v1.24.0

build: prepare to build
chore:
2026-04-04 23:10:56 +08:00 · 2024-08-25 14:27:41 +08:00 · 2024-08-25 14:26:34 +08:00 · 2024-08-25 12:07:47 +08:00 · 2024-08-25 11:57:07 +08:00 · 2024-08-25 11:56:15 +08:00
881 changed files with 10427 additions and 32540 deletions
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -0,0 +1,69 @@
+name: build-image
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "build.trigger"
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  build-certd-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const pnpmWorkspace = "./pnpm-workspace.yaml";
+            fs.unlinkSync(pnpmWorkspace)
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+#      - name: Use Node.js
+#        uses: actions/setup-node@v4
+#        with:
+#          node-version: 18
+#          cache: 'npm'
+#        working-directory: ./packages/ui/certd-client
+      - run: |
+          npm install -g pnpm
+          pnpm install
+          npm run build
+        working-directory: ./packages/ui/certd-client
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to aliyun container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-shenzhen.aliyuncs.com
+          username: ${{ secrets.aliyun_cs_username }}
+          password: ${{ secrets.aliyun_cs_password }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6.5.0
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -0,0 +1,55 @@
+name: deploy-demo
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "deploy.trigger"
+  workflow_run:
+    workflows: [ "build-image" ]
+    types:
+      - completed
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  deploy-certd-demo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+      - uses: GuillaumeFalourd/wait-sleep-action@v1
+        with:
+          time: '10' # for 60 seconds
+      - name: Send HTTP request
+        id: request
+        uses: tyrrrz/action-http-request@master
+        with:
+          url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
+          method: POST
+          headers: |
+            Content-Type: application/json
+          body: |
+            {
+              "CERTD_VERSION": "${{steps.get_certd_version.outputs.result}}"
+            }
+          retry-count: 3
+          retry-delay: 5000
+
+
--- a/.github/workflows/sync-to-gitee.yml
+++ b/.github/workflows/sync-to-gitee.yml
@@ -2,8 +2,6 @@ name: sync-to-gitee
 on:
  push:
    branches: ['v2']
-  pull_request:
-    branches: ['v2']
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,8 @@ gen

 docker/image/workspace
 /packages/core/lego
+
+tsconfig.tsbuildinfo
+test/**/*.js
+/packages/ui/certd-server/data/db.sqlite
+/packages/ui/certd-server/data/keys.yaml
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,2 @@
-link-workspace-packages=deep
+link-workspace-packages=true
+prefer-workspace-packages=true
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,7 @@
+{
+  "printWidth": 160,
+  "bracketSpacing": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,194 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.24.0](https://github.com/certd/certd/compare/v1.23.1...v1.24.0) (2024-08-25)
+
+### Bug Fixes
+
+* 部署到腾讯云cdn选择证书任务步骤限制只能选证书 ([3345c14](https://github.com/certd/certd/commit/3345c145b802170f75a098a35d0c4b8312efcd17))
+* 修复成功后跳过之后丢失腾讯云证书id的bug ([37eb762](https://github.com/certd/certd/commit/37eb762afe25c5896b75dee25f32809f8426e7b7))
+* 修复创建流水线后立即运行时报no id错误的bug ([17ead54](https://github.com/certd/certd/commit/17ead547aab25333603980304aa3aad3db1f73d5))
+* 修复使用代理的情况下申请证书失败的bug ([95122e2](https://github.com/certd/certd/commit/95122e28609333f4df55c266e5434897954c0fb3))
+* 修复执行日志没有清理的bug ([22a3363](https://github.com/certd/certd/commit/22a336370a88a7df2a23c967043bae153da71ed5))
+* 修复重置密码参数配置后无效的bug ([e358a88](https://github.com/certd/certd/commit/e358a8869696578687306e4cd0dcda53f898fe13))
+* 修复ssh无法连接成功，无法执行命令的bug ([41b9837](https://github.com/certd/certd/commit/41b9837582323fb400ef8525ce65e8b37ad4b36f))
+
+### Features
+
+* 支持ECC类型 ([a7424e0](https://github.com/certd/certd/commit/a7424e02f5c7e02ac1688791040785920ce67473))
+* 支持google证书申请（需要使用代理） ([a593056](https://github.com/certd/certd/commit/a593056e79e99dd6a74f75b5eab621af7248cfbe))
+
+### Performance Improvements
+
+* 更新k8s底层api库 ([746bb9d](https://github.com/certd/certd/commit/746bb9d385e2f397daef4976eca1d4782a2f5ebd))
+* 优化成功后跳过的提示 ([7b451bb](https://github.com/certd/certd/commit/7b451bbf6e6337507f4627b5a845f5bd96ab4f7b))
+* 优化证书申请成功率 ([968c469](https://github.com/certd/certd/commit/968c4690a07f69c08dcb3d3a494da4e319627345))
+* 优化dnspod的token id 说明 ([790bf11](https://github.com/certd/certd/commit/790bf11af06d6264ef74bc1bb919661f0354239a))
+* email proxy ([453f1ba](https://github.com/certd/certd/commit/453f1baa0b9eb0f648aa1b71ccf5a95b202ce13f))
+
+## [1.23.1](https://github.com/certd/certd/compare/v1.23.0...v1.23.1) (2024-08-06)
+
+### Bug Fixes
+
+* 修复模糊查询无效的bug ([9355917](https://github.com/certd/certd/commit/93559174c780173f0daec7cdbd1f72f8d5c504d5))
+
+### Performance Improvements
+
+* 优化插件字段的default value ([24c7be2](https://github.com/certd/certd/commit/24c7be2c9cb39c14f7a97b674127c88033280b02))
+* 优化默认值设置 ([1af19f0](https://github.com/certd/certd/commit/1af19f0ac053fe109782882964533636b5969d6b))
+
+# [1.23.0](https://github.com/certd/certd/compare/v1.22.9...v1.23.0) (2024-08-05)
+
+### Bug Fixes
+
+* 修复环境变量多个下划线不生效的bug ([7ec2218](https://github.com/certd/certd/commit/7ec2218c9fee5bee2bf0aa31f3e3a4301575f247))
+
+### Features
+
+* use node 20 ([e8ed972](https://github.com/certd/certd/commit/e8ed97206bf28e83f942db2ef4ea07fa76fd3567))
+
+## [1.22.9](https://github.com/certd/certd/compare/v1.22.8...v1.22.9) (2024-08-05)
+
+### Performance Improvements
+
+* 优化定时任务 ([87e440e](https://github.com/certd/certd/commit/87e440ee2a8b10dc571ce619f28bc83c1e5eb147))
+
+## [1.22.8](https://github.com/certd/certd/compare/v1.22.7...v1.22.8) (2024-08-05)
+
+### Performance Improvements
+
+* 修复删除历史记录没有删除log的bug，新增history管理页面，演示站点启动时不自动启动非管理员用户的定时任务 ([f78ae93](https://github.com/certd/certd/commit/f78ae93eedfe214008c3d071ca3d77c962137a64))
+* 优化pipeline删除时，删除其他history ([b425203](https://github.com/certd/certd/commit/b4252033d56a9ad950f3e204ff021497c3978015))
+
+## [1.22.7](https://github.com/certd/certd/compare/v1.22.6...v1.22.7) (2024-08-04)
+
+### Bug Fixes
+
+* 修复保存配置报id不能为空的bug ([367f807](https://github.com/certd/certd/commit/367f80731396003416665c22853dfbc09c2c03a0))
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+* 修复pg下pipeline title 类型问题 ([a9717b9](https://github.com/certd/certd/commit/a9717b9a0df7b5a64d4fe03314fecad4f59774cc))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 腾讯云clb支持更多大区选择 ([e4f4570](https://github.com/certd/certd/commit/e4f4570b29f26c60f1ee9660a4c507cbeaba3d7e))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+### Bug Fixes
+
+* 修复用户管理无法添加用户的bug ([e7e89b8](https://github.com/certd/certd/commit/e7e89b8de7386e84c0d6b8e217e2034909657d68))
+
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/certd/certd/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+* 支持arm64 ([fa14f87](https://github.com/certd/certd/commit/fa14f87a8093ef3addc5e5f3315ce1bfc9982782))
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+### Bug Fixes
+
+* lege 无执行权限问题 ([338eb3b](https://github.com/certd/certd/commit/338eb3bdfeb461e9b3bc7eee97b97a59f5642ffe))
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+### Bug Fixes
+
+* 修复创建流水线时，无法根据dns类型默认正确的dns授权的bug ([a2c43b5](https://github.com/certd/certd/commit/a2c43b50a6069ed48958fd142844a8568c2af452))
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+* 创建证书任务增加定时任务和邮件通知输入 ([427620d](https://github.com/certd/certd/commit/427620d34f3b8ad6933005faf1878908441a2453))
+* 支持配置启动后自动触发一次任务 ([a5a0c1f](https://github.com/certd/certd/commit/a5a0c1f6e7a3f05e581005e491d5b102ee854412))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+### Performance Improvements
+
+* 优化一些小细节 ([b168852](https://github.com/certd/certd/commit/b1688525dbbbfd67e0ab1cf5b4ddfbe9d394f370))
+* 增加备案号设置 ([bd3d959](https://github.com/certd/certd/commit/bd3d959944db63a5690b55ee150e1007133868b9))
+* 自动生成jwtkey，无需手动配置 ([390e485](https://github.com/certd/certd/commit/390e4853a570390a97df6a3b3882579f9547eeb4))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+### Performance Improvements
+
+* 申请证书时可以选择跳过本地dns校验 ([fe91d94](https://github.com/certd/certd/commit/fe91d94090d22ed0a3ea753ba74dfaa1bf057c17))
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+### Performance Improvements
+
+* 上传到主机，支持设置不mkdirs ([5ba9831](https://github.com/certd/certd/commit/5ba9831ed1aa6ec6057df246f1035b36b9c41d2e))
+* 说明优化，默认值优化 ([970c7fd](https://github.com/certd/certd/commit/970c7fd8a0f557770e973d8462ee5684ef742810))
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/certd/certd/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/certd/certd/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 文件上传提示由cert.crt改为cert.pem ([a09b0e4](https://github.com/certd/certd/commit/a09b0e48c176f3ed763791bd50322c29729f7c1c))
+* 优化cname verify ([eba333d](https://github.com/certd/certd/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/certd/certd/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Bug Fixes
+
+* 修复无法强制取消任务的bug ([9cc01db](https://github.com/certd/certd/commit/9cc01db1d569a5c45bb3e731f35d85df324a8e62))
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/certd/certd/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+* 支持windows文件上传 ([7f61cab](https://github.com/certd/certd/commit/7f61cab101fa13b4e88234e9ad47434e6130fed2))
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+### Bug Fixes
+
+* 修复修改密码功能异常问题 ([f740ff5](https://github.com/certd/certd/commit/f740ff517f521dce361284c2c54bccc68aee0ea2))
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+### Bug Fixes
+
+* 日志高度越界 ([c4c9adb](https://github.com/certd/certd/commit/c4c9adb8bfd513f57252e523794e3799a9b220f8))
+* 修复邮箱设置页面SMTP拼写错误的问题 ([b98f1c0](https://github.com/certd/certd/commit/b98f1c0dd0bc6c6b4f814c578692afdf6d90b88d))
+* 修复logo问题 ([7e483e6](https://github.com/certd/certd/commit/7e483e60913d509b113148c735fe13ba1d72dddf))
+
+### Performance Improvements
+
+* 增加警告，修复一些样式错乱问题 ([fd54c2f](https://github.com/certd/certd/commit/fd54c2ffac492222e85ff2f5f49a9ee5cfc73588))
+* ssh登录支持openssh格式私钥、支持私钥密码 ([5c2c508](https://github.com/certd/certd/commit/5c2c50839a9076004f9034d754ac6deb531acdfb))
+
 ## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)

