
+| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 | 
+| 66.| **UCloud授权** | 优刻得授权 | 
+| 67.| **又拍云** |  | 
+| 68.| **网宿授权** |  | 
+| 69.| **西部数码授权** |  | 
+| 70.| **我爱云授权** | 我爱云CDN | 
+| 71.| **新网授权（代理方式）** |  | 
+| 72.| **新网授权** |  | 
+| 73.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
+| 74.| **Zenlayer授权** | Zenlayer授权 | 
+| 75.| **GoEdge授权** |  | 
+| 76.| **雨云授权** | https://app.rainyun.com/ | 

 <style module>
 table th:first-of-type {
@@ -1,5 +1,5 @@
 # 任务插件
-共 `129` 款任务插件    
+共 `130` 款任务插件    
 ## 1. 证书申请

 | 序号 | 名称 | 说明 |
@@ -58,25 +58,26 @@
 | 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 | 
 | 4.| **飞牛NAS-部署证书** |  | 
 | 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 | 
-| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 | 
-| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 | 
-| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 | 
-| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF | 
-| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 | 
-| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 | 
-| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书，目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 | 
-| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s | 
-| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress | 
-| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret | 
-| 16.| **lucky-更新Lucky证书** |  | 
-| 17.| **Plesk-部署Plesk网站证书** |  | 
-| 18.| **Plesk-更新证书** | 不会创建新证书记录，直接更新旧的证书 | 
-| 19.| **雷池-更新证书（支持控制台和防护应用）** | 更新长亭雷池WAF的证书，支持更新控制台和防护应用的证书。 | 
-| 20.| **群晖-部署证书到群晖面板** | Synology，支持6.x以上版本 | 
-| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效，需要在失效之前登录一次，刷新有效期，您可以将其放在“部署到群晖面板”任务之后 | 
-| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 | 
-| 23.| **Proxmox-上传证书到Proxmox** |  | 
-| 24.| **威联通-部署证书到威联通** | 部署证书到qnap | 
+| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager，并绑定到所选主机。 | 
+| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 | 
+| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 | 
+| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 | 
+| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF | 
+| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 | 
+| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 | 
+| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书，目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 | 
+| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s | 
+| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress | 
+| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret | 
+| 17.| **lucky-更新Lucky证书** |  | 
+| 18.| **Plesk-部署Plesk网站证书** |  | 
+| 19.| **Plesk-更新证书** | 不会创建新证书记录，直接更新旧的证书 | 
+| 20.| **雷池-更新证书（支持控制台和防护应用）** | 更新长亭雷池WAF的证书，支持更新控制台和防护应用的证书。 | 
+| 21.| **群晖-部署证书到群晖面板** | Synology，支持6.x以上版本 | 
+| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效，需要在失效之前登录一次，刷新有效期，您可以将其放在“部署到群晖面板”任务之后 | 
+| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 | 
+| 24.| **Proxmox-上传证书到Proxmox** |  | 
+| 25.| **威联通-部署证书到威联通** | 部署证书到qnap | 
 ## 5. 阿里云

 | 序号 | 名称 | 说明 |
@@ -13,17 +13,19 @@
 | 9.| **cloudflare** | cloudflare dns provider | 
 | 10.| **dns.la** | dns.la | 
 | 11.| **godaddy** | GoDaddy | 
-| 12.| **华为云** | 华为云DNS解析提供商 | 
-| 13.| **namesilo** | namesilo dns provider | 
-| 14.| **雨云** | 雨云DNS解析提供商 | 
-| 15.| **腾讯云** | 腾讯云域名DNS解析提供者 | 
-| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 | 
-| 17.| **西部数码** | west dns provider | 
-| 18.| **Dns提供商Demo** | dns provider示例 | 
-| 19.| **彩虹DNS** | 彩虹DNS管理系统 | 
-| 20.| **Spaceship** | Spaceship 域名解析 | 
-| 21.| **51dns** | 51DNS | 
-| 22.| **新网互联** | 新网互联 | 
+| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 | 
+| 13.| **华为云** | 华为云DNS解析提供商 | 
+| 14.| **namesilo** | namesilo dns provider | 
+| 15.| **雨云** | 雨云DNS解析提供商 | 
+| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 | 
+| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 | 
+| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 | 
+| 19.| **西部数码** | west dns provider | 
+| 20.| **Dns提供商Demo** | dns provider示例 | 
+| 21.| **彩虹DNS** | 彩虹DNS管理系统 | 
+| 22.| **Spaceship** | Spaceship 域名解析 | 
+| 23.| **51dns** | 51DNS | 
+| 24.| **新网互联** | 新网互联 | 

 <style module>
 table th:first-of-type {
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.39.9"
+  "version": "1.39.10"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/publishlab/node-acme-client/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.39.9](https://github.com/publishlab/node-acme-client/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.39.9",
+    "version": "1.39.10",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.39.9",
+        "@certd/basic": "^1.39.10",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+    "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -21,7 +21,8 @@ const defaultOpts = {
    },
    challengeRemoveFn: async () => {
        throw new Error("Missing challengeRemoveFn()");
-    }
+    },
+    waitDnsDiffuseTime: 30,
 };

 /**
@@ -577,7 +577,7 @@ class AcmeClient {

        const verifyFn = async (abort) => {
            if (this.opts.signal && this.opts.signal.aborted) {
-                abort();
+                abort(true);
                throw new CancelError('用户取消');
            }

@@ -50,15 +50,18 @@ class Backoff {

 async function retryPromise(fn, attempts, backoff, logger = log) {
    let aborted = false;
+    let abortedFromUser = false;

    try {
-        const setAbort = () => { aborted = true; }
+        const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
        const data = await fn(setAbort);
        return data;
    }
    catch (e) {
        if (aborted){
-            logger(`用户取消重试`);
+            if (abortedFromUser){
+                logger(`用户取消重试`);
+            }
            throw e;
        }
        if ( ((backoff.attempts + 1) >= attempts)) {
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
    preferredChain?: string;
    signal?: AbortSignal;
    profile?:string;
+    waitDnsDiffuseTime?: number;
 }

 export class Client {
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Performance Improvements
+
+* 流水线修改编辑之后，增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Performance Improvements
@@ -1 +1 @@
-01:21
+23:43
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -47,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -126,7 +126,7 @@ export function createAxiosService({ logger }: { logger: ILogger }) {
      if (config.skipSslVerify || config.httpProxy) {
        let rejectUnauthorized = true;
        if (config.skipSslVerify) {
-          logger.info("跳过SSL验证");
+          logger.info("忽略接口请求的SSL校验");
          rejectUnauthorized = false;
        }
        const proxy: any = {};
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Performance Improvements
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.9",
-    "@certd/plus-core": "^1.39.9",
+    "@certd/basic": "^1.39.10",
+    "@certd/plus-core": "^1.39.10",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
    }
    throw new Error(`action ${req.action} not found`);
  }
+
+  normalizeEndpoint(endpoint: string) {
+    return endpoint.replace(/\/$/, "");
+  }
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.39.9",
+  "version": "1.39.10",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,7 +18,7 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.9",
+    "@certd/basic": "^1.39.10",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -33,5 +33,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Bug Fixes
+
+* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.39.9",
+  "version": "1.39.10",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.39.9",
-    "@certd/basic": "^1.39.9",
-    "@certd/pipeline": "^1.39.9",
-    "@certd/plugin-lib": "^1.39.9",
-    "@certd/plus-core": "^1.39.9",
+    "@certd/acme-client": "^1.39.10",
+    "@certd/basic": "^1.39.10",
+    "@certd/pipeline": "^1.39.10",
+    "@certd/plugin-lib": "^1.39.10",
+    "@certd/plus-core": "^1.39.10",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.39.9",
+  "version": "1.39.10",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.39.9",
-    "@certd/basic": "^1.39.9",
-    "@certd/pipeline": "^1.39.9",
-    "@certd/plugin-lib": "^1.39.9",
+    "@certd/acme-client": "^1.39.10",
+    "@certd/basic": "^1.39.10",
+    "@certd/pipeline": "^1.39.10",
+    "@certd/plugin-lib": "^1.39.10",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -38,5 +38,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Performance Improvements
+
+* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.39.9",
+  "version": "1.39.10",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.39.9",
-    "@certd/basic": "^1.39.9",
-    "@certd/pipeline": "^1.39.9",
-    "@certd/plus-core": "^1.39.9",
+    "@certd/acme-client": "^1.39.10",
+    "@certd/basic": "^1.39.10",
+    "@certd/pipeline": "^1.39.10",
+    "@certd/plus-core": "^1.39.10",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
+  "gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
 }
@@ -135,7 +135,12 @@ export class CertReader {
  }

  static readCertDetail(crt: string) {
-    const detail = crypto.readCertificateInfo(crt.toString());
+    let detail: CertificateInfo;
+    try {
+      detail = crypto.readCertificateInfo(crt.toString());
+    } catch (e) {
+      throw new Error("证书解析失败:" + e.message + "（请确定证书格式，是否与私钥搞反？）");
+    }
    const effective = detail.notBefore;
    const expires = detail.notAfter;
    const fingerprints = CertReader.getFingerprintX509(crt);
@@ -3,6 +3,23 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Bug Fixes
+
+* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
+* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
+* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
+* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
+
+### Performance Improvements
+
+* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
+* 流水线修改编辑之后，增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
+* 修复检查全部某些情况下无效的bug，优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
+* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
+* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.39.9",
+  "version": "1.39.10",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.39.9",
-    "@certd/pipeline": "^1.39.9",
+    "@certd/lib-iframe": "^1.39.10",
+    "@certd/pipeline": "^1.39.10",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -13,13 +13,11 @@
 </template>

 <script lang="ts" setup>
-import parser from "cron-parser";
 import { computed, ref } from "vue";
-import dayjs from "dayjs";
 import { useI18n } from "vue-i18n";
+import { getCronNextTimes } from "/@/components/cron-editor/utils";

 const { t } = useI18n();
-import { getCronNextTimes } from "/@/components/cron-editor/utils";
 defineOptions({
  name: "CronEditor",
 });
@@ -1,5 +1,5 @@
 <template>
-  <a-select :value="value" @update:value="onChange">
+  <a-select :value="value" :filter-option="true" @update:value="onChange">
    <a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
      <span class="flex-o">
        <fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
@@ -1,5 +1,5 @@
 <template>
-  <icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
+  <icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
 </template>

 <script lang="ts">
@@ -2,7 +2,7 @@
  <div class="domains-verify-plan-editor" :class="{ fullscreen }">
    <div class="fullscreen-modal" @click="fullscreenExit"></div>
    <div class="plan-wrapper">
-      <div class="plan-box">
+      <div class="plan-box bg-white dark:bg-neutral-700">
        <div class="fullscreen-button pointer flex-center" @click="fullscreen = !fullscreen">
          <span v-if="!fullscreen" style="font-size: 10px" class="flex-center">
            这里可以放大
@@ -273,7 +273,7 @@ watch(
    left: 0;
    width: 100%;
    height: 100%;
-    background-color: rgba(74, 74, 74, 0.78);
+    // background-color: rgba(74, 74, 74, 0.78);
    z-index: 1000;
    margin: auto;
    display: flex;
@@ -287,7 +287,6 @@ watch(
      .plan-box {
        position: relative;
        margin: auto;
-        background-color: #fff;
      }
    }