 ### Bug Fixes
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -0,0 +1,30 @@
+# Certd Open Source License
+
+- This project is licensed under the **GNU Affero General Public License (AGPL)** with the following additional terms.  
+- 本项目遵循 GNU Affero General Public License（AGPL），并附加以下条款。
+
+## 1. License Terms ( 许可证条款 )
+
+1. **Freedom to Use** (自由使用)
+   - You are free to use, copy, modify, and distribute the source code of this project for personal or organizational use, provided that you comply with the terms of this license.
+   - 您可以自由使用、复制、修改和分发本项目的源代码，前提是您遵循本许可证的条款。
+
+2. **Modification for Personal Use** (个人使用的修改)
+   - Individuals and companies are allowed to modify the project according to their needs for non-commercial purposes. However, modifications to the logo, copyright information, or any code related to licensing are strictly prohibited.
+   - 个人和公司允许根据自身需求对本项目进行修改以供非商业用途。但任何对logo、版权信息或与许可相关代码的修改都是严格禁止的。
+
+3. **Commercial Authorization** (商业授权)
+   - If you wish to make any form of monetary gain from this project, you must first obtain commercial authorization from the original author. Users should contact the author directly to negotiate the relevant licensing terms.
+   - 如果您希望从本项目获得任何形式的经济收益，您必须首先从原作者处获得商业授权，用户应直接与作者联系，以协商相关许可条款。
+ 
+4. **Retention of Rights** (保留权利)
+   - All rights, title, and interest in the project remain with the original author.
+   - 本项目的所有权利、标题和利益仍归原作者所有。
+
+## 2. As a contributor ( 作为贡献者 )
+   - you should agree that your contributed code:
+   - 您应同意您贡献的代码：
+     1. - The original author can adjust the open-source agreement to be more strict or relaxed.
+        - 原作者可以调整开源协议以使其更严格或更宽松。
+     2. - Can be used for commercial purposes.
+        - 可用于商业用途。
--- a/README.md
+++ b/README.md
@@ -1,28 +1,39 @@
-# CertD
+# Certd

-CertD 是一个免费全自动申请和部署SSL证书的工具。       
-后缀D取自linux守护进程的命名风格，意为证书守护进程。    
+Certd 是一个免费全自动申请和自动部署更新SSL证书的工具。       
+后缀d取自linux守护进程的命名风格，意为证书守护进程。    
+
+关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签
+
+************************
+支持开源，为爱发电，我已入驻爱发电   
+https://afdian.com/a/greper
+
+发电权益：
+1. 可加入发电专属群（先加我好友，发送发电截图，我拉你进群）
+2. 你的需求优先实现
+3. 可以获得作者一对一技术支持
+4. 更多权益陆续增加中...
+************************

 ## 一、特性
-本项目不仅支持证书申请过程自动化，还可以自动化部署证书，让你的证书永不过期。     
+本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     

-* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare注册的域名）
-* 全自动部署证书（目前支持服务器上传部署、部署到阿里云、腾讯云等）
-* 支持通配符域名
-* 支持多个域名打到一个证书上
+* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare等各种途径注册的域名）
+* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等）
+* 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 证书自动更新
+* 私有化部署，保障安全
 * 免费、免费、免费（[阿里云单个通配符域名证书最便宜也要1800/年](https://yundun.console.aliyun.com/?p=cas#/certExtend/buy/cn-hangzhou)）


-
 ## 二、在线体验

 官方Demo地址，自助注册后体验    

 https://certd.handsfree.work/

-> 注意数据将不定期清理，生产使用请自行部署    
+> 注意数据将不定期清理，不定期停止定时任务，生产使用请自行部署    
 > 包含敏感信息，务必自己本地部署进行生产使用

 ## 三、使用教程
@@ -38,7 +49,9 @@ https://certd.handsfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     

-## 四、本地docker部署
+## 四、私有化部署
+
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全

 ### 1. 安装docker、docker-compose

@@ -47,76 +60,93 @@ https://certd.handsfree.work/
 * 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
  

-1.2 安装docker    
-https://docs.docker.com/engine/install/
+1.2 安装docker      

-1.3 安装docker-compose     
-https://docs.docker.com/compose/install/linux/
+https://docs.docker.com/engine/install/   
+选择对应的操作系统，按照官方文档执行命令即可   