@@ -315,7 +314,7 @@ watch(
    height: 100%;
    //table-layout: fixed;
    th {
-      background-color: #f5f5f5;
+      // background-color: #f5f5f5;
      border-top: 1px solid #e8e8e8;
      border-left: 1px solid #e8e8e8;
      border-bottom: 1px solid #e8e8e8;
@@ -33,7 +33,7 @@ export default {
    async function onCreate() {
      await pluginStore.init();
      options.value = pluginStore.group.getPreStepOutputOptions({
-        pipeline: pipeline.value,
+        pipeline: pipeline?.value,
        currentStageIndex: currentStageIndex.value,
        currentTaskIndex: currentTaskIndex.value,
        currentStepIndex: currentStepIndex.value,
@@ -130,4 +130,16 @@ button.ant-btn.ant-btn-default.isPlus{
    background-color: rgba(50, 54, 57, 0.04);
    box-shadow: none;
  }
+}
+
+.dark{
+  button.ant-btn.ant-btn-default.isPlus{
+  color: #c5913f;
+  border: 1px solid #c5913f;
+
+    &:disabled {
+      border-color: hsl(0, 0%, 31%);
+      color: rgba(233, 233, 233, 0.25);
+    }
+  }
 }
@@ -131,7 +131,7 @@ const userStore = useUserStore();
 const projectStore = useProjectStore();
 async function emitValue(value: any) {
  // target.value = optionsDictRef.dataMap[value];
-  if (pipeline.value) {
+  if (pipeline?.value) {
    const userId = userStore.userInfo.id;
    const isEnterprice = projectStore.isEnterprise;
    if (isEnterprice) {
@@ -99,3 +99,11 @@ export async function SyncExpirationStatus() {
    method: "post",
  });
 }
+
+export async function IsSubdomain(body: any) {
+  return await request({
+    url: apiPrefix + "/isSubdomain",
+    method: "post",
+    data: body,
+  });
+}
@@ -52,6 +52,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  });

  const openDomainImportManageDialog = useDomainImportManage();
+
+  const subdomainConfirmed = ref(false);
  return {
    crudOptions: {
      settings: {
@@ -85,10 +87,29 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
        fixed: "right",
      },
      form: {
-        beforeSubmit({ form }) {
+        async beforeSubmit({ form }) {
          if (form.challengeType === "cname") {
            throw new Error("CNAME方式请前往CNAME记录页面进行管理");
          }
+          if (form.challengeType === "dns") {
+            const isSubdomain = await api.IsSubdomain({ domain: form.domain });
+            if (isSubdomain && !subdomainConfirmed.value) {
+              Modal.confirm({
+                title: "子域名确认",
+                content: `检测到${form.domain}为子域名，只有托管子域名和免费二级子域名才需要在此处维护，否则会导致申请证书失败，请确认是否继续？`,
+                okText: "确认",
+                okType: "danger",
+                onOk: () => {
+                  subdomainConfirmed.value = true;
+                  crudExpose.getFormWrapperRef().submit();
+                },
+              });
+              return false;
+            }
+          }
+        },
+        afterSubmit({ form }) {
+          subdomainConfirmed.value = false;
        },
      },
      actionbar: {
@@ -163,6 +184,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          },
          form: {
            required: true,
+            helper: "注意：DNS校验方式下，子域名不需要在此处维护，否则会影响证书申请（子域名托管或免费二级域名除外）",
          },
          editForm: {
            component: {
@@ -346,12 +346,13 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            width: 230,
            sorter: true,
            cellRender({ value, row }) {
-              const url = `https://${value}:${row.httpsPort}`;
+              const domainPort = value + ":" + row.httpsPort;
+              const url = `https://${domainPort}`;
              return (
-                <a-tooltip title={value} placement="left">
-                  <fs-copyable modelValue={value}>
+                <a-tooltip title={domainPort} placement="left">
+                  <fs-copyable modelValue={domainPort} title={domainPort}>
                    <a target="_blank" href={url}>
-                      {value}:{row.httpsPort}
+                      {domainPort}
                    </a>
                  </fs-copyable>
                </a-tooltip>
@@ -8,7 +8,6 @@
 import { onActivated, onMounted, ref, Ref } from "vue";
 import { useFs } from "@fast-crud/fast-crud";
 import createCrudOptions from "./crud";
-import { siteIpApi } from "./api";

 defineOptions({
  name: "SiteIpCertMonitor",
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
  },
 });

-const siteInfoRef: Ref<any> = ref({});
-onMounted(async () => {
-  siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
-});
-
 // 页面打开后获取列表数据
 onMounted(() => {
  crudExpose.doRefresh();
@@ -24,6 +24,9 @@
    </a-tabs>
    <template #footer>
      <fs-button v-if="settingsStore.sysPublic.aiChatEnabled !== false" key="aiChat" :tooltip="{ title: 'AI分析异常' }" type="primary" icon="ion:color-wand-outline" @click="taskModal.onAiChat">AI分析</fs-button>
+      <!-- <fs-button v-if="!settingsStore.isComm && currentStatus === 'error'" key="1v1" :tooltip="{ title: '升级专业版，获得一对一分析服务，为您排忧解难' }" class="isPlus" icon="imingcute:vip-1-line" @click="callService">
+        呼叫专家
+      </fs-button> -->
      <fs-button key="rerun" type="primary" :tooltip="{ title: '强制重新执行此步骤' }" text="重新运行" icon="icon-park-outline:replay-music" @click="triggerRun(activeKey)"></fs-button>
      <fs-button key="downloadLogs" type="primary" :tooltip="{ title: '当前任务日志下载' }" icon="ion:arrow-down-circle-outline" @click="taskModal.onDownloadLogs">下载日志</fs-button>
      <fs-button key="cancel" :tooltip="{ title: '关闭窗口' }" icon="ion:close-circle-outline" @click="taskModal.onOk">关闭</fs-button>
@@ -39,6 +42,7 @@ import PiStatusShow from "/@/views/certd/pipeline/pipeline/component/status-show
 import { usePreferences } from "/@/vben/preferences";
 import { useSettingStore } from "/@/store/settings/index";
 import { notification } from "ant-design-vue";
+import { mitter } from "/@/utils/util.mitt";
 export default {
  name: "PiTaskView",
  components: { PiStatusShow },
@@ -196,6 +200,19 @@ export default {
      taskModal.value.open = false;
    }

+    const currentNode = computed(() => {
+      return detail.value?.nodes?.find(item => item.node.id === activeKey.value);
+    });
+    const currentStatus = computed(() => {
+      return currentNode.value?.node?.status?.result || "";
+    });
+
+    function callService() {
+      if (!settingsStore.isPlus) {
+        mitter.emit("openVipModal");
+      }
+    }
+
    const settingsStore = useSettingStore();
    return {
      detail,
@@ -206,6 +223,9 @@ export default {
      tabPosition,
      triggerRun,
      settingsStore,
+      currentNode,
+      currentStatus,
+      callService,
    };
  },
 };
@@ -334,7 +334,7 @@ import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/@/locales";
 import TriggerIcon from "./component/trigger-icon.vue";
 import { useCrudPermission } from "/@/plugin/permission";
-
+import { onBeforeRouteLeave } from "vue-router";
 export default defineComponent({
  name: "PipelineEdit",
  // eslint-disable-next-line vue/no-unused-components
@@ -372,10 +372,22 @@ export default defineComponent({
  },
  emits: ["update:modelValue", "update:editMode"],
  setup(props, ctx) {
+    onBeforeRouteLeave((to, from) => {
+      const newPipelineStr = JSON.stringify(pipeline.value || {});
+      if (pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
+        const answer = window.confirm("流水线还未保存，确定要离开吗？");
+        if (!answer) {
+          return false; // 返回 false 即可阻止本次路由跳转
+        }
+        return true;
+      }
+    });
+
    const { t } = useI18n();
    //右侧选中的pipeline
    const currentPipeline: Ref<any> = ref({});
    const pipeline: Ref<any> = ref({});
+    const pipelineOriginStr = ref("");
    const pipelineDetail: Ref<any> = ref({});
    const histories: Ref<RunHistory[]> = ref([]);

@@ -423,6 +435,7 @@ export default defineComponent({
      await loadCurrentHistoryDetail();
      pipeline.value = currentHistory.value.pipeline;
      currentPipeline.value = currentHistory.value.pipeline;
+      pipelineOriginStr.value = JSON.stringify(pipeline.value);
    };

    async function loadHistoryList(reload = false, historyId: number = null) {
@@ -880,6 +893,7 @@ export default defineComponent({
              pipeline.value.version = version;
              currentPipeline.value.version = version;
            }
+            pipelineOriginStr.value = JSON.stringify(pipeline.value);
          }
          if (offEdit) {
            toggleEditMode(false);
@@ -238,10 +238,14 @@ const avatar = computed(() => {
  }
  return `/api/basic/file/download?key=${avt}`;
 });
+const dateNow = ref(Date.now());
 const now = computed(() => {
-  const serverTime = Date.now() - settingStore.app.deltaTime;
+  const serverTime = dateNow.value - settingStore.app.deltaTime;
  return dayjs(serverTime).format("YYYY-MM-DD HH:mm:ss");
 });
+setInterval(() => {
+  dateNow.value = Date.now();
+}, 5000);

 const deltaTimeWarning = computed(() => {
  return Math.abs(settingStore.app.deltaTime) > 1000 * 60 * 4;
@@ -172,7 +172,7 @@ export default function ({ crudExpose }: CreateCrudOptionsProps): CreateCrudOpti
                width: "auto",
              },
              buildUrl(key: string) {
-                return `api/basic/file/download?&key=` + key;
+                return `api/basic/file/download?token=${userStore.getToken}&key=` + key;
              },
            },
          },
@@ -188,7 +188,7 @@ export default function ({ crudExpose }: CreateCrudOptionsProps): CreateCrudOpti
              onReady: null,
              uploader: {
                type: "form",
-                action: "/basic/file/upload",
+                action: "/basic/file/upload?token=" + userStore.getToken,
                name: "file",
                headers: {
                  Authorization: "Bearer " + userStore.getToken,
@@ -2,7 +2,7 @@
 import { request } from "/src/api/service";
 const apiPrefix = "/sys/site";

-export async function SettingsGet(key: string) {
+export async function SettingsGet() {
  return await request({
    url: apiPrefix + "/get",
    method: "post",
@@ -88,7 +88,7 @@ const onFinish = async (form: any) => {
 const userStore = useUserStore();
 const uploaderConfig = ref({
  type: "form",
-  action: "/basic/file/upload",
+  action: "/basic/file/upload?token=" + userStore.getToken,
  name: "file",
  headers: {
    Authorization: "Bearer " + userStore.getToken,
@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
+
+### Bug Fixes
+
+* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
+* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
+
+### Performance Improvements
+
+* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
+* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
+* 流水线修改编辑之后，增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
+* 修复检查全部某些情况下无效的bug，优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
+* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
+
 ## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)

 ### Bug Fixes
@@ -17,6 +17,18 @@ input:
      apiKey
    required: true
    encrypt: true
+  version:
+    title: 版本
+    component:
+      name: a-select
+      options:
+        - label: v3.x
+          value: '3'
+        - label: v2.x
+          value: '2'
+    helper: apisix系统的版本
+    value: '3'
+    required: true
  testRequest:
    title: 测试
    component:
@@ -0,0 +1,27 @@
+name: hipmdnsmgr
+title: HiPM DNSMgr
+icon: svg:icon-dns
+desc: HiPM DNSMgr API Token 授权
+input:
+  endpoint:
+    title: 服务器地址
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: http://localhost:3001
+    required: true
+    helper: 'HiPM DNSMgr 服务器地址，例如: http://localhost:3001'
+  apiToken:
+    title: API Token
+    required: true
+    encrypt: true
+    helper: 在 DNSMgr 设置 > API Token 中创建的令牌
+  testRequest:
+    title: 测试连接
+    component:
+      name: api-test
+      action: TestRequest
+    helper: 点击测试接口是否正常
+pluginType: access
+type: builtIn
+scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
@@ -0,0 +1,53 @@
+name: nginxProxyManager
+title: Nginx Proxy Manager 授权
+desc: 用于登录 Nginx Proxy Manager，并为代理主机证书部署提供授权。
+icon: logos:nginx
+input:
+  endpoint:
+    title: NPM 地址
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: https://npm.example.com
+    helper: 请输入 Nginx Proxy Manager 根地址，不要带 /api 后缀。
+    required: true
+  email:
+    title: 邮箱
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: admin@example.com
+    required: true
+  password:
+    title: 密码
+    component:
+      name: a-input-password
+      allowClear: true
+      placeholder: 请输入密码
+    required: true
+    encrypt: true
+  totpSecret:
+    title: TOTP 密钥
+    component:
+      name: a-input-password
+      allowClear: true
+      placeholder: Optional base32 TOTP secret
+    helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
+    required: false
+    encrypt: true
+  ignoreTls:
+    title: 忽略无效 TLS
+    component:
+      name: a-switch
+      vModel: checked
+    helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
+    required: false
+  testRequest:
+    title: 测试
+    component:
+      name: api-test
+      action: onTestRequest
+    helper: 测试登录并拉取代理主机列表。
+pluginType: access
+type: builtIn
+scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
@@ -23,7 +23,7 @@ input:
    component:
      name: api-test
      action: TestRequest
-    helper: 测试 API 连接是否正常
+    helper: 测试 API 连接是否正常，需要域名查询权限
 pluginType: access
 type: builtIn
 scriptFilePath: /plugins/plugin-spaceship/access.js
@@ -62,8 +62,8 @@ input:
  pty:
    title: 伪终端
    helper: >-
-      如果登录报错：all authentication methods
-      failed，可以尝试开启伪终端模式进行keyboard-interactive方式登录
+      如果登录报错：all authentication methods failed / unable to
+      exec，可以尝试开启伪终端模式进行keyboard-interactive方式登录

      开启后对日志输出有一定的影响
    component:
@@ -0,0 +1,38 @@
+name: technitium
+title: Technitium DNS Server
+icon: clarity:server-line
+desc: Technitium DNS Server 自建DNS服务器授权
+input:
+  apiUrl:
+    title: API地址
+    value: http://localhost:5380
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: http://localhost:5380
+    required: true
+  username:
+    title: 用户名
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: admin
+    required: false
+  password:
+    title: 密码
+    component:
+      name: a-input
+      type: password
+      allowClear: true
+      placeholder: 密码
+    required: false
+    encrypt: true
+  testRequest:
+    title: 测试
+    component:
+      name: api-test
+      action: TestRequest
+    helper: 点击测试接口是否正常
+pluginType: access
+type: builtIn
+scriptFilePath: /plugins/plugin-technitium/access.js
@@ -72,6 +72,22 @@ input:
              
    helper: 要更新的1Panel证书的节点信息，目前只有v2存在此概念
    order: 0
+  sslMode:
+    title: SSL模式
+    helper: SSL模式，只有2.1.x以上版本才支持，旧版本保持默认即可
+    component:
+      name: a-select
+      vMode: value
+      options:
+        - label: 启用SSL(旧版本)
+          value: enable
+        - label: Strict模式(>=2.1.x)
+          value: Enable
+        - label: Mux模式(>=2.1.x)
+          value: Mux
+    value: enable
+    required: true
+    order: 0
 output: {}
 pluginType: deploy
 type: builtIn
@@ -88,6 +88,7 @@ input:
        - certDomains
        - accessId
        - accessId
+      uploadCert: {}
    required: true
    mergeScript: |2-

@@ -0,0 +1,71 @@
+showRunStrategy: false
+default:
+  strategy:
+    runStrategy: 1
+name: NginxProxyManagerDeploy
+title: Nginx Proxy Manager-部署到主机
+desc: 上传自定义证书到 Nginx Proxy Manager，并绑定到所选主机。
+icon: logos:nginx
+group: panel
+input:
+  cert:
+    title: 域名证书
+    helper: 请选择前置任务产出的证书。
+    component:
+      name: output-selector
+      from:
+        - ':cert:'
+    required: true
+    order: 0
+  certDomains:
+    title: 证书域名
+    component:
+      name: cert-domains-getter
+    required: false
+    order: 0
+  accessId:
+    title: NPM授权
+    component:
+      name: access-selector
+      type: nginxProxyManager
+    helper: 选择用于部署的 Nginx Proxy Manager 授权。
+    required: true
+    order: 0
+  proxyHostIds:
+    title: 代理主机
+    component:
+      name: remote-select
+      vModel: value
+      mode: tags
+      type: plugin
+      action: onGetProxyHostOptions
+      search: true
+      pager: false
+      multi: true
+      watches:
+        - certDomains
+        - accessId
+    helper: 选择要绑定此证书的一个或多个代理主机。
+    required: true
+    order: 0
+  certificateLabel:
+    title: 证书标识
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: certd_npm_example_com
+    helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
+    required: false
+    order: 0
+  cleanupMatchingCertificates:
+    title: 自动清理未使用证书
+    component:
+      name: a-switch
+      vModel: checked
+    helper: 部署成功后，自动删除除当前证书外所有未被任何主机引用的证书。
+    required: false
+    order: 0
+output: {}
+pluginType: deploy
+type: builtIn
+scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
@@ -0,0 +1,8 @@
+name: hipmdnsmgr
+title: HiPM DNSMgr
+desc: HiPM DNSMgr DNS 解析提供商
+accessType: hipmdnsmgr
+icon: svg:icon-dns
+pluginType: dnsProvider
+type: builtIn
+scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
@@ -0,0 +1,9 @@
+name: technitium
+title: Technitium DNS Server
+desc: Technitium DNS Server 自建DNS服务器
+icon: clarity:server-line
+accessType: technitium
+order: 10
+pluginType: dnsProvider
+type: builtIn
+scriptFilePath: /plugins/plugin-technitium/dns-provider.js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.39.9",
+  "version": "1.39.10",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -50,20 +50,20 @@
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
    "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.39.9",
-    "@certd/basic": "^1.39.9",
-    "@certd/commercial-core": "^1.39.9",
+    "@certd/acme-client": "^1.39.10",
+    "@certd/basic": "^1.39.10",
+    "@certd/commercial-core": "^1.39.10",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.39.9",
-    "@certd/lib-huawei": "^1.39.9",
-    "@certd/lib-k8s": "^1.39.9",
-    "@certd/lib-server": "^1.39.9",
-    "@certd/midway-flyway-js": "^1.39.9",
-    "@certd/pipeline": "^1.39.9",
-    "@certd/plugin-cert": "^1.39.9",
-    "@certd/plugin-lib": "^1.39.9",
-    "@certd/plugin-plus": "^1.39.9",
-    "@certd/plus-core": "^1.39.9",
+    "@certd/jdcloud": "^1.39.10",
+    "@certd/lib-huawei": "^1.39.10",
+    "@certd/lib-k8s": "^1.39.10",
+    "@certd/lib-server": "^1.39.10",
+    "@certd/midway-flyway-js": "^1.39.10",
+    "@certd/pipeline": "^1.39.10",
+    "@certd/plugin-cert": "^1.39.10",
+    "@certd/plugin-lib": "^1.39.10",
+    "@certd/plugin-plus": "^1.39.10",
+    "@certd/plus-core": "^1.39.10",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -3,6 +3,7 @@ import { Constants, CrudController } from '@certd/lib-server';
 import { DomainService } from "../../../modules/cert/service/domain-service.js";
 import { checkPlus } from '@certd/plus-core';
 import { ApiTags } from '@midwayjs/swagger';
+import { parseDomainByPsl } from '@certd/plugin-lib';

 /**
 * 授权
@@ -187,4 +188,12 @@ export class DomainController extends CrudController<DomainService> {
    return this.ok(setting);
  }

+  @Post('/isSubdomain', { description: Constants.per.authOnly, summary: "判断是否为子域名" })
+  async isSubdomain(@Body(ALL) body: any) {
+    const { domain } = body;
+    const parsed = parseDomainByPsl(domain)
+    const mainDomain = parsed.domain || ''
+    return this.ok(mainDomain !== domain);
+  }
+
 }
@@ -121,7 +121,7 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/checkAll', { description: Constants.per.authOnly, summary: "检查所有站点监控" })
  async checkAll() {
    const { projectId, userId } = await this.getProjectUserIdWrite()
-    await this.service.checkAllByUsers(userId,projectId);
+    this.service.triggerJobOnce(userId,projectId);
    return this.ok();
  }

@@ -1,17 +1,18 @@
-import {Autoload, Config, Init, Inject, Scope, ScopeEnum} from '@midwayjs/core';
-import {PipelineService} from '../pipeline/service/pipeline-service.js';
-import {logger} from '@certd/basic';
-import {SysSettingsService, SysSiteInfo} from '@certd/lib-server';
-import {SiteInfoService} from '../monitor/index.js';
-import {Cron} from '../cron/cron.js';
-import {UserSettingsService} from "../mine/service/user-settings-service.js";
-import {UserSiteMonitorSetting} from "../mine/service/models.js";
-import {getPlusInfo, isPlus} from "@certd/plus-core";
+import { logger } from '@certd/basic';
+import { SysSettingsService, SysSiteInfo } from '@certd/lib-server';
+import { getPlusInfo, isPlus } from "@certd/plus-core";
+import { Autoload, Config, Init, Inject, Scope, ScopeEnum } from '@midwayjs/core';
 import dayjs from "dayjs";
-import {NotificationService} from "../pipeline/service/notification-service.js";
-import {UserService} from "../sys/authority/service/user-service.js";
-import {Between} from "typeorm";
+import { Between } from "typeorm";
 import { DomainService } from '../cert/service/domain-service.js';
+import { Cron } from '../cron/cron.js';
+import { UserSiteMonitorSetting } from "../mine/service/models.js";
+import { UserSettingsService } from "../mine/service/user-settings-service.js";
+import { SiteInfoService } from '../monitor/index.js';
+import { NotificationService } from "../pipeline/service/notification-service.js";
+import { PipelineService } from '../pipeline/service/pipeline-service.js';
+import { UserService } from "../sys/authority/service/user-service.js";
+import { ProjectService } from '../sys/enterprise/service/project-service.js';

@Autoload()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
@@ -47,6 +48,9 @@ export class AutoCRegisterCron {

  @Inject()
  domainService: DomainService;
+  @Inject()
+  projectService: ProjectService;
+


  @Init()
@@ -72,9 +76,23 @@ export class AutoCRegisterCron {

  async registerSiteMonitorCron() {
    //先注册公共job
-    await this.siteInfoService.registerSiteMonitorJob()
+    logger.info(`注册公共站点证书检查定时任务`)
+    const randomMinute = Math.floor(Math.random() * 60)
+    this.cron.register({
+      name: 'siteMonitor',
+      cron: `0 ${randomMinute} 0 * * *`,
+      job:async ()=>{
+        logger.info(`开始公共站点证书检查任务`)
+        await this.siteInfoService.triggerCommonJob()
+        logger.info(`公共站点证书检查任务完成`)
+      },
+    });
+    logger.info(`注册公共站点证书检查定时任务完成`)
+
+

    //注册用户独立的检查时间
+    logger.info(`注册用户独立站点证书检查定时任务`)
    const monitorSettingList = await this.userSettingsService.list({
      query:{
        key: UserSiteMonitorSetting.__key__,
@@ -87,10 +105,11 @@ export class AutoCRegisterCron {
      }
      await this.siteInfoService.registerSiteMonitorJob(item.userId,item.projectId)
    }
+    logger.info(`注册用户独立站点证书检查定时任务完成`)

    if (this.immediateTriggerSiteMonitor) {
-      logger.info(`立即触发一次站点证书检查任务`)
-      await this.siteInfoService.triggerJobOnce()
+      logger.info(`立即触发一次公共站点证书检查任务`)
+      await this.siteInfoService.triggerCommonJob()
    }
  }

@@ -1,5 +1,5 @@
 import {Inject, Provide, Scope, ScopeEnum} from "@midwayjs/core";
-import {BaseService, NeedSuiteException, NeedVIPException, SysSettingsService} from "@certd/lib-server";
+import {BaseService, Constants, NeedSuiteException, NeedVIPException, SysSettingsService} from "@certd/lib-server";
 import {InjectEntityModel} from "@midwayjs/typeorm";
 import {In, Repository} from "typeorm";
 import {SiteInfoEntity} from "../entity/site-info.js";
@@ -19,6 +19,8 @@ import { dnsContainer } from "./dns-custom.js";
 import { merge } from "lodash-es";
 import { JobHistoryService } from "./job-history-service.js";
 import { JobHistoryEntity } from "../entity/job-history.js";
+import { UserService } from "../../sys/authority/service/user-service.js";
+import { ProjectService } from "../../sys/enterprise/service/project-service.js";