-### 2. 下载docker-compose.yaml文件
+### 2. 运行certd

-[docker-compose.yaml下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+
+当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)

 ```bash
+# 随便创建一个目录
 mkdir certd
+# 进入目录
 cd certd
-# wget下载docker-compose.yaml文件
-wget https://raw.githubusercontent.com/certd/certd/v2/docker/run/docker-compose.yaml
-# 或者使用gitee地址
+# 下载docker-compose.yaml文件，或者手动下载放到certd目录下
 wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml

-# 根据需要修改里面的配置
+# 可以根据需要修改里面的配置
 # 1.修改镜像版本号【可选】
 # 2.配置数据保存路径【可选】
-# 3.配置certd_auth_jwt_secret【必须】
-vi docker-compose.yaml
+# 3.修改端口号【可选】
+vi docker-compose.yaml # 【可选】

-
-```
-> 镜像版本号与release版本号同步：    
-https://github.com/certd/certd/releases
-
-
-### 3. 运行
-```bash
-# 如果docker compose是插件化安装
-export CERTD_VERSION=latest
+# 启动certd
 docker compose up -d

-#如果docker compose是独立安装
-export CERTD_VERSION=latest
-docker-compose up -d
-
 ```
-### 4. 访问
+> 如果提示 没有compose命令,请安装docker-compose   
+> https://docs.docker.com/compose/install/linux/

-http://your_server_ip:7001 
-默认账号密码：admin/123456 
-记得修改密码
+#### 镜像说明：
+* certd镜像地址:
+  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
+
+* 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
+  * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
+
+![](./doc/images/action-build.jpg)


-### 5. 升级
+### 3. 访问

-* 修改版本号，重新运行 `docker compose up -d` 即可
-* 数据存在`/data/certd`目录下，不用担心数据丢失
+http://your_server_ip:7001    
+默认账号密码：admin/123456    
+记得修改密码   


+## 五、 升级
+如果使用固定版本号
+1. 修改`docker-compose.yaml`中的镜像版本号
+2. 运行 `docker compose up -d` 即可

-## 五、一些说明及问题处理
-### 1. 一些说明
+如果使用`latest`版本
+1. 重新拉取镜像 `docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` 
+2. 重新启动容器 `docker compose restart`
+
+> 数据默认存在`/data/certd`目录下，不用担心数据丢失   
+
+
+更新日志： [CHANGELOG](./CHANGELOG.md)
+
+
+## 六、一些说明
 * 本项目ssl证书提供商为letencrypt
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
  * http-01： 在网站根目录下放置一份txt文件
  * dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式
 * 证书续期：
-  * 实际上acme并没有续期概念。
-  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书。
+  * 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
+  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署