@Provide()
@Scope(ScopeEnum.Request, {allowDowngrade: true})
@@ -44,6 +46,10 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  @Inject()
  jobHistoryService: JobHistoryService;

+  @Inject()
+  userService: UserService;
+  @Inject()
+  projectService: ProjectService;

  @Inject()
  cron: Cron;
@@ -353,18 +359,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    }
  }

-  async checkAllByUsers(userId: any,projectId?: number) {
-    if (userId==null) {
-      throw new Error("userId is required");
-    }
-    // const sites = await this.repository.find({
-    //   where: {userId,projectId}
-    // });
-    // this.checkList(sites,false);
-    await this.triggerJobOnce(userId,projectId);
-  }
-
-  async checkList(sites: SiteInfoEntity[],isCommon: boolean) {
+  async checkList(sites: SiteInfoEntity[]) {
    const cache = {}
    const getFromCache = async (userId: number,projectId?: number) =>{
      const key = `${userId}_${projectId??""}`
@@ -377,13 +372,6 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    }
    for (const site of sites) {
      const setting = await getFromCache(site.userId,site.projectId)
-      if (isCommon) {
-        //公共的检查，排除有设置cron的用户
-        if  (setting?.cron) {
-          //设置了cron，跳过公共检查
-          continue;
-        }
-      }
      let retryTimes = setting?.retryTimes
      this.doCheck(site,true,retryTimes).catch(e => {
        logger.error(`检查站点证书失败，${site.domain}`, e.message);
@@ -492,57 +480,73 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  }

  async registerSiteMonitorJob(userId?: number,projectId?: number) {
+    const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,projectId, UserSiteMonitorSetting);
+    if (!setting.cron) {
+      return;
+    }
+    //注册个人的 或项目的
+    this.cron.register({
+      name: `siteMonitor_${userId}_${projectId||""}`,
+      cron: setting.cron,
+      job: () => this.triggerJobOnce(userId,projectId),
+    });
+  }

-    if(userId == null){
-      //注册公共job
-      logger.info(`注册站点证书检查定时任务`)
-      this.cron.register({
-        name: 'siteMonitor',
-        cron: '0 0 0 * * *',
-        job:async ()=>{
-          await this.triggerJobOnce()
-        },
-      });
-      logger.info(`注册站点证书检查定时任务完成`)
-    }else{
-      const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,projectId, UserSiteMonitorSetting);
-      if (!setting.cron) {
-        return;
+  async triggerCommonJob(){
+    //遍历用户
+    const userIds = await this.userService.getAllUserIds()
+    for (const userId of userIds) {
+      const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,null,UserSiteMonitorSetting)
+      if(setting && setting.cron){
+        //该用户有自定义检查时间，跳过公共job
+        continue
      }
-      //注册个人的 或项目的
-      this.cron.register({
-        name: `siteMonitor_${userId}_${projectId||""}`,
-        cron: setting.cron,
-        job: () => this.triggerJobOnce(userId,projectId),
-      });
+      await this.triggerJobOnce(userId)
    }

+    //遍历项目
+    const projectIds = await this.projectService.getAllProjectIds()
+    for (const projectId of projectIds) {
+      const userId = Constants.enterpriseUserId
+      const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,projectId,UserSiteMonitorSetting)
+      if(setting && setting.cron){
+        //该项目有自定义检查时间，跳过公共job
+        continue
+      }
+      await this.triggerJobOnce(userId,projectId)
+    }
  }

  async triggerJobOnce(userId?:number,projectId?:number) {
-    logger.info(`站点证书检查开始执行[${userId??'所有用户'}_${projectId??'所有项目'}]`);
-    const query:any = { disabled: false };
-    let jobEntity :Partial<JobHistoryEntity> = null;
-    if(userId!=null){
-      query.userId = userId;
-      if(projectId){
-        query.projectId = projectId;
-      }
-      //判断是否已关闭
-      const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,projectId, UserSiteMonitorSetting);
-      if (setting && !setting.cron) {
-        return;
-      }
-      jobEntity  =  {
-        userId,
-        projectId,
-        type:"siteCertMonitor",
-        title: '站点证书检查',
-        result:"start",
-        startAt:new Date().getTime(),
-      }
-      await this.jobHistoryService.add(jobEntity);
+    if(userId==null){
+      throw new Error("userId is required");
    }
+    const query:any = { disabled: false };
+    query.userId = userId;
+    if(projectId){
+      query.projectId = projectId;
+    }
+    const siteCount = await this.repository.count({
+      where: query,
+    });
+    if (siteCount === 0) {
+      logger.info(`用户/项目[${userId}_${projectId||""}]没有站点证书需要检查`)
+      return;
+    }
+
+    logger.info(`站点证书检查开始执行[${userId}_${projectId||""}]`);
+    
+    let jobEntity :Partial<JobHistoryEntity> = null;
+    
+    jobEntity  =  {
+      userId,
+      projectId,
+      type:"siteCertMonitor",
+      title: '站点证书检查',
+      result:"start",
+      startAt:new Date().getTime(),
+    }
+    await this.jobHistoryService.add(jobEntity);
    let offset = 0;
    const limit = 50;
    let count = 0;
@@ -557,21 +561,18 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
        break;
      }
      offset += records.length;
-      const isCommon = !userId;
      count += records.length;
-      await this.checkList(records,isCommon);
+      await this.checkList(records);
    }

-    logger.info(`站点证书检查完成[${userId??'所有用户'}_${projectId??'所有项目'}]`);
-    if(jobEntity){
-      await this.jobHistoryService.update({
-        id: jobEntity.id,
-        result: "done",
-        content:`共检查${count}个站点`,
-        endAt:new Date().getTime(),
-        updateTime:new Date(),
-      });
-    }
+    logger.info(`站点证书检查完成[${userId}_${projectId||""}]`);
+    await this.jobHistoryService.update({
+      id: jobEntity.id,
+      result: "done",
+      content:`共检查${count}个站点`,
+      endAt:new Date().getTime(),
+      updateTime:new Date(),
+    });
  }

  async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {
@@ -320,8 +320,6 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
      for (const item of list) {
        await this.add(item);
      }
-
-      // await this.checkAllByUsers(req.userId);
    };
    await batchAdd(list);
  }
@@ -89,24 +89,30 @@ export class SiteTester {
    // 创建 HTTPS 请求
    const requestPromise = safePromise((resolve, reject) => {
      const req = https.request(options, res => {
-        // 获取证书
-        // @ts-ignore
-        const certificate = res.socket.getPeerCertificate();
-        // logger.info('证书信息', certificate);
-        if (certificate.subject == null) {
-          logger.warn("证书信息为空");
-          resolve({
-            certificate: null
-          });
-        }
-        resolve({
-          certificate
-        });
        res.socket.end();
        // 关闭响应
        res.destroy();
      });

+      // ✅ 关键：在 'socket' 事件中获取证书（握手完成后立即执行）
+      req.on('socket', (socket:any) => {
+        socket.on('secureConnect', () => {
+          // TLS握手完成，证书已经可用
+          const certificate = socket.getPeerCertificate();
+          if (certificate.subject) {
+            logger.info('证书获取成功', certificate.subject);
+            resolve({
+              certificate
+            });
+          }else{
+            logger.warn("证书信息为空");
+            resolve({
+              certificate: null
+            });
+          }
+        });
+      });
+
      req.on("error", e => {
        reject(e);
      });
@@ -400,7 +400,15 @@ export class UserService extends BaseService<UserEntity> {
      id: userId,
      ...body,
    })
+  }

-
+  async getAllUserIds() {
+    const users = await this.repository.find({
+      select: ['id'],
+      where: {
+        status: 1,
+      },
+    })
+    return users.map(item => item.id);
  }
 }
@@ -284,4 +284,14 @@ export class ProjectService extends BaseService<ProjectEntity> {
    return project?.isSystem ?? false;
  }

+
+  async getAllProjectIds() {
+    const projects = await this.repository.find({
+      select: ['id'],
+      where: {
+        disabled: false,
+      },
+    })
+    return projects.map(item => item.id);
+  }
 }
@@ -45,4 +45,6 @@
 // export * from './plugin-plus/index.js'
 // export * from './plugin-cert/index.js'
 // export * from './plugin-zenlayer/index.js'
-export * from './plugin-dnsmgr/index.js'
+// export * from './plugin-dnsmgr/index.js'
+// export * from './plugin-nginx-proxy-manager/index.js'
+// export * from './plugin-hipmdnsmgr/index.js'
@@ -100,10 +100,8 @@ export class AliyunDeployCertToESA extends AbstractTaskPlugin {
    helper: "将检查证书数量限制，如果超限将删除最旧的那张证书",
    required: true
  })
-
  certLimit: number = 2;

-
  async onInstance() {
  }

@@ -123,7 +121,7 @@ export class AliyunDeployCertToESA extends AbstractTaskPlugin {
        certId = casCert.certId;
        certName = casCert.certName;
      } else if (certInfo.crt) {
-        certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt));
+        certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt),"certd");

        const certIdRes = await sslClient.uploadCertificate({
          name: certName,
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
  })
  apiKey = '';

+  @AccessInput({
+    title: '版本',
+    component: {
+      name:"a-select",
+      options: [
+        {
+          label: "v3.x",
+          value: "3",
+        },
+        {
+          label: "v2.x",
+          value: "2",
+        },
+      ]
+    },
+    helper: "apisix系统的版本",
+    value:"3",
+    required: true,
+  })
+  version = '3';
+

  @AccessInput({
    title: "测试",
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
  }

  async getCertList(){
+    const sslPath = this.getSslPath();
    const req = {
-      url :"/apisix/admin/ssls",
+      url :`/apisix/admin/${sslPath}`,
      method: "get",
    }
    return await this.doRequest(req);
  }

+  getSslPath(){
+    const sslPath = this.version === '3' ? 'ssls' : 'ssl';
+    return sslPath;
+  }
+
  async createCert(opts:{cert:CertInfo}){
    const certReader = new CertReader(opts.cert)
+    const sslPath = this.getSslPath();
    const req = {
-      url :"/apisix/admin/ssls",
+      url :`/apisix/admin/${sslPath}`,
      method: "post",
      data:{
        cert: opts.cert.crt,
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {

  async updateCert (opts:{cert:CertInfo,id:string}){
    const certReader = new CertReader(opts.cert)
+    const sslPath = this.getSslPath();
    const req = {
-      url :`/apisix/admin/ssls/${opts.id}`,
+      url :`/apisix/admin/${sslPath}/${opts.id}`,
      method: "put",
      data:{
        cert: opts.cert.crt,
@@ -423,6 +423,7 @@ export class AcmeService {
      signal: this.options.signal,
      profile,
      preferredChain,
+      waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
    });

    const crtString = crt.toString();
@@ -1,7 +1,8 @@
-import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
+import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';

-import { DemoAccess } from './access.js';
+import { PageRes, PageSearch } from '@certd/pipeline';
 import { isDev } from '../../utils/env.js';
+import { DemoAccess } from './access.js';

 type DemoRecord = {
  // 这里定义Record记录的数据结构，跟对应云平台接口返回值一样即可，一般是拿到id就行，用于删除txt解析记录，清理申请痕迹
@@ -16,7 +17,7 @@ type DemoRecord = {
  icon: 'clarity:plugin-line',
  // 这里是对应的云平台的access类型名称
  accessType: 'demo',
-  order:99,
+  order: 99,
 })
 export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
  access!: DemoAccess;
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {

    this.logger.info('删除域名解析成功:', fullRecord, value);
  }
+
+  /**
+   * 
+   * @param req 实现获取域名列表
+   * @returns 
+   */
+  async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    const res = await this.http.request({
+      // 请求接口获取域名列表
+    })
+    const list = []
+    // const list = res.Domains?.map(item => ({
+    //   id: item.Id,
+    //   domain: item.DomainName,
+    // })) || []
+    
+
+    return {
+      list,
+      total: res.Total,
+    }
+  }
 }

 //TODO 实例化这个provider，将其自动注册到系统中
@@ -0,0 +1,172 @@
+import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
+
+/**
+ * HiPM DNSMgr Access
+ * 使用 API Token 认证（Bearer Token）
+ */
+@IsAccess({
+  name: 'hipmdnsmgr',
+  title: 'HiPM DNSMgr',
+  icon: 'svg:icon-dns',
+  desc: 'HiPM DNSMgr API Token 授权',
+})
+export class HipmDnsmgrAccess extends BaseAccess {
+  @AccessInput({
+    title: '服务器地址',
+    component: {
+      name: 'a-input',
+      allowClear: true,
+      placeholder: 'http://localhost:3001',
+    },
+    required: true,
+    helper: 'HiPM DNSMgr 服务器地址，例如: http://localhost:3001',
+  })
+  endpoint = '';
+
+  @AccessInput({
+    title: 'API Token',
+    required: true,
+    encrypt: true,
+    helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
+  })
+  apiToken = '';
+
+  @AccessInput({
+    title: '测试连接',
+    component: {
+      name: 'api-test',
+      action: 'TestRequest',
+    },
+    helper: '点击测试接口是否正常',
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    await this.getDomainList();
+    return '连接成功';
+  }
+
+  /**
+   * 获取域名列表
+   */
+  async getDomainList() {
+    this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
+    
+    const resp = await this.doRequest({
+      method: 'GET',
+      path: '/domains',
+      params: {
+        page: 1,
+        pageSize: 100,
+      },
+    });
+
+    // DNSMgr 返回数组格式
+    return resp?.map((item: any) => ({
+      id: String(item.id),
+      domain: item.name,
+      ...item,
+    })) || [];
+  }
+
+  /**
+   * 获取域名记录列表
+   */
+  async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
+    this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表：domainId=${domainId}`);
+    
+    let path = `/domains/${domainId}/records?page=1&pageSize=100`;
+    if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
+    if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
+    if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
+
+    const resp = await this.doRequest({
+      method: 'GET',
+      path,
+    });
+
+    return resp;
+  }
+
+  /**
+   * 创建 DNS 记录
+   */
+  async createDnsRecord(domainId: string, name: string, value: string, type: string) {
+    this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录：${name} ${type} ${value}`);
+    
+    const resp = await this.doRequest({
+      method: 'POST',
+      path: `/domains/${domainId}/records`,
+      data: {
+        name,
+        type,
+        value,
+        ttl: 600,
+        line: '0',
+      },
+    });
+
+    return resp;
+  }
+
+  /**
+   * 删除 DNS 记录
+   */
+  async deleteDnsRecord(domainId: string, recordId: string) {
+    this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录：domainId=${domainId}, recordId=${recordId}`);
+    
+    const resp = await this.doRequest({
+      method: 'DELETE',
+      path: `/domains/${domainId}/records/${recordId}`,
+    });
+
+    return resp;
+  }
+
+  /**
+   * 发送 HTTP 请求
+   */
+  async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
+    // 处理 URL
+    let baseUrl = this.endpoint.trim();
+    baseUrl = baseUrl.replace(/\/$/, '');
+    baseUrl = baseUrl.replace(/\/api$/, '');
+    
+    let url = `${baseUrl}/api${req.path}`;
+    
+    // 添加查询参数
+    if (req.params) {
+      const searchParams = new URLSearchParams();
+      for (const [key, value] of Object.entries(req.params)) {
+        if (value !== undefined && value !== null && value !== '') {
+          searchParams.append(key, String(value));
+        }
+      }
+      const queryString = searchParams.toString();
+      if (queryString) {
+        url += `?${queryString}`;
+      }
+    }
+
+    this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
+
+    const res = await this.ctx.http.request({
+      url,
+      method: req.method,
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${this.apiToken}`,
+      },
+      data: req.data,
+    });
+
+    this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
+
+    // DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
+    if (res.code !== undefined && res.code !== 0) {
+      throw new Error(res.msg || '请求失败');
+    }
+
+    return res.data;
+  }
+}
@@ -0,0 +1 @@
+export * from './hipmdnsmgr-access.js';
@@ -0,0 +1,77 @@
+import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
+import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
+
+/**
+ * HiPM DNSMgr DNS Provider
+ * 用于 ACME DNS-01 挑战验证
+ */
+@IsDnsProvider({
+  name: 'hipmdnsmgr',
+  title: 'HiPM DNSMgr',
+  desc: 'HiPM DNSMgr DNS 解析提供商',
+  accessType: 'hipmdnsmgr',
+  icon: 'svg:icon-dns',
+})
+export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
+  access!: HipmDnsmgrAccess;
+
+  async onInstance() {
+    this.access = this.ctx.access as HipmDnsmgrAccess;
+    this.logger.debug('[HiPM DNSMgr] 初始化完成');
+  }
+
+  /**
+   * 创建 DNS 记录（用于 ACME DNS-01 验证）
+   */
+  async createRecord(options: CreateRecordOptions): Promise<any> {
+    const { fullRecord, hostRecord, value, type, domain } = options;
+    this.logger.info('[HiPM DNSMgr] 添加域名解析：', fullRecord, value, type, domain);
+
+    // 1. 获取域名列表，找到对应的域名 ID
+    const domainList = await this.access.getDomainList();
+    const domainInfo = domainList.find((item: any) => item.domain === domain);
+
+    if (!domainInfo) {
+      throw new Error(`[HiPM DNSMgr] 未找到域名：${domain}`);
+    }
+
+    const domainId = String(domainInfo.id);
+    this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
+
+    // 2. 创建 DNS 记录
+    const name = hostRecord; // 使用子域名，如 _acme-challenge
+    const res = await this.access.createDnsRecord(domainId, name, value, type);
+    
+    this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
+
+    // 返回记录信息，用于后续删除
+    return {
+      domainId,
+      recordId: res?.id,
+      name,
+      value,
+    };
+  }
+
+  /**
+   * 删除 DNS 记录（ACME 验证完成后清理）
+   */
+  async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
+    const { fullRecord, value } = options.recordReq;
+    const record = options.recordRes;
+
+    this.logger.info('[HiPM DNSMgr] 删除域名解析：', fullRecord, value, record);
+
+    if (record && record.domainId && record.recordId) {
+      try {
+        await this.access.deleteDnsRecord(record.domainId, record.recordId);
+        this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
+      } catch (e: any) {
+        // 记录可能已经被删除，忽略错误
+        this.logger.warn('[HiPM DNSMgr] 删除域名解析失败（可能已不存在）:', e.message);
+      }
+    } else {
+      this.logger.warn('[HiPM DNSMgr] 无法删除记录，缺少 domainId 或 recordId');
+    }
+  }
+}
@@ -0,0 +1 @@
+export * from './hipmdnsmgr-dns-provider.js';
@@ -0,0 +1,2 @@
+export * from './access/index.js';
+export * from './dns-provider/index.js';
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {

  @AccessInput({
    title: "伪终端",
-    helper: "如果登录报错：all authentication methods failed，可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
+    helper: "如果登录报错：all authentication methods failed / unable to exec，可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
    component: {
      name: "a-switch",
      vModel: "checked",
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
        let hasErrorLog = false;
        stream
          .on("close", (code: any, signal: any) => {
-            this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
+            this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
            /**
             * ]pipeline 执行命令:[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
             * [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
        }
        stream
          .on("close", (code: any) => {
-            this.logger.info("Stream :: close,code: " + code);
+            this.logger.info("Stream :: close,code = " + code);
            resolve(output);
          })
          .on("data", (ret: Buffer) => {
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
      'Content-Type': 'application/json',
    };

-    
-    this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
+    const baseUrl = this.normalizeEndpoint(this.baseUrl);
+    this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
  