-### 2. 问题处理
-#### 2.1 忘记管理员密码   
+
+## 七、不同平台的设置说明
+
+* [Cloudflare](./doc/cf/cf.md)
+* [腾讯云](./doc/tencent/tencent.md)
+* [windows主机](./doc/host/host.md)
+* [google证书](./doc/google/google.md)
+
+
+## 八、问题处理
+### 7.1 忘记管理员密码   
 解决方法如下：
 1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPassword`改为`true`
 ```yaml
@@ -136,9 +166,9 @@ docker logs -f --tail 500 certd
 ```shell
 docker compose up -d
 ```
-5. 使用admin/123456登录系统，请及时修改管理员密码
+5. 使用`admin/123456`登录系统，请及时修改管理员密码

-## 六、联系作者
+## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
 * QQ群：141236433
 * 微信群：   
@@ -150,20 +180,39 @@ docker compose up -d
 <img height="230" src="./doc/images/me.png">
 </p>

-## 捐赠
-媳妇儿说：“一天到晚搞开源，也不管管老婆孩子！😡😡😡”        
-拜托各位捐赠支持一下，让媳妇儿开心开心，我也能有更多时间进行开源项目，感谢🙏🙏🙏
-<p align="center">
-<img height="380" src="./doc/images/donate.png">
-</p>
+## 十、捐赠
+支持开源，为爱发电，我已入驻爱发电   
+https://afdian.com/a/greper
+
+发电权益：
+1. 可加入发电专属群（先加我好友，发送发电截图，我拉你进群）
+2. 你的需求优先实现
+3. 可以获得作者一对一技术支持
+4. 更多权益陆续增加中...


-## 七、贡献代码
+## 十一、贡献代码

-[贡献插件教程](./plugin.md)
+1.  [贡献插件教程](./plugin.md)
+2. 作为贡献者，代表您同意您贡献的代码如下许可：
+   1. 可以调整开源协议以使其更严格或更宽松。
+   2. 可以用于商业用途。

+## 十二、 开源许可
+* 本项目遵循 GNU Affero General Public License（AGPL）开源协议。   
+* 允许个人和公司使用、复制、修改和分发本项目，禁止任何形式的商业用途 
+* 未获得商业授权情况下，禁止任何对logo、版权信息及授权许可相关代码的修改。
+* 如需商业授权，请联系作者。

-## 八、我的其他项目
+## 十三、我的其他项目（求Star）
 * [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
 * [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
 * [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
+
+
+
+## 十四、更新日志
+
+更新日志：[CHANGELOG](./CHANGELOG.md)
+
+
--- a/build.trigger
+++ b/build.trigger
@@ -0,0 +1 @@
+11:39
--- a/deploy.js
+++ b/deploy.js
@@ -1,6 +1,5 @@
 import http from 'axios'
 import fs from 'fs'
-
 //读取 packages/core/pipline/package.json的版本号
 import {default as packageJson} from './packages/core/pipeline/package.json' assert { type: "json" };

@@ -33,8 +32,9 @@ async function getPackages(directoryPath) {
 async function getAllPackages() {
    const base = await getPackages("./packages/core")
    const plugins = await getPackages("./packages/plugins")
+    const libs = await getPackages("./packages/libs")

-    return base.concat(plugins)
+    return base.concat(plugins).concat(libs)
 }

 async function sync() {
@@ -49,7 +49,7 @@ async function sync() {
            data: {}
        })
        console.log(`sync success:${pkg}`)
-        await sleep(100*1000)
+        await sleep(30*1000)
    }
 }

@@ -79,7 +79,7 @@ async function triggerBuild() {
            }
        })
        console.log(`webhook success:${webhook}`)
-        await sleep(10*60*1000)
+        await sleep(30*60*1000)
    }

 }
@@ -87,9 +87,9 @@ async function triggerBuild() {
 async function start() {
    // await build()
    console.log("等待60秒")
-    await sleep(200 * 1000)
+    await sleep(100* 1000)
    await sync()
-    await sleep(60 * 1000)
+    await sleep(100 * 1000)
    await triggerBuild()
 }

--- a/deploy.trigger
+++ b/deploy.trigger
@@ -0,0 +1 @@
+5
--- a/doc/cf/cf.md
+++ b/doc/cf/cf.md
@@ -0,0 +1,15 @@
+# Cloudflare 
+
+
+## CF Token申请
+
+### 申请地址：
+https://dash.cloudflare.com/profile/api-tokens
+
+### 权限设置：
+需要设置权限和资源范围  
+权限包括：Zone.Zone.edit, Zone.DNS.edit  
+资源范围：要包含对应域名，推荐直接设置为All Zones  
+最终效果如下，可以切换语言为英文对比如下图检查
+
+![](./cf_token.png)
--- a/doc/cf/cf_token.png
+++ b/doc/cf/cf_token.png
--- a/doc/google/google.md
+++ b/doc/google/google.md
@@ -0,0 +1,37 @@
+# google证书申请教程
+
+## 1、启用API
+打开如下链接，启用 API
+
+https://console.cloud.google.com/apis/library/publicca.googleapis.com
+
+打开该链接后点击“启用”，随后等待右侧出现“API已启用”则可以关闭该页。
+
+## 2、 申请Key
+随后打开“Google Cloud Shell”（在右上角点击激活CloudShell图标）。
+
+等待分配完成后在 Shell 窗口内输入如下命令：
+    
+```shell
+gcloud beta publicca external-account-keys create
+```
+此时会弹出“为 Cloud Shell 提供授权”，点击授权即可。
+
+执行完成后会返回类似如下输出；注意不要在没有收到 Google 的邮件时执行该命令，会返回命令不存在。
+
+```shell
+Created an external account key
+[b64MacKey: xxxxxxxxxxxxx
+keyId: xxxxxxxxx]
+```
+记录以上信息备用
+
+
+## 3、 创建证书流水线
+选择证书提供商为google， 开启使用代理
+
+## 4、 将key信息作为EAB授权信息
+google证书需要EAB授权， 使用第二步中的 keyId 和 b64MacKey 信息创建一条EAB授权记录      
+
+## 5、 其他就跟正常申请证书一样了
+
--- a/doc/host/host.md
+++ b/doc/host/host.md
@@ -0,0 +1,24 @@
+# 远程主机
+
+远程主机基于ssh协议，通过ssh连接远程主机，执行命令。
+
+## windows开启OpenSSH Server
+1. 安装OpenSSH Server
+请前往Microsoft官方文档查看如何开启openSSH
+https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#install-openssh-for-windows
+
+2. 启动OpenSSH Server服务
+```
+win+R  弹出运行对话框，输入 services.msc 打开服务管理器
+找到 OpenSSH SSH Server 
+启动ssh server服务，并且设置为自动启动
+```
+
+3. 测试ssh登录
+使用你常用的ssh客户端，连接你的windows主机，进行测试 
+
+```cmd
+# 如何确定你用户名
+C:\Users\xiaoj>
+          ↑↑↑↑---------这个就是windows ssh的登录用户名
+```
--- a/doc/images/15-2-email.png
+++ b/doc/images/15-2-email.png
--- a/doc/images/action-build.jpg
+++ b/doc/images/action-build.jpg
--- a/doc/tencent/dnspod-token.png
+++ b/doc/tencent/dnspod-token.png
--- a/doc/tencent/tencent-access.png
+++ b/doc/tencent/tencent-access.png
--- a/doc/tencent/tencent.md
+++ b/doc/tencent/tencent.md
@@ -0,0 +1,16 @@
+# 腾讯云
+
+
+## DNSPOD 授权设置
+目前腾讯云管理的域名的dns暂时只支持从DNSPOD进行设置    
+打开 https://console.dnspod.cn/account/token/apikey    
+然后按如下方式获取DNSPOD的授权
+![](./dnspod-token.png)
+
+
+## 腾讯云API密钥设置
+
+腾讯云其他部署需要API密钥，需要在腾讯云控制台进行设置   
+打开 https://console.cloud.tencent.com/cam/capi   
+然后按如下方式获取腾讯云的API密钥    
+![](./tencent-access.png)
--- a/docker/image/Dockerfile
+++ b/docker/image/Dockerfile
@@ -1,20 +0,0 @@
-FROM registry.cn-shenzhen.aliyuncs.com/handsfree/node:18-alpine
-EXPOSE 7001
-ENV NODE_ENV production
-ENV MIDWAY_SERVER_ENV production
-WORKDIR /app/
-#RUN npm install -g pnpm
-#RUN npm install cross-env -g  --registry=https://registry.npmmirror.com
-#RUN npm install pm2 -g  --registry=https://registry.npmmirror.com
-#RUN pm2 install pm2-logrotate
-ADD ./workspace/certd-server/ /app/
-RUN sed -i "s/workspace://g" "/app/package.json"
-RUN yarn install --production  --registry=https://registry.npmmirror.com
-#RUN yarn install --production
-RUN npm run build
-#CMD ["pm2-runtime", "start", "./bootstrap.js","--name", "certd","-i","1"]
-CMD ["npm", "run","start"]
-
-
-
-
--- a/docker/image/build.sh
+++ b/docker/image/build.sh
@@ -1,37 +0,0 @@
-#!/bin/bash
-set -e
-echo "请先输入一个版本号："
-read version
-
-echo "您输入的版本号是： $version"
-echo "登录aliyun镜像仓库"
-sudo docker login --username=252959493@qq.com registry.cn-shenzhen.aliyuncs.com
-
-build=$(pwd)
-cd ../../
-root=$(pwd)
-echo "安装依赖"
-#pnpm install --registry=https://registry.npmmirror.com
-pnpm install
-
-echo "client build"
-cd $root/packages/ui/certd-client
-pnpm run build
-echo "client build success"
-
-echo "server build"
-cd $root/packages/ui/certd-server
-pnpm run build
-echo "server build success"
-
-echo "rm node_modules"
-rm ./node_modules -rf
-
-echo "copy to workspace"
-mkdir -p $build/workspace/certd-server
-\cp ./* $build/workspace/certd-server -rf
-\cp ../certd-client/dist/* $build/workspace/certd-server/public/ -rf
-
-#export TAG=$version
-#sudo -E docker compose build
-#sudo -E docker compose push
--- a/docker/run/docker-compose.yaml
+++ b/docker/run/docker-compose.yaml
@@ -1,26 +1,34 @@
 version: '3.3'
 services:
  certd:
-    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 修改镜像版本号，或者干脆写成latest， 如果设置了环境变量 export CERTD_VERSION=latest，这里可以不修改
-    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${CERTD_VERSION}
+    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 镜像版本号，建议改成固定版本号【可选】
+    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
    container_name: certd # 容器名
    restart: unless-stopped # 自动重启
    volumes:
-      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 修改数据库以及证书存储路径【可选】
+      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下【可选】
      - /data/certd:/app/data
    ports: # 端口映射
-      #  ↓↓↓↓ 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号
+      #  ↓↓↓↓ ----------------------------------------------------------3、如果端口有冲突，可以修改第一个7001为其他不冲突的端口号【可选】
      - "7001:7001"
+    dns:
+      # 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
+      - 223.5.5.5
+      - 223.6.6.6
+      #  ↓↓↓↓ ----------------------------------------------------------如果你服务器部署在国外，可以用8.8.8.8替换上面的dns【可选】
+#      - 8.8.8.8
+#      - 8.8.4.4
    environment: # 环境变量
      - TZ=Asia/Shanghai
-      - certd_auth_jwt_secret=changeme
-                            #  ↑↑↑↑↑ ---------------------------------- 3、 修改成你的自定义密钥【必须，安全需要】
-      - certd_system_resetAdminPassword=false
-                                     #  ↑↑↑↑↑ 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
+      - certd_system_resetAdminPasswd=false
+                                     #  ↑↑↑↑↑---------------------------4、如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false【可选】
+      - certd_cron_immediateTriggerOnce=false
+                                     #  ↑↑↑↑↑---------------------------5、如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次【可选】
+      - VITE_APP_ICP_NO=
+                      #  ↑↑↑↑↑ -----------------------------------------6、这里可以设置备案号【可选】
      # 设置环境变量即可自定义certd配置
      # 服务端配置项见： packages/ui/certd-server/src/config/config.default.ts
      # 服务端配置规则： certd_ + 配置项, 点号用_代替
-      # 如jwt密钥配置为： auth.jwt.secret，则设置环境变量 certd_auth_jwt_secret=changeme

      # 客户端配置项见： packages/ui/certd-client/.env
      # 按实际名称配置环境变量即可，如： VITE_APP_API=http://localhost:7001
--- a/docker/run/run.sh
+++ b/docker/run/run.sh
@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-# 判断$CERTD_VERSION 是否存在
-if [ -n "$CERTD_VERSION" ]; then
-    echo "CERTD_VERSION is set = $CERTD_VERSION"
-else
-    echo "CERTD_VERSION is not set"
-    echo "请先输入一个版本号(如 1.0.6)："
-    read CERTD_VERSION
-fi
-
-echo "您输入的版本号是： $CERTD_VERSION"
-sudo -E docker compose up -d
--- a/lerna.json
+++ b/lerna.json
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.20.12"
+  "version": "1.24.0"
 }
--- a/package.json
+++ b/package.json
@@ -12,15 +12,18 @@
  "scripts": {
    "start": "lerna bootstrap --hoist",
    "i-all": "lerna link && lerna exec npm install  ",