    const resp = await this.ctx.http.request({
      url: req.url,
-      baseURL: this.baseUrl,
+      baseURL: baseUrl,
      method: req.method,
      headers,
      params: req.params,
@@ -0,0 +1,348 @@
+name: NginxProxyManagerDeploy
+icon: logos:nginx
+title: Nginx Proxy Manager-部署到主机
+group: panel
+desc: 上传自定义证书到 Nginx Proxy Manager，并绑定到所选主机。
+setting: null
+sysSetting: null
+type: custom
+disabled: false
+version: 1.0.0
+pluginType: deploy
+author: samler
+input:
+  cert:
+    title: 域名证书
+    helper: 请选择前置任务产出的证书。
+    component:
+      name: output-selector
+      from:
+        - ':cert:'
+    required: true
+    order: 0
+  certDomains:
+    title: 证书域名
+    component:
+      name: cert-domains-getter
+    mergeScript: |
+      return {
+        component: {
+          inputKey: ctx.compute(({ form }) => {
+            return form.cert;
+          }),
+        },
+      }
+    required: false
+    order: 0
+  accessId:
+    title: NPM授权
+    component:
+      name: access-selector
+      type: samler/nginxProxyManager
+    helper: 选择用于部署的 Nginx Proxy Manager 授权。
+    required: true
+    order: 0
+  proxyHostIds:
+    title: 代理主机
+    component:
+      name: remote-select
+      vModel: value
+      mode: tags
+      type: plugin
+      action: onGetProxyHostOptions
+      search: true
+      pager: false
+      multi: true
+      watches:
+        - certDomains
+        - accessId
+    required: true
+    helper: 选择要绑定此证书的一个或多个代理主机。
+    mergeScript: |
+      return {
+        component: {
+          form: ctx.compute(({ form }) => {
+            return form;
+          }),
+        },
+      }
+    order: 0
+  certificateLabel:
+    title: 证书标识
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: certd_npm_example_com
+    helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
+    required: false
+    order: 0
+  cleanupMatchingCertificates:
+    title: 自动清理未使用证书
+    component:
+      name: a-switch
+      vModel: checked
+    helper: 部署成功后，自动删除除当前证书外所有未被任何主机引用的证书。
+    required: false
+    order: 0
+output: {}
+default:
+  strategy:
+    runStrategy: 1
+showRunStrategy: false
+content: |
+  const { AbstractTaskPlugin } = await import("@certd/pipeline");
+  const { CertReader } = await import("@certd/plugin-cert");
+
+  function normalizeDomain(domain) {
+    return String(domain ?? "").trim().toLowerCase();
+  }
+
+  function wildcardMatches(pattern, candidate) {
+    if (!pattern.startsWith("*.")) {
+      return false;
+    }
+
+    const suffix = pattern.slice(1).toLowerCase();
+    return candidate.endsWith(suffix);
+  }
+
+  function isDomainMatch(left, right) {
+    const normalizedLeft = normalizeDomain(left);
+    const normalizedRight = normalizeDomain(right);
+
+    return (
+      normalizedLeft === normalizedRight ||
+      wildcardMatches(normalizedLeft, normalizedRight) ||
+      wildcardMatches(normalizedRight, normalizedLeft)
+    );
+  }
+
+  function normalizeDomainIdentity(domain) {
+    return normalizeDomain(domain).replace(/^\*\./, "");
+  }
+
+  function certificateHasBindings(certificate) {
+    return (
+      (certificate.proxy_hosts?.length ?? 0) > 0 ||
+      (certificate.redirection_hosts?.length ?? 0) > 0 ||
+      (certificate.dead_hosts?.length ?? 0) > 0 ||
+      (certificate.streams?.length ?? 0) > 0
+    );
+  }
+
+  function sanitizeDomainSegment(value) {
+    const sanitized = String(value ?? "")
+      .trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, "_")
+      .replace(/^_+|_+$/g, "")
+      .replace(/_+/g, "_");
+
+    return sanitized || "unknown";
+  }
+
+  function buildDefaultCertificateLabel(cert) {
+    const mainDomain = CertReader.getMainDomain(cert.crt);
+    return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
+  }
+
+  function normalizeStringList(input) {
+    if (Array.isArray(input)) {
+      return input;
+    }
+
+    if (input == null || input === "") {
+      return [];
+    }
+
+    return [input];
+  }
+
+  function resolveCertificateDomains(cert, configuredDomains) {
+    const configured = normalizeStringList(configuredDomains)
+      .map((value) => String(value).trim())
+      .filter(Boolean);
+
+    if (configured.length > 0) {
+      return Array.from(new Set(configured));
+    }
+
+    return new CertReader(cert).getAllDomains();
+  }
+
+  function buildProxyHostLabel(host) {
+    const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
+    return `${domains} <#${host.id}>`;
+  }
+
+  function hasAnyCertDomainMatch(host, certDomains) {
+    if (!certDomains.length) {
+      return false;
+    }
+
+    const hostDomains = host.domain_names ?? [];
+    return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
+  }
+
+  function buildProxyHostOptions(hosts, certDomains) {
+    const sortedHosts = [...hosts].sort((left, right) => {
+      return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
+    });
+
+    const matched = [];
+    const unmatched = [];
+
+    for (const host of sortedHosts) {
+      const option = {
+        label: buildProxyHostLabel(host),
+        value: String(host.id),
+        domain: host.domain_names?.[0] ?? "",
+      };
+
+      if (hasAnyCertDomainMatch(host, certDomains)) {
+        matched.push(option);
+      } else {
+        unmatched.push(option);
+      }
+    }
+
+    if (matched.length && unmatched.length) {
+      return [
+        {
+          label: "匹配证书域名的主机",
+          options: matched,
+        },
+        {
+          label: "其他代理主机",
+          options: unmatched,
+        },
+      ];
+    }
+
+    return matched.length ? matched : unmatched;
+  }
+
+  function normalizeProxyHostIds(proxyHostIds) {
+    return Array.from(
+      new Set(
+        normalizeStringList(proxyHostIds)
+          .map((value) => Number.parseInt(String(value), 10))
+          .filter((value) => Number.isInteger(value) && value > 0),
+      ),
+    );
+  }
+
+  return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
+    cert;
+    certDomains;
+    accessId;
+    proxyHostIds;
+    certificateLabel;
+    cleanupMatchingCertificates = false;
+
+    async execute() {
+      const access = await this.getAccess(this.accessId);
+      const client = access.createClient();
+      const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
+
+      if (proxyHostIds.length === 0) {
+        throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
+      }
+
+      const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
+      const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
+
+      let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
+      if (!certificate) {
+        this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
+        certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
+      } else {
+        this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
+      }
+
+      await client.uploadCertificate(certificate.id, {
+        certificate: this.cert.crt,
+        certificateKey: this.cert.key,
+        intermediateCertificate: this.cert.ic,
+      });
+      this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
+
+      for (const proxyHostId of proxyHostIds) {
+        this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
+        try {
+          await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
+        } catch (error) {
+          const message = error instanceof Error ? error.message : String(error);
+          throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败：${message}`);
+        }
+      }
+
+      if (this.cleanupMatchingCertificates === true) {
+        await this.cleanupOldCertificates(client, certificate.id);
+      }
+
+      this.logger.info(`部署完成，共更新 ${proxyHostIds.length} 个代理主机`);
+    }
+
+    async onGetProxyHostOptions(req = {}) {
+      if (!this.accessId) {
+        throw new Error("请先选择 Nginx Proxy Manager 授权");
+      }
+
+      const access = await this.getAccess(this.accessId);
+      const proxyHosts = await access.getProxyHostList(req);
+      return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
+    }
+
+    async cleanupOldCertificates(client, currentCertificateId) {
+      const certificates = await client.getCertificatesWithExpand(undefined, [
+        "proxy_hosts",
+        "redirection_hosts",
+        "dead_hosts",
+        "streams",
+      ]);
+
+      const candidates = certificates.filter((certificate) => {
+        return certificate.id !== currentCertificateId;
+      });
+
+      if (candidates.length === 0) {
+        this.logger.info("未发现可自动清理的旧证书");
+        return;
+      }
+
+      const deletedIds = [];
+      const skippedInUse = [];
+      const failedDeletes = [];
+
+      for (const candidate of candidates) {
+        if (certificateHasBindings(candidate)) {
+          skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
+          continue;
+        }
+
+        this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
+        try {
+          await client.deleteCertificate(candidate.id);
+          deletedIds.push(candidate.id);
+        } catch (error) {
+          const message = error instanceof Error ? error.message : String(error);
+          failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
+        }
+      }
+
+      if (deletedIds.length > 0) {
+        this.logger.info(`自动清理完成，共删除 ${deletedIds.length} 张旧证书：${deletedIds.map((id) => `#${id}`).join(", ")}`);
+      } else {
+        this.logger.info("未删除任何旧证书");
+      }
+
+      if (skippedInUse.length > 0) {
+        this.logger.info(`以下旧证书仍被其他资源引用，已跳过清理：${skippedInUse.join(", ")}`);
+      }
+
+      if (failedDeletes.length > 0) {
+        this.logger.warn(`以下旧证书清理失败，已跳过：${failedDeletes.join(", ")}`);
+      }
+    }
+  };
@@ -0,0 +1,366 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import FormData from "form-data";
+import { authenticator } from "otplib";
+
+export interface ProxyHost {
+  id: number;
+  domain_names?: string[];
+  certificate_id?: number;
+  proxy_hosts?: unknown[];
+  redirection_hosts?: unknown[];
+  dead_hosts?: unknown[];
+  streams?: unknown[];
+}
+
+export interface Certificate {
+  id: number;
+  nice_name: string;
+  provider: string;
+  domain_names?: string[];
+  proxy_hosts?: unknown[];
+  redirection_hosts?: unknown[];
+  dead_hosts?: unknown[];
+  streams?: unknown[];
+}
+
+interface TokenResponse {
+  token?: string;
+  requires_2fa?: boolean;
+  challenge_token?: string;
+}
+
+@IsAccess({
+  name: "nginxProxyManager",
+  title: "Nginx Proxy Manager 授权",
+  desc: "用于登录 Nginx Proxy Manager，并为代理主机证书部署提供授权。",
+  icon: "logos:nginx",
+})
+export class NginxProxyManagerAccess extends BaseAccess {
+  @AccessInput({
+    title: "NPM 地址",
+    component: {
+      name: "a-input",
+      allowClear: true,
+      placeholder: "https://npm.example.com",
+    },
+    helper: "请输入 Nginx Proxy Manager 根地址，不要带 /api 后缀。",
+    required: true,
+  })
+  endpoint = "";
+
+  @AccessInput({
+    title: "邮箱",
+    component: {
+      name: "a-input",
+      allowClear: true,
+      placeholder: "admin@example.com",
+    },
+    required: true,
+  })
+  email = "";
+
+  @AccessInput({
+    title: "密码",
+    component: {
+      name: "a-input-password",
+      allowClear: true,
+      placeholder: "请输入密码",
+    },
+    required: true,
+    encrypt: true,
+  })
+  password = "";
+
+  @AccessInput({
+    title: "TOTP 密钥",
+    component: {
+      name: "a-input-password",
+      allowClear: true,
+      placeholder: "Optional base32 TOTP secret",
+    },
+    helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
+    required: false,
+    encrypt: true,
+  })
+  totpSecret = "";
+
+  @AccessInput({
+    title: "忽略无效 TLS",
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
+    required: false,
+  })
+  ignoreTls = false;
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "onTestRequest",
+    },
+    helper: "测试登录并拉取代理主机列表。",
+  })
+  testRequest = true;
+
+  private token: string | undefined;
+  private tokenPromise: Promise<string> | undefined;
+
+  normalizeEndpoint(endpoint: string): string {
+    const trimmed = String(endpoint ?? "").trim();
+    if (!trimmed) {
+      throw new Error("Nginx Proxy Manager 地址不能为空");
+    }
+
+    const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
+    return withoutTrailingSlash.endsWith("/api")
+      ? withoutTrailingSlash.slice(0, -4)
+      : withoutTrailingSlash;
+  }
+
+  private describeError(error: unknown, action: string): Error {
+    if (error instanceof Error) {
+      return new Error(`${action} failed: ${error.message}`);
+    }
+    return new Error(`${action} failed`);
+  }
+
+  private get apiBaseUrl(): string {
+    const endpoint = this.normalizeEndpoint(this.endpoint);
+    return `${endpoint}/api`;
+  }
+
+  async verifyAccess(): Promise<{ proxyHostCount: number }> {
+    const proxyHosts = await this.getProxyHosts();
+    return {
+      proxyHostCount: proxyHosts.length,
+    };
+  }
+
+  async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
+    return await this.requestWithAuth<ProxyHost[]>({
+      method: "GET",
+      url: "/nginx/proxy-hosts",
+      params: {
+        expand: "certificate",
+        ...(searchQuery ? { query: searchQuery } : {}),
+      },
+    });
+  }
+
+  async getCertificates(searchQuery?: string): Promise<Certificate[]> {
+    return await this.requestWithAuth<Certificate[]>({
+      method: "GET",
+      url: "/nginx/certificates",
+      params: searchQuery ? { query: searchQuery } : undefined,
+    });
+  }
+
+  async getCertificatesWithExpand(
+    searchQuery?: string,
+    expand: string[] = []
+  ): Promise<Certificate[]> {
+    return await this.requestWithAuth<Certificate[]>({
+      method: "GET",