-    "publish": "npm run prepublishOnly1  && lerna publish --conventional-commits && npm run afterpublishOnly && npm run deploy1",
-    "afterpublishOnly": "",
-    "prepublishOnly1": "npm run before-build && lerna run build ",
-    "before-build": "cd ./packages/core/acme-client && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
-    "deploy1": "node --experimental-json-modules deploy.js "
+    "publish": "npm run prepublishOnly2  && lerna publish --conventional-commits --create-release github && npm run afterpublishOnly",
+    "afterpublishOnly": "time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
+    "prepublishOnly1": "npm run check && lerna run build ",
+    "prepublishOnly2": "npm run check && npm run before-build && lerna run build ",
+    "before-build": "cd ./packages/core/pipeline && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
+    "deploy1": "node --experimental-json-modules deploy.js ",
+    "check": "node --experimental-json-modules publish-check.js",
+    "init": "lerna run build"
  },
  "license": "AGPL-3.0",
  "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
    "lodash": "^4.17.21"
  },
  "workspaces": [
--- a/packages/core/acme-client/.eslintrc.yml
+++ b/packages/core/acme-client/.eslintrc.yml
@@ -9,15 +9,8 @@ env:
 rules:
  indent: [2, 4, { SwitchCase: 1, VariableDeclarator: 1 }]
  brace-style: [2, 'stroustrup', { allowSingleLine: true }]
-  space-before-function-paren: [2, { anonymous: 'never', named: 'never' }]
  func-names: 0
-  prefer-destructuring: 0
-  object-curly-newline: 0
  class-methods-use-this: 0
-  wrap-iife: [2, 'inside']
  no-param-reassign: 0
-  comma-dangle: [2, 'never']
  max-len: [1, 200, 2, { ignoreUrls: true, ignoreComments: false }]
-  no-multiple-empty-lines: [2, { max: 2, maxBOF: 0, maxEOF: 0 }]
-  prefer-object-spread: 0
  import/no-useless-path-segments: 0
--- a/packages/core/acme-client/.github/scripts/tests-install-cts.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-cts.sh
@@ -5,8 +5,10 @@
 set -euo pipefail

 # Download and install
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv-linux-amd64.tar.gz" -O /tmp/pebble-challtestsrv.tar.gz
+tar zxvf /tmp/pebble-challtestsrv.tar.gz -C /tmp

+mv /tmp/pebble-challtestsrv-linux-amd64/linux/amd64/pebble-challtestsrv /usr/local/bin/pebble-challtestsrv
 chown root:root /usr/local/bin/pebble-challtestsrv
 chmod 0755 /usr/local/bin/pebble-challtestsrv

--- a/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
@@ -22,8 +22,10 @@ wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION
 wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${CONFIG_NAME}" -O /etc/pebble/pebble.json

 # Download and install Pebble
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble-linux-amd64.tar.gz" -O /tmp/pebble.tar.gz
+tar zxvf /tmp/pebble.tar.gz -C /tmp

+mv /tmp/pebble-linux-amd64/linux/amd64/pebble /usr/local/bin/pebble
 chown root:root /usr/local/bin/pebble
 chmod 0755 /usr/local/bin/pebble

--- a/packages/core/acme-client/.github/workflows/tests.yml
+++ b/packages/core/acme-client/.github/workflows/tests.yml
@@ -1,4 +1,3 @@
---
 name: test
 on: [push, pull_request]

@@ -9,10 +8,9 @@ jobs:

    strategy:
      matrix:
-        node: [16, 18, 20, 22]
+        node: [16, 18, 20]
        eab: [0, 1]

-
    #
    # Environment
    #
@@ -21,9 +19,9 @@ jobs:
      FORCE_COLOR: 1
      NPM_CONFIG_COLOR: always

-      PEBBLE_VERSION: 2.3.1
+      PEBBLE_VERSION: 2.6.0
      PEBBLE_ALTERNATE_ROOTS: 2
-      PEBBLECTS_VERSION: 2.3.1
+      PEBBLECTS_VERSION: 2.6.0
      PEBBLECTS_DNS_PORT: 8053
      COREDNS_VERSION: 1.11.1

@@ -41,7 +39,6 @@ jobs:
      ACME_HTTP_PORT: 5002
      ACME_HTTPS_PORT: 5003

-
    #
    # Pipeline
    #
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -3,6 +3,91 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.24.0](https://github.com/publishlab/node-acme-client/compare/v1.23.1...v1.24.0) (2024-08-25)
+
+### Bug Fixes
+
+* 修复成功后跳过之后丢失腾讯云证书id的bug ([37eb762](https://github.com/publishlab/node-acme-client/commit/37eb762afe25c5896b75dee25f32809f8426e7b7))
+* 修复创建流水线后立即运行时报no id错误的bug ([17ead54](https://github.com/publishlab/node-acme-client/commit/17ead547aab25333603980304aa3aad3db1f73d5))
+* 修复使用代理的情况下申请证书失败的bug ([95122e2](https://github.com/publishlab/node-acme-client/commit/95122e28609333f4df55c266e5434897954c0fb3))
+
+### Features
+
+* 支持google证书申请（需要使用代理） ([a593056](https://github.com/publishlab/node-acme-client/commit/a593056e79e99dd6a74f75b5eab621af7248cfbe))
+
+### Performance Improvements
+
+* 优化证书申请成功率 ([968c469](https://github.com/publishlab/node-acme-client/commit/968c4690a07f69c08dcb3d3a494da4e319627345))
+
+## [1.22.6](https://github.com/publishlab/node-acme-client/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.4](https://github.com/publishlab/node-acme-client/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/publishlab/node-acme-client/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+
+## [1.22.3](https://github.com/publishlab/node-acme-client/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.2](https://github.com/publishlab/node-acme-client/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.1](https://github.com/publishlab/node-acme-client/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.22.0](https://github.com/publishlab/node-acme-client/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/publishlab/node-acme-client/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+
+## [1.21.2](https://github.com/publishlab/node-acme-client/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.21.1](https://github.com/publishlab/node-acme-client/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.21.0](https://github.com/publishlab/node-acme-client/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/publishlab/node-acme-client/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/publishlab/node-acme-client/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/publishlab/node-acme-client/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 优化cname verify ([eba333d](https://github.com/publishlab/node-acme-client/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/publishlab/node-acme-client/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/publishlab/node-acme-client/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/publishlab/node-acme-client/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/publishlab/node-acme-client/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+
+## [1.20.14](https://github.com/publishlab/node-acme-client/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.13](https://github.com/publishlab/node-acme-client/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.20.12](https://github.com/publishlab/node-acme-client/compare/v1.20.10...v1.20.12) (2024-06-17)

 ### Bug Fixes
@@ -41,7 +126,13 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

 # Changelog

-## v5.3.1
+## v5.4.0 (2024-07-16)
+
+* `added` Directory URLs for [Google](https://cloud.google.com/certificate-manager/docs/overview) ACME provider
+* `fixed` Invalidate ACME provider directory cache after 24 hours
+* `fixed` Retry HTTP requests on server errors or when rate limited - [#89](https://github.com/publishlab/node-acme-client/issues/89)
+
+## v5.3.1 (2024-05-22)

 * `fixed` Allow `client.auto()` being called with an empty CSR common name
 * `fixed` Bug when calling `updateAccountKey()` with external account binding
@@ -49,7 +140,7 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 ## v5.3.0 (2024-02-05)

 * `added` Support and tests for satisfying `tls-alpn-01` challenges
-* `changed` Replace `jsrsasign` with `@peculiar/x509` for certificate and CSR generation and parsing
+* `changed` Replace `jsrsasign` with `@peculiar/x509` for certificate and CSR handling
 * `changed` Method `getChallengeKeyAuthorization()` now returns `$token.$thumbprint` when called with a `tls-alpn-01` challenge
    * Previously returned base64url encoded SHA256 digest of `$token.$thumbprint` erroneously
    * This change is not considered breaking since the previous behavior was incorrect
@@ -78,7 +169,7 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 * `fixed` Upgrade `axios@0.26.1`
 * `fixed` Upgrade `node-forge@1.3.0` - [CVE-2022-24771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771), [CVE-2022-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772), [CVE-2022-24773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773)

-## 4.2.4 (2022-03-19)
+## v4.2.4 (2022-03-19)

 * `fixed` Use SHA-256 when signing CSRs

--- a/packages/core/acme-client/README.md
+++ b/packages/core/acme-client/README.md
@@ -9,13 +9,13 @@ This module is written to handle communication with a Boulder/Let's Encrypt-styl

 ## Compatibility

-| acme-client   | Node.js   |                                           |
-| ------------- | --------- | ----------------------------------------- |
-| v5.x          | >= v16    | [Upgrade guide](docs/upgrade-v5.md)       |
-| v4.x          | >= v10    | [Changelog](CHANGELOG.md#v400-2020-05-29) |
-| v3.x          | >= v8     | [Changelog](CHANGELOG.md#v300-2019-07-13) |
-| v2.x          | >= v4     | [Changelog](CHANGELOG.md#v200-2018-04-02) |
-| v1.x          | >= v4     | [Changelog](CHANGELOG.md#v100-2017-10-20) |
+| acme-client | Node.js |                                           |
+| ----------- | ------- | ----------------------------------------- |
+| v5.x        | >= v16  | [Upgrade guide](docs/upgrade-v5.md)       |
+| v4.x        | >= v10  | [Changelog](CHANGELOG.md#v400-2020-05-29) |
+| v3.x        | >= v8   | [Changelog](CHANGELOG.md#v300-2019-07-13) |
+| v2.x        | >= v4   | [Changelog](CHANGELOG.md#v200-2018-04-02) |
+| v1.x        | >= v4   | [Changelog](CHANGELOG.md#v100-2017-10-20) |

 ## Table of contents

@@ -49,7 +49,7 @@ const accountPrivateKey = '<PEM encoded private key>';

 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: accountPrivateKey
+    accountKey: accountPrivateKey,
 });
 ```