+      url: "/nginx/certificates",
+      params: {
+        ...(searchQuery ? { query: searchQuery } : {}),
+        ...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
+      },
+    });
+  }
+
+  async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
+    const certificates = await this.getCertificates(niceName);
+    return certificates.find((certificate) => {
+      return certificate.provider === "other" && certificate.nice_name === niceName;
+    });
+  }
+
+  async createCustomCertificate(
+    niceName: string,
+    domainNames: string[] = []
+  ): Promise<Certificate> {
+    return await this.requestWithAuth<Certificate>({
+      method: "POST",
+      url: "/nginx/certificates",
+      data: {
+        provider: "other",
+        nice_name: niceName,
+        domain_names: domainNames,
+      },
+    });
+  }
+
+  async deleteCertificate(certificateId: number): Promise<void> {
+    await this.requestWithAuth<void>({
+      method: "DELETE",
+      url: `/nginx/certificates/${certificateId}`,
+    });
+  }
+
+  async uploadCertificate(
+    certificateId: number,
+    payload: {
+      certificate: string;
+      certificateKey: string;
+      intermediateCertificate?: string;
+    }
+  ): Promise<void> {
+    const form = new FormData();
+    form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
+      filename: "fullchain.pem",
+      contentType: "application/x-pem-file",
+    });
+    form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
+      filename: "privkey.pem",
+      contentType: "application/x-pem-file",
+    });
+    if (payload.intermediateCertificate) {
+      form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
+        filename: "chain.pem",
+        contentType: "application/x-pem-file",
+      });
+    }
+
+    await this.requestWithAuth<void>({
+      method: "POST",
+      url: `/nginx/certificates/${certificateId}/upload`,
+      data: form,
+      headers: form.getHeaders(),
+    });
+  }
+
+  async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
+    await this.requestWithAuth<void>({
+      method: "PUT",
+      url: `/nginx/proxy-hosts/${hostId}`,
+      data: {
+        certificate_id: certificateId,
+      },
+    });
+  }
+
+  private async login(): Promise<string> {
+    if (this.token) {
+      return this.token;
+    }
+
+    if (!this.tokenPromise) {
+      this.tokenPromise = this.performLogin().finally(() => {
+        this.tokenPromise = undefined;
+      });
+    }
+
+    this.token = await this.tokenPromise;
+    return this.token;
+  }
+
+  private async performLogin(): Promise<string> {
+    const initialLogin = await this.request<TokenResponse>({
+      method: "POST",
+      url: "/tokens",
+      data: {
+        identity: this.email,
+        secret: this.password,
+      },
+    });
+
+    if (initialLogin.token) {
+      return initialLogin.token;
+    }
+
+    if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
+      throw new Error("登录失败：Nginx Proxy Manager 未返回访问令牌");
+    }
+
+    if (!this.totpSecret) {
+      throw new Error(
+        "登录失败：该 Nginx Proxy Manager 账号启用了 2FA，但未配置 totpSecret"
+      );
+    }
+
+    let code: string;
+    try {
+      code = authenticator.generate(this.totpSecret);
+    } catch (error) {
+      throw this.describeError(error, "Generating TOTP code");
+    }
+
+    const completedLogin = await this.request<TokenResponse>({
+      method: "POST",
+      url: "/tokens/2fa",
+      data: {
+        challenge_token: initialLogin.challenge_token,
+        code,
+      },
+    });
+
+    if (!completedLogin.token) {
+      throw new Error("2FA 登录失败：Nginx Proxy Manager 未返回访问令牌");
+    }
+
+    return completedLogin.token;
+  }
+
+  private async requestWithAuth<T>(config: {
+    method: string;
+    url: string;
+    params?: Record<string, unknown>;
+    data?: unknown;
+    headers?: Record<string, string>;
+  }): Promise<T> {
+    const token = await this.login();
+    const headers = {
+      ...(config.headers ?? {}),
+      Authorization: `Bearer ${token}`,
+    };
+
+    return await this.request<T>({
+      ...config,
+      headers,
+    });
+  }
+
+  private async request<T>(config: {
+    method: string;
+    url: string;
+    params?: Record<string, unknown>;
+    data?: unknown;
+    headers?: Record<string, string>;
+  }): Promise<T> {
+    const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
+    try {
+      const response = await this.ctx.http.request({
+        url: `${this.apiBaseUrl}${config.url}`,
+        method: config.method,
+        params: config.params,
+        data: config.data,
+        headers: config.headers,
+        timeout: 30000,
+        httpsAgent: this.ignoreTls ? {
+          rejectUnauthorized: false
+        } : undefined,
+      });
+      return response;
+    } catch (error) {
+      throw this.describeError(error, action);
+    }
+  }
+
+  async onTestRequest(): Promise<string> {
+    const result = await this.verifyAccess();
+    this.ctx.logger.info(
+      `Nginx Proxy Manager 授权验证成功，找到 ${result.proxyHostCount} 个代理主机`
+    );
+    return `成功（${result.proxyHostCount} 个代理主机）`;
+  }
+
+  async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
+    return await this.getProxyHosts(req.searchKey);
+  }
+}
+
+new NginxProxyManagerAccess();
@@ -0,0 +1,2 @@
+export * from "./plugins/index.js";
+export * from "./access.js";
@@ -0,0 +1,344 @@
+name: nginxProxyManager
+icon: logos:nginx
+title: Nginx Proxy Manager 授权
+group: null
+desc: 用于登录 Nginx Proxy Manager，并为代理主机证书部署提供授权。
+setting: null
+sysSetting: null
+type: custom
+disabled: false
+version: 1.0.0
+pluginType: access
+author: samler
+input:
+  endpoint:
+    title: NPM 地址
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: https://npm.example.com
+    helper: 请输入 Nginx Proxy Manager 根地址，不要带 /api 后缀。
+    required: true
+  email:
+    title: 邮箱
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: admin@example.com
+    required: true
+  password:
+    title: 密码
+    component:
+      name: a-input-password
+      allowClear: true
+      placeholder: 请输入密码
+    required: true
+    encrypt: true
+  totpSecret:
+    title: TOTP 密钥
+    component:
+      name: a-input-password
+      allowClear: true
+      placeholder: Optional base32 TOTP secret
+    helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
+    required: false
+    encrypt: true
+  ignoreTls:
+    title: 忽略无效 TLS
+    component:
+      name: a-switch
+      vModel: checked
+    helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
+    required: false
+  testRequest:
+    title: 测试
+    component:
+      name: api-test
+      action: TestRequest
+    helper: 测试登录并拉取代理主机列表。
+content: |
+  const { BaseAccess } = await import("@certd/pipeline");
+  const httpsModule = await import("node:https");
+  const { URL } = await import("node:url");
+  const axiosModule = await import("axios");
+  const formDataModule = await import("form-data");
+  const { authenticator } = await import("otplib");
+
+  const https = httpsModule.default ?? httpsModule;
+  const axios = axiosModule.default ?? axiosModule;
+  const FormData = formDataModule.default ?? formDataModule;
+
+  function normalizeEndpoint(endpoint) {
+    const trimmed = String(endpoint ?? "").trim();
+    if (!trimmed) {
+      throw new Error("Nginx Proxy Manager 地址不能为空");
+    }
+
+    const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
+    return withoutTrailingSlash.endsWith("/api")
+      ? withoutTrailingSlash.slice(0, -4)
+      : withoutTrailingSlash;
+  }
+
+  function buildHttpsAgent(endpoint, ignoreTls) {
+    const url = new URL(endpoint);
+    if (url.protocol !== "https:") {
+      return undefined;
+    }
+
+    return new https.Agent({
+      rejectUnauthorized: !ignoreTls,
+    });
+  }
+
+  function describeError(error, action) {
+    if (axios.isAxiosError(error)) {
+      const status = error.response?.status;
+      const data = error.response?.data;
+      const message =
+        data?.error?.message ||
+        data?.error ||
+        data?.message ||
+        (typeof data === "string" ? data : null) ||
+        error.message;
+      return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
+    }
+
+    if (error instanceof Error) {
+      return new Error(`${action} failed: ${error.message}`);
+    }
+
+    return new Error(`${action} failed`);
+  }
+
+  class NginxProxyManagerClient {
+    constructor(options) {
+      this.options = options;
+      this.endpoint = normalizeEndpoint(options.endpoint);
+      this.apiBaseUrl = `${this.endpoint}/api`;
+      this.token = undefined;
+      this.tokenPromise = undefined;
+      this.httpClient = axios.create({
+        baseURL: this.apiBaseUrl,
+        timeout: 30000,
+        maxBodyLength: Infinity,
+        maxContentLength: Infinity,
+        httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
+        headers: {
+          Accept: "application/json",
+        },
+      });
+    }
+
+    async verifyAccess() {
+      const proxyHosts = await this.getProxyHosts();
+      return {
+        proxyHostCount: proxyHosts.length,
+      };
+    }
+
+    async getProxyHosts(searchQuery) {
+      return await this.requestWithAuth({
+        method: "GET",
+        url: "/nginx/proxy-hosts",
+        params: {
+          expand: "certificate",
+          ...(searchQuery ? { query: searchQuery } : {}),
+        },
+      });
+    }
+
+    async getCertificates(searchQuery) {
+      return await this.requestWithAuth({
+        method: "GET",
+        url: "/nginx/certificates",
+        params: searchQuery ? { query: searchQuery } : undefined,
+      });
+    }
+
+    async getCertificatesWithExpand(searchQuery, expand = []) {
+      return await this.requestWithAuth({
+        method: "GET",
+        url: "/nginx/certificates",
+        params: {
+          ...(searchQuery ? { query: searchQuery } : {}),
+          ...(expand.length > 0 ? { expand: expand.join(",") } : {}),
+        },
+      });
+    }
+
+    async findCustomCertificateByNiceName(niceName) {
+      const certificates = await this.getCertificates(niceName);
+      return certificates.find((certificate) => {
+        return certificate.provider === "other" && certificate.nice_name === niceName;
+      });
+    }
+
+    async createCustomCertificate(niceName, domainNames = []) {
+      return await this.requestWithAuth({
+        method: "POST",
+        url: "/nginx/certificates",
+        data: {
+          provider: "other",
+          nice_name: niceName,
+          domain_names: domainNames,
+        },
+      });
+    }
+
+    async deleteCertificate(certificateId) {
+      await this.requestWithAuth({
+        method: "DELETE",
+        url: `/nginx/certificates/${certificateId}`,
+      });
+    }
+
+    async uploadCertificate(certificateId, payload) {
+      const form = new FormData();
+      form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
+        filename: "fullchain.pem",
+        contentType: "application/x-pem-file",
+      });
+      form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
+        filename: "privkey.pem",
+        contentType: "application/x-pem-file",
+      });
+      if (payload.intermediateCertificate) {
+        form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
+          filename: "chain.pem",
+          contentType: "application/x-pem-file",
+        });
+      }
+
+      await this.requestWithAuth({
+        method: "POST",
+        url: `/nginx/certificates/${certificateId}/upload`,
+        data: form,
+        headers: form.getHeaders(),
+      });
+    }
+
+    async assignCertificateToProxyHost(hostId, certificateId) {
+      await this.requestWithAuth({
+        method: "PUT",
+        url: `/nginx/proxy-hosts/${hostId}`,
+        data: {
+          certificate_id: certificateId,
+        },
+      });
+    }
+
+    async login() {
+      if (this.token) {
+        return this.token;
+      }
+
+      if (!this.tokenPromise) {
+        this.tokenPromise = this.performLogin().finally(() => {
+          this.tokenPromise = undefined;
+        });
+      }
+
+      this.token = await this.tokenPromise;
+      return this.token;
+    }
+
+    async performLogin() {
+      const initialLogin = await this.request({
+        method: "POST",
+        url: "/tokens",
+        data: {
+          identity: this.options.email,
+          secret: this.options.password,
+        },
+      });
+
+      if (initialLogin.token) {
+        return initialLogin.token;
+      }
+
+      if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
+        throw new Error("登录失败：Nginx Proxy Manager 未返回访问令牌");
+      }
+
+      if (!this.options.totpSecret) {
+        throw new Error("登录失败：该 Nginx Proxy Manager 账号启用了 2FA，但未配置 totpSecret");
+      }
+
+      let code;
+      try {
+        code = authenticator.generate(this.options.totpSecret);
+      } catch (error) {
+        throw describeError(error, "Generating TOTP code");
+      }
+
+      const completedLogin = await this.request({
+        method: "POST",
+        url: "/tokens/2fa",
+        data: {
+          challenge_token: initialLogin.challenge_token,
+          code,
+        },
+      });
+
+      if (!completedLogin.token) {
+        throw new Error("2FA 登录失败：Nginx Proxy Manager 未返回访问令牌");
+      }
+
+      return completedLogin.token;
+    }
+
+    async requestWithAuth(config) {
+      const token = await this.login();
+      const headers = {
+        ...(config.headers ?? {}),
+        Authorization: `Bearer ${token}`,
+      };
+
+      return await this.request({
+        ...config,
+        headers,
+      });
+    }
+
+    async request(config) {
+      const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
+      try {
+        const response = await this.httpClient.request(config);
+        return response.data;
+      } catch (error) {
+        throw describeError(error, action);
+      }
+    }
+  }
+
+  return class NginxProxyManagerAccess extends BaseAccess {
+    endpoint = "";
+    email = "";
+    password = "";
+    totpSecret = "";
+    ignoreTls = false;
+    testRequest = true;
+
+    createClient() {
+      return new NginxProxyManagerClient({
+        endpoint: this.endpoint,
+        email: this.email,
+        password: this.password,
+        totpSecret: this.totpSecret || undefined,
+        ignoreTls: this.ignoreTls === true,
+      });
+    }
+
+    async onTestRequest() {
+      const client = this.createClient();
+      const result = await client.verifyAccess();
+      this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功，找到 ${result.proxyHostCount} 个代理主机`);
+      return `成功（${result.proxyHostCount} 个代理主机）`;
+    }
+
+    async getProxyHostList(req = {}) {
+      const client = this.createClient();
+      return await client.getProxyHosts(req.searchKey);
+    }
+  };
@@ -0,0 +1 @@
+export * from "./plugin-deploy-to-proxy-hosts.js";
@@ -0,0 +1,343 @@
+import {
+  AbstractTaskPlugin,
+  IsTaskPlugin,
+  pluginGroups,
+  RunStrategy,
+  TaskInput,
+} from "@certd/pipeline";
+import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
+import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
+
+interface ProxyHostOption {
+  label: string;
+  value: string;
+  domain: string;
+}
+
+@IsTaskPlugin({
+  name: "NginxProxyManagerDeploy",
+  title: "Nginx Proxy Manager-部署到主机",
+  desc: "上传自定义证书到 Nginx Proxy Manager，并绑定到所选主机。",
+  icon: "logos:nginx",
+  group: pluginGroups.panel.key,
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
+    },
+  },
+})
+export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务产出的证书。",
+    component: {
+      name: "output-selector",
+      from: [":cert:"],
+    },
+    required: true,
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine())
+  certDomains!: string[];
+
+  @TaskInput({
+    title: "NPM授权",
+    component: {
+      name: "access-selector",
+      type: "nginxProxyManager",
+    },
+    helper: "选择用于部署的 Nginx Proxy Manager 授权。",
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: "代理主机",
+    component: {
+      name: "remote-select",
+      vModel: "value",
+      mode: "tags",
+      type: "plugin",
+      action: "onGetProxyHostOptions",
+      search: true,
+      pager: false,
+      multi: true,
+      watches: ["certDomains", "accessId"],
+    },
+    helper: "选择要绑定此证书的一个或多个代理主机。",
+    required: true,
+  })
+  proxyHostIds!: string | string[];
+
+  @TaskInput({
+    title: "证书标识",
+    component: {
+      name: "a-input",
+      allowClear: true,
+      placeholder: "certd_npm_example_com",
+    },
+    helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
+    required: false,
+  })
+  certificateLabel?: string;
+
+  @TaskInput({
+    title: "自动清理未使用证书",
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    helper: "部署成功后，自动删除除当前证书外所有未被任何主机引用的证书。",
+    required: false,
+  })
+  cleanupMatchingCertificates = false;
+
+  private normalizeDomain(domain: string): string {
+    return String(domain ?? "").trim().toLowerCase();
+  }
+
+  private wildcardMatches(pattern: string, candidate: string): boolean {
+    if (!pattern.startsWith("*.")) {
+      return false;
+    }
+
+    const suffix = pattern.slice(1).toLowerCase();
+    return candidate.endsWith(suffix);
+  }
+
+  private isDomainMatch(left: string, right: string): boolean {
+    const normalizedLeft = this.normalizeDomain(left);
+    const normalizedRight = this.normalizeDomain(right);
+
+    return (
+      normalizedLeft === normalizedRight ||
+      this.wildcardMatches(normalizedLeft, normalizedRight) ||
+      this.wildcardMatches(normalizedRight, normalizedLeft)
+    );
+  }
+
+  private sanitizeDomainSegment(value: string): string {
+    const sanitized = String(value ?? "")
+      .trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, "_")
+      .replace(/^_+|_+$/g, "")
+      .replace(/_+/g, "_");
+
+    return sanitized || "unknown";
+  }
+
+  private buildDefaultCertificateLabel(cert: CertInfo): string {
+    const mainDomain = CertReader.getMainDomain(cert.crt);
+    return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
+  }
+
+  private normalizeStringList(input: string | string[] | null | undefined): string[] {
+    if (Array.isArray(input)) {
+      return input;
+    }
+
+    if (input == null || input === "") {
+      return [];
+    }
+
+    return [input];
+  }
+
+  private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
+    const configured = this.normalizeStringList(configuredDomains)
+      .map((value) => String(value).trim())
+      .filter(Boolean);
+
+    if (configured.length > 0) {
+      return Array.from(new Set(configured));
+    }
+
+    return new CertReader(cert).getAllDomains();
+  }
+
+  private buildProxyHostLabel(host: ProxyHost): string {
+    const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
+    return `${domains} <#${host.id}>`;
+  }
+
+  private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
+    if (!certDomains.length) {
+      return false;
+    }
+
+    const hostDomains = host.domain_names ?? [];
+    return hostDomains.some((hostDomain) =>
+      certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
+    );
+  }
+
+  private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
+    const sortedHosts = [...hosts].sort((left, right) => {
+      return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
+    });
+
+    const matched: { label: string; value: string; domain: string }[] = [];
+    const unmatched: { label: string; value: string; domain: string }[] = [];
+
+    for (const host of sortedHosts) {
+      const option = {
+        label: this.buildProxyHostLabel(host),
+        value: String(host.id),
+        domain: host.domain_names?.[0] ?? "",
+      };
+
+      if (this.hasAnyCertDomainMatch(host, certDomains)) {
+        matched.push(option);
+      } else {
+        unmatched.push(option);
+      }
+    }
+
+    if (matched.length && unmatched.length) {
+      return [
+        {
+          label: "匹配证书域名的主机",
+          options: matched,
+        },
+        {
+          label: "其他代理主机",
+          options: unmatched,
+        },
+      ];
+    }
+
+    return matched.length ? matched : unmatched;
+  }
+
+  private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
+    return Array.from(
+      new Set(
+        this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
+          .map((value) => Number.parseInt(String(value), 10))
+          .filter((value) => Number.isInteger(value) && value > 0)
+      )
+    );
+  }
+
+  private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
+    return (
+      (certificate.proxy_hosts?.length ?? 0) > 0 ||
+      (certificate.redirection_hosts?.length ?? 0) > 0 ||
+      (certificate.dead_hosts?.length ?? 0) > 0 ||
+      (certificate.streams?.length ?? 0) > 0
+    );
+  }
+
+  async execute(): Promise<void> {
+    const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
+    const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
+
+    if (proxyHostIds.length === 0) {
+      throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
+    }
+
+    const certificateLabel =
+      this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
+    const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
+
+    let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
+    if (!certificate) {
+      this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
+      certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
+    } else {
+      this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
+    }
+
+    await access.uploadCertificate(certificate.id, {
+      certificate: this.cert.crt,
+      certificateKey: this.cert.key,
+      intermediateCertificate: this.cert.ic,
+    });
+    this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
+
+    for (const proxyHostId of proxyHostIds) {
+      this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
+      try {
+        await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败：${message}`);
+      }
+    }
+
+    if (this.cleanupMatchingCertificates === true) {
+      await this.cleanupOldCertificates(access, certificate.id);
+    }
+
+    this.logger.info(`部署完成，共更新 ${proxyHostIds.length} 个代理主机`);
+  }
+
+  async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
+    if (!this.accessId) {
+      throw new Error("请先选择 Nginx Proxy Manager 授权");
+    }
+
+    const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
+    const proxyHosts = await access.getProxyHostList(req);
+    return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
+  }
+
+  private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
+    const certificates = await access.getCertificatesWithExpand(undefined, [
+      "proxy_hosts",
+      "redirection_hosts",
+      "dead_hosts",
+      "streams",
+    ]);
+    const candidates = certificates.filter((certificate) => {
+      return certificate.id !== currentCertificateId;
+    });
+
+    if (candidates.length === 0) {
+      this.logger.info("未发现可自动清理的旧证书");
+      return;
+    }
+
+    const deletedIds: number[] = [];
+    const skippedInUse: string[] = [];
+    const failedDeletes: string[] = [];
+
+    for (const candidate of candidates) {
+      if (this.certificateHasBindings(candidate)) {
+        skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
+        continue;
+      }
+
+      this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
+      try {
+        await access.deleteCertificate(candidate.id);
+        deletedIds.push(candidate.id);
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
+      }
+    }
+
+    if (deletedIds.length > 0) {
+      this.logger.info(
+        `自动清理完成，共删除 ${deletedIds.length} 张旧证书：${deletedIds
+          .map((id) => `#${id}`)
+          .join(", ")}`
+      );
+    } else {
+      this.logger.info("未删除任何旧证书");
+    }
+
+    if (skippedInUse.length > 0) {
+      this.logger.info(`以下旧证书仍被其他资源引用，已跳过清理：${skippedInUse.join(", ")}`);
+    }
+
+    if (failedDeletes.length > 0) {
+      this.logger.warn(`以下旧证书清理失败，已跳过：${failedDeletes.join(", ")}`);
+    }
+  }
+}
+
+new NginxProxyManagerDeploy();
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
xiaojunnuo	d23ddc96ac	chore: 优化安装脚本	2026-04-23 01:24:49 +08:00
xiaojunnuo	147708e779	chore: 1	2026-04-23 01:17:15 +08:00
xiaojunnuo	dc969dd7ed	perf: 支持一键安装脚本	2026-04-23 01:03:54 +08:00
xiaojunnuo	ef7d1d9327	perf: 支持hipm dns mgr	2026-04-22 23:48:12 +08:00
xiaojunnuo	2e6e9ed925	perf: 支持部署到nginx-proxy-manager	2026-04-22 23:47:02 +08:00
HINS	296dcab4c7	perf: 添加HiPMDnsmgr DNS提供商的支持 @WUHINS * feat: add HiPM DNSMgr DNS provider plugin - Create plugin-hipmdnsmgr for HiPM DNSMgr integration - Support API Token authentication (Bearer token) - Implement createRecord and removeRecord for ACME DNS-01 challenge - Add getDomainListPage for domain selection - Register plugin in plugins/index.ts Features: - RESTful API integration with DNSMgr - Automatic domain ID resolution - Full TypeScript type support * refactor: reorganize plugin-hipmdnsmgr directory structure - Move access.ts to access/hipmdnsmgr-access.ts - Move dns-provider.ts to dns-provider/hipmdnsmgr-dns-provider.ts - Add index.ts files for proper module exports - Align with plugin-huawei and plugin-tencent structure Structure: plugin-hipmdnsmgr/ access/ hipmdnsmgr-access.ts index.ts dns-provider/ hipmdnsmgr-dns-provider.ts index.ts index.ts	2026-04-22 00:10:13 +08:00
xiaojunnuo	f9e1c46c45	chore: 1	2026-04-19 12:26:05 +08:00
xiaojunnuo	94fd5bd7ec	chore: 1	2026-04-19 12:25:28 +08:00
xiaojunnuo	eb6ca96e85	Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev	2026-04-19 12:24:06 +08:00
xiaojunnuo	a2bbc7e272	fix: 修复站点监控某些情况下获取不到证书的bug	2026-04-19 12:23:41 +08:00
xiaojunnuo	f075a991f0	chore: 1	2026-04-17 19:34:01 +08:00
xiaojunnuo	edeb817c39	perf(technitium): 添加Technitium DNS Server插件支持 - 新增Technitium DNS Server插件，包含DNS提供商和授权配置 - 实现DNS记录创建、删除和域名列表获取功能 - 添加默认DNS传播等待时间配置 - 优化用户取消操作时的错误处理 - 为图标选择组件添加过滤功能 - 更新DNS提供商开发文档	2026-04-17 19:22:10 +08:00
xiaojunnuo	23b4658672	perf: apisix支持v2	2026-04-17 17:04:29 +08:00
ahe	5f95ee987f	fix 站点IP监控提示权限不足 (#714 )	2026-04-17 16:46:44 +08:00
xiaojunnuo	cc73f156a7	chore: 1	2026-04-17 00:56:21 +08:00
xiaojunnuo	ee72d10718	build: release	2026-04-12 00:29:18 +08:00
xiaojunnuo	831871d37f	build: publish	2026-04-11 23:48:07 +08:00
xiaojunnuo	6072550ec1	build: trigger build image	2026-04-11 23:47:55 +08:00
xiaojunnuo	112a565bf7	v1.39.10	2026-04-11 23:46:27 +08:00
xiaojunnuo	59e5c76286	build: prepare to build	2026-04-11 23:43:16 +08:00
xiaojunnuo	21620ac6bd	perf: 流水线修改编辑之后，增加未保存提示	2026-04-11 23:41:20 +08:00
xiaojunnuo	d05129ec67	perf: 部署到1panel面板支持mux模式	2026-04-11 23:20:19 +08:00
xiaojunnuo	0998de4ae6	chore: 首页时间动态刷新	2026-04-11 23:10:51 +08:00
xiaojunnuo	2bdf1832da	perf: 增加域名管理子域名检查提醒	2026-04-11 22:43:42 +08:00
xiaojunnuo	a846c4b66e	chore: 1	2026-04-11 22:21:02 +08:00
xiaojunnuo	ee535895a3	perf: 修复检查全部某些情况下无效的bug，优化公共触发站点证书检查定时逻辑	2026-04-11 21:50:44 +08:00
xiaojunnuo	1e549dfd43	fix: 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题	2026-04-11 21:07:23 +08:00
xiaojunnuo	6ee718a252	perf: 站点监控域名气泡增加端口显示	2026-04-11 21:02:31 +08:00
xiaojunnuo	557e98c33f	fix: 修复用户管理添加用户无法上传头像的bug	2026-04-11 20:56:51 +08:00
@@ -1 +1 @@
 :21
 :43
				`@@ -0,0 +1 @@`
				`export * from './hipmdnsmgr-dns-provider.js';`
				`@@ -0,0 +1 @@`
				`export * from "./plugin-deploy-to-proxy-hosts.js";`