@@ -59,6 +59,9 @@ const client = new acme.Client({
 acme.directory.buypass.staging;
 acme.directory.buypass.production;

+acme.directory.google.staging;
+acme.directory.google.production;
+
 acme.directory.letsencrypt.staging;
 acme.directory.letsencrypt.production;

@@ -75,8 +78,8 @@ const client = new acme.Client({
    accountKey: accountPrivateKey,
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```

@@ -90,7 +93,7 @@ In some cases, for example with some EAB providers, this account creation step m
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
    accountKey: accountPrivateKey,
-    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678'
+    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678',
 });
 ```

@@ -113,8 +116,7 @@ const privateRsaKey = await acme.crypto.createPrivateRsaKey();
 const privateEcdsaKey = await acme.crypto.createPrivateEcdsaKey();

 const [certificateKey, certificateCsr] = await acme.crypto.createCsr({
-    commonName: '*.example.com',
-    altNames: ['example.com']
+    altNames: ['example.com', '*.example.com'],
 });
 ```

@@ -139,7 +141,7 @@ const autoOpts = {
    email: 'test@example.com',
    termsOfServiceAgreed: true,
    challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
-    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
+    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {},
 };

 const certificate = await client.auto(autoOpts);
@@ -156,7 +158,7 @@ To modify challenge priority, provide a list of challenge types in `challengePri
 ```js
 await client.auto({
    ...,
-    challengePriority: ['http-01', 'dns-01']
+    challengePriority: ['http-01', 'dns-01'],
 });
 ```

@@ -171,7 +173,7 @@ To completely disable `acme-client`s internal challenge verification, enable `sk
 ```js
 await client.auto({
    ...,
-    skipChallengeVerification: true
+    skipChallengeVerification: true,
 });
 ```

@@ -185,14 +187,14 @@ For more fine-grained control you can interact with the ACME API using the metho
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });

 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: '*.example.com' }
-    ]
+        { type: 'dns', value: '*.example.com' },
+    ],
 });
 ```

@@ -207,7 +209,7 @@ const acme = require('acme-client');

 acme.axios.defaults.proxy = {
    host: '127.0.0.1',
-    port: 9000
+    port: 9000,
 };
 ```

--- a/packages/core/acme-client/build.md
+++ b/packages/core/acme-client/build.md
@@ -1 +1 @@
-23:08
+20:55
--- a/packages/core/acme-client/docs/client.md
+++ b/packages/core/acme-client/docs/client.md
@@ -63,7 +63,7 @@ Create ACME client instance
 ```js
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: 'Private key goes here'
+    accountKey: 'Private key goes here',
 });
 ```
 **Example**  
@@ -75,7 +75,7 @@ const client = new acme.Client({
    accountUrl: 'Optional account URL goes here',
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 });
 ```
 **Example**  
@@ -86,8 +86,8 @@ const client = new acme.Client({
    accountKey: 'Private key goes here',
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```
 <a name="AcmeClient+getTermsOfServiceUrl"></a>
@@ -145,7 +145,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
 Create a new account
 ```js
 const account = await client.createAccount({
-    termsOfServiceAgreed: true
+    termsOfServiceAgreed: true,
 });
 ```
 **Example**  
@@ -153,7 +153,7 @@ Create a new account with contact info
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccount"></a>
@@ -174,7 +174,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
 Update existing account
 ```js
 const account = await client.updateAccount({
-    contact: ['mailto:foo@example.com']
+    contact: ['mailto:foo@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccountKey"></a>
@@ -218,8 +218,8 @@ Create a new order
 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: 'test.example.com' }
-    ]
+        { type: 'dns', value: 'test.example.com' },
+    ],
 });
 ```
 <a name="AcmeClient+getOrder"></a>
@@ -452,7 +452,7 @@ Revoke certificate with reason
 ```js
 const certificate = { ... }; // Previously created certificate
 const result = await client.revokeCertificate(certificate, {
-    reason: 4
+    reason: 4,
 });
 ```
 <a name="AcmeClient+auto"></a>
@@ -479,7 +479,7 @@ Auto mode
 Order a certificate using auto mode
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });

 const certificate = await client.auto({
@@ -491,14 +491,14 @@ const certificate = await client.auto({
    },
    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
        // Clean up challenge here
-    }
+    },
 });
 ```
 **Example**  
 Order a certificate using auto mode with preferred chain
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });

 const certificate = await client.auto({
@@ -507,7 +507,7 @@ const certificate = await client.auto({
    termsOfServiceAgreed: true,
    preferredChain: 'DST Root CA X3',
    challengeCreateFn: async () => {},
-    challengeRemoveFn: async () => {}
+    challengeRemoveFn: async () => {},
 });
 ```
 <a name="Client"></a>
--- a/packages/core/acme-client/docs/crypto.md
+++ b/packages/core/acme-client/docs/crypto.md
@@ -239,29 +239,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -270,8 +271,9 @@ Certificate Signing Request with ECDSA private key
 const certificateKey = await acme.crypto.createPrivateEcdsaKey();

 const [, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
+```
 <a name="createAlpnCertificate"></a>

 ## createAlpnCertificate(authz, keyAuthorization, [keyPem]) ⇒ <code>Promise.&lt;Array.&lt;buffer&gt;&gt;</code>
@@ -298,6 +300,7 @@ Create a ALPN certificate with ECDSA private key
 ```js
 const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+```
 <a name="isAlpnCertificateAuthorizationValid"></a>

 ## isAlpnCertificateAuthorizationValid(certPem, keyAuthorization) ⇒ <code>boolean</code>
--- a/packages/core/acme-client/docs/forge.md
+++ b/packages/core/acme-client/docs/forge.md
@@ -222,29 +222,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -253,5 +254,5 @@ Certificate Signing Request with predefined private key
 const certificateKey = await acme.forge.createPrivateKey();

 const [, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
--- a/packages/core/acme-client/examples/api.js
+++ b/packages/core/acme-client/examples/api.js
@@ -8,7 +8,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }

-
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -25,7 +24,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }

-
 /**
 * Function used to remove an ACME challenge response
 *
@@ -41,30 +39,29 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }

-
 /**
 * Main
 */

-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });

    /* Register account */
    await client.createAccount({
        termsOfServiceAgreed: true,
-        contact: ['mailto:test@example.com']
+        contact: ['mailto:test@example.com'],
    });

    /* Place new order */
    const order = await client.createOrder({
        identifiers: [
            { type: 'dns', value: 'example.com' },
-            { type: 'dns', value: '*.example.com' }
-        ]
+            { type: 'dns', value: '*.example.com' },
+        ],
    });

    /**
@@ -138,8 +135,7 @@ module.exports = async function() {

    /* Finalize order */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: '*.example.com',
-        altNames: ['example.com']
+        altNames: ['example.com', '*.example.com'],
    });

    const finalized = await client.finalizeOrder(order, csr);
--- a/packages/core/acme-client/examples/auto.js
+++ b/packages/core/acme-client/examples/auto.js
@@ -9,7 +9,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }

-
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -47,7 +46,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    }
 }

-
 /**
 * Function used to remove an ACME challenge response
 *
@@ -80,25 +78,24 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {

        /* Replace this */
        log(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
-        // await dnsProvider.removeRecord(dnsRecord, 'TXT');
+        // await dnsProvider.removeRecord(dnsRecord, 'TXT', recordValue);
    }
 }

-
 /**
 * Main
 */

-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });

    /* Create CSR */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: 'example.com'
+        altNames: ['example.com'],
    });

    /* Certificate */
@@ -107,7 +104,7 @@ module.exports = async function() {
        email: 'test@example.com',
        termsOfServiceAgreed: true,
        challengeCreateFn,
-        challengeRemoveFn
+        challengeRemoveFn,
    });

    /* Done */
--- a/packages/core/acme-client/examples/dns-01/dns-01.js
+++ b/packages/core/acme-client/examples/dns-01/dns-01.js
@@ -19,7 +19,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * Main
 */
@@ -33,18 +32,16 @@ function log(m) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * Order wildcard certificate
         */

        log(`Creating CSR for ${WILDCARD_DOMAIN}`);
        const [key, csr] = await acme.crypto.createCsr({
-            commonName: WILDCARD_DOMAIN,
-            altNames: [`*.${WILDCARD_DOMAIN}`]
+            altNames: [WILDCARD_DOMAIN, `*.${WILDCARD_DOMAIN}`],
        });

        log(`Ordering certificate for ${WILDCARD_DOMAIN}`);
@@ -60,12 +57,11 @@ function log(m) {
            challengeRemoveFn: (authz, challenge, keyAuthorization) => {
                /* TODO: Implement this */
                log(`[TODO] Remove TXT record key=_acme-challenge.${authz.identifier.value} value=${keyAuthorization}`);
-            }
+            },
        });

        log(`Certificate for ${WILDCARD_DOMAIN} created successfully`);

-
        /**
         * HTTPS server
         */
@@ -78,7 +74,7 @@ function log(m) {

        const httpsServer = https.createServer({
            key,
-            cert
+            cert,
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/http-01/http-01.js
+++ b/packages/core/acme-client/examples/http-01/http-01.js
@@ -23,7 +23,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * On-demand certificate generation using http-01
 */
@@ -52,7 +51,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });

    /* Order certificate */
@@ -67,7 +66,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz, challenge) => {
            delete challengeResponses[challenge.token];
-        }
+        },
    });

    /* Done, store certificate */
@@ -77,7 +76,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }

-
 /**
 * Main
 */
@@ -91,10 +89,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * HTTP server
         */
@@ -129,7 +126,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`HTTP server listening on port ${HTTP_SERVER_PORT}`);
        });

-
        /**
         * HTTPS server
         */
@@ -158,7 +154,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
+++ b/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
@@ -22,7 +22,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * On-demand certificate generation using tls-alpn-01
 */
@@ -51,7 +50,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });

    /* Order certificate */
@@ -66,7 +65,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz) => {
            delete alpnResponses[authz.identifier.value];
-        }
+        },
    });

    /* Done, store certificate */
@@ -76,7 +75,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }

-
 /**
 * Main
 */
@@ -90,10 +88,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * ALPN responder
         */
@@ -118,14 +115,14 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`Found ALPN certificate for ${servername}, serving secure context`);
                    cb(null, tls.createSecureContext({
                        key: alpnResponses[servername][0],
-                        cert: alpnResponses[servername][1]
+                        cert: alpnResponses[servername][1],
                    }));
                }
                catch (e) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        });

        /* Terminate once TLS handshake has been established */
@@ -137,7 +134,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`ALPN responder listening on port ${ALPN_RESPONDER_PORT}`);
        });

-
        /**
         * HTTPS server
         */
@@ -166,7 +162,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.20.12",
+    "version": "1.24.0",
    "main": "src/index.js",
    "types": "types/index.d.ts",
    "license": "MIT",
@@ -16,24 +16,24 @@
        "types"
    ],
    "dependencies": {
-        "@peculiar/x509": "^1.9.7",
+        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
-        "axios": "^1.6.5",
-        "debug": "^4.1.1",
+        "axios": "^1.7.2",
+        "debug": "^4.3.5",
        "https-proxy-agent": "^7.0.4",
        "node-forge": "^1.3.1"
    },
    "devDependencies": {
-        "@types/node": "^20.11.5",
+        "@types/node": "^20.14.10",
        "chai": "^4.4.1",
-        "chai-as-promised": "^7.1.1",
-        "eslint": "^8.56.0",
+        "chai-as-promised": "^7.1.2",
+        "eslint": "^8.57.0",
        "eslint-config-airbnb-base": "^15.0.0",
        "eslint-plugin-import": "^2.29.1",
-        "jsdoc-to-markdown": "^8.0.0",
-        "mocha": "^10.2.0",
-        "nock": "^13.5.0",
-        "tsd": "^0.30.4",
+        "jsdoc-to-markdown": "^8.0.1",
+        "mocha": "^10.6.0",
+        "nock": "^13.5.4",
+        "tsd": "^0.31.1",
        "typescript": "^4.8.4",
        "uuid": "^8.3.2"
    },
@@ -59,5 +59,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "a31f1c7f5e71fa946de9bf0283e11d6ce049b3e9"
+    "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }
--- a/packages/core/acme-client/src/api.js
+++ b/packages/core/acme-client/src/api.js
@@ -3,7 +3,7 @@
 */

 const util = require('./util');
-
+const { log } = require('./logger');

 /**
 * AcmeApi
@@ -18,6 +18,20 @@ class AcmeApi {
        this.accountUrl = accountUrl;
    }

+    getLocationFromHeader(resp) {
+        let locationUrl = resp.headers.location;
+        const mapping = this.http.urlMapping;
+        if (mapping.mappings) {
+            // eslint-disable-next-line guard-for-in,no-restricted-syntax
+            for (const key in mapping.mappings) {
+                const url = mapping.mappings[key];
+                if (locationUrl.indexOf(url) > -1) {
+                    locationUrl = locationUrl.replace(url, key);
+                }
+            }
+        }
+        return locationUrl;
+    }

    /**
     * Get account URL
@@ -34,7 +48,6 @@ class AcmeApi {
        return this.accountUrl;
    }

-
    /**
     * ACME API request
     *
@@ -59,7 +72,6 @@ class AcmeApi {
        return resp;
    }

-
    /**
     * ACME API request by resource name helper
     *
@@ -78,7 +90,6 @@ class AcmeApi {
        return this.apiRequest(resourceUrl, payload, validStatusCodes, { includeJwsKid, includeExternalAccountBinding });
    }

-
    /**
     * Get Terms of Service URL if available
     *
@@ -91,7 +102,6 @@ class AcmeApi {
        return this.http.getMetaField('termsOfService');
    }

-
    /**
     * Create new account
     *
@@ -104,18 +114,17 @@ class AcmeApi {
    async createAccount(data) {
        const resp = await this.apiResourceRequest('newAccount', data, [200, 201], {
            includeJwsKid: false,
-            includeExternalAccountBinding: (data.onlyReturnExisting !== true)
+            includeExternalAccountBinding: (data.onlyReturnExisting !== true),
        });

        /* Set account URL */
        if (resp.headers.location) {
-            this.accountUrl = resp.headers.location;
+            this.accountUrl = this.getLocationFromHeader(resp);
        }

        return resp;
    }

-
    /**
     * Update account
     *
@@ -129,7 +138,6 @@ class AcmeApi {
        return this.apiRequest(this.getAccountUrl(), data, [200, 202]);
    }

-
    /**
     * Update account key
     *
@@ -143,7 +151,6 @@ class AcmeApi {
        return this.apiResourceRequest('keyChange', data, [200]);
    }

-
    /**
     * Create new order
     *
@@ -157,7 +164,6 @@ class AcmeApi {
        return this.apiResourceRequest('newOrder', data, [201]);
    }

-
    /**
     * Get order
     *
@@ -171,7 +177,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }

-
    /**
     * Finalize order
     *
@@ -186,7 +191,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Get identifier authorization
     *
@@ -200,7 +204,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }

-
    /**
     * Update identifier authorization
     *
@@ -215,7 +218,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Complete challenge
     *
@@ -230,7 +232,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Revoke certificate
     *
@@ -245,6 +246,5 @@ class AcmeApi {
    }
 }

-
 /* Export API */
 module.exports = AcmeApi;
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@@ -4,6 +4,7 @@

 const { readCsrDomains } = require('./crypto');
 const { log } = require('./logger');
+const { wait } = require('./wait');

 const defaultOpts = {
    csr: null,
@@ -13,10 +14,9 @@ const defaultOpts = {
    skipChallengeVerification: false,
    challengePriority: ['http-01', 'dns-01'],
    challengeCreateFn: async () => { throw new Error('Missing challengeCreateFn()'); },
-    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); }
+    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); },
 };

-
 /**
 * ACME client auto mode
 *
@@ -25,8 +25,8 @@ const defaultOpts = {
 * @returns {Promise<buffer>} Certificate
 */

-module.exports = async function(client, userOpts) {
-    const opts = Object.assign({}, defaultOpts, userOpts);
+module.exports = async (client, userOpts) => {
+    const opts = { ...defaultOpts, ...userOpts };
    const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };

    if (!Buffer.isBuffer(opts.csr)) {
@@ -36,7 +36,9 @@ module.exports = async function(client, userOpts) {
    if (opts.email) {
        accountPayload.contact = [`mailto:${opts.email}`];
    }
-
+    if (opts.externalAccountBinding) {
+        accountPayload.externalAccountBinding = opts.externalAccountBinding;
+    }

    /**
     * Register account
@@ -53,7 +55,6 @@ module.exports = async function(client, userOpts) {
        await client.createAccount(accountPayload);
    }

-
    /**
     * Parse domains from CSR
     */
@@ -64,7 +65,6 @@ module.exports = async function(client, userOpts) {

    log(`[auto] Resolved ${uniqueDomains.length} unique domains from parsing the Certificate Signing Request`);

-
    /**
     * Place order
     */
@@ -76,7 +76,6 @@ module.exports = async function(client, userOpts) {

    log(`[auto] Placed certificate order successfully, received ${authorizations.length} identity authorizations`);

-
    /**
     * Resolve and satisfy challenges
     */
@@ -118,29 +117,7 @@ module.exports = async function(client, userOpts) {
            let recordItem = null;
            try {
                recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
-
-                // throw new Error('测试异常');
-                /* Challenge verification */
-                if (opts.skipChallengeVerification === true) {
-                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true`);
-                }
-                else {
-                    log(`[auto] [${d}] Running challenge verification`);
-                    await client.verifyChallenge(authz, challenge);
-                }
-
-                /* Complete challenge and wait for valid status */
-                log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`);
-                await client.completeChallenge(challenge);
-                challengeCompleted = true;
-
-                await client.waitForValidStatus(challenge);
-            }
-            catch (e) {
-                log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
-                throw e;
-            }
-            finally {
+                log(`[auto] [${d}] challengeCreateFn success`);
                log(`[auto] [${d}] add challengeRemoveFn()`);
                clearTasks.push(async () => {
                    /* Trigger challengeRemoveFn(), suppress errors */
@@ -152,6 +129,31 @@ module.exports = async function(client, userOpts) {
                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
                    }
                });
+                // throw new Error('测试异常');
+                /* Challenge verification */
+                if (opts.skipChallengeVerification === true) {
+                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true，wait 60s`);
+                    await wait(60 * 1000);
+                }
+                else {
+                    log(`[auto] [${d}] Running challenge verification`);
+                    try {
+                        await client.verifyChallenge(authz, challenge);
+                    }
+                    catch (e) {
+                        log(`[auto] [${d}] challenge verification threw error: ${e.message}`);
+                    }
+                }
+                /* Complete challenge and wait for valid status */
+                log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`);
+                await client.completeChallenge(challenge);
+                challengeCompleted = true;
+
+                await client.waitForValidStatus(challenge);
+            }
+            catch (e) {
+                log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
+                throw e;
            }
        }
        catch (e) {
@@ -172,12 +174,41 @@ module.exports = async function(client, userOpts) {
            throw e;
        }
    };
+    const domainSets = [];

-    const challengePromises = authorizations.map((authz) => async () => {
-        await challengeFunc(authz);
+    authorizations.forEach((authz) => {
+        const d = authz.identifier.value;
+        let setd = false;
+        // eslint-disable-next-line no-restricted-syntax
+        for (const group of domainSets) {
+            if (!group[d]) {
+                group[d] = authz;
+                setd = true;
+            }
+        }
+        if (!setd) {
+            const group = {};
+            group[d] = authz;
+            domainSets.push(group);
+        }
    });

+    const allChallengePromises = [];
+    // eslint-disable-next-line no-restricted-syntax
+    for (const domainSet of domainSets) {
+        const challengePromises = [];
+        // eslint-disable-next-line guard-for-in,no-restricted-syntax
+        for (const domain in domainSet) {
+            const authz = domainSet[domain];
+            challengePromises.push(async () => {
+                log(`[auto] [${domain}] Starting challenge`);
+                await challengeFunc(authz);
+            });
+        }
+        allChallengePromises.push(challengePromises);
+    }

+    log(`[auto] challengeGroups:${allChallengePromises.length}`);
    function runAllPromise(tasks) {
        let promise = Promise.resolve();
        tasks.forEach((task) => {
@@ -186,15 +217,30 @@ module.exports = async function(client, userOpts) {
        return promise;
    }

-    // function runPromisePa(tasks) {
-    //     return Promise.all(tasks.map((task) => task()));
-    // }
-
+    async function runPromisePa(tasks) {
+        const results = [];
+        // eslint-disable-next-line no-await-in-loop,no-restricted-syntax
+        for (const task of tasks) {
+            results.push(task());
+            // eslint-disable-next-line no-await-in-loop
+            await wait(10000);
+        }
+        return Promise.all(results);
+    }

    try {
-        log('开始challenge');
-        await runAllPromise(challengePromises);
-
+        log(`开始challenge，共${allChallengePromises.length}组`);
+        let i = 0;
+        // eslint-disable-next-line no-restricted-syntax
+        for (const challengePromises of allChallengePromises) {
+            i += 1;
+            log(`开始第${i}组`);
+            if (opts.signal && opts.signal.aborted) {
+                throw new Error('用户取消');
+            }
+            // eslint-disable-next-line no-await-in-loop
+            await runPromisePa(challengePromises);
+        }
        log('challenge结束');

        // log('[auto] Waiting for challenge valid status');
@@ -210,11 +256,18 @@ module.exports = async function(client, userOpts) {
    }
    catch (e) {
        log('证书申请失败');
-        throw e;
+        log(e);
+        throw new Error(`证书申请失败:${e.message}`);
    }
    finally {
        log(`清理challenge痕迹，length:${clearTasks.length}`);
-        await runAllPromise(clearTasks);
+        try {
+            await runAllPromise(clearTasks);
+        }
+        catch (e) {
+            log('清理challenge失败');
+            log(e);
+        }
    }

    // try {
--- a/packages/core/acme-client/src/axios.js
+++ b/packages/core/acme-client/src/axios.js
@@ -3,11 +3,14 @@
 */

 const axios = require('axios');
+const { parseRetryAfterHeader } = require('./util');
+const { log } = require('./logger');
 const pkg = require('./../package.json');

+const { AxiosError } = axios;

 /**
- * Instance
+ * Defaults
 */

 const instance = axios.create();
@@ -19,9 +22,11 @@ instance.defaults.headers.common['User-Agent'] = `node-${pkg.name}/${pkg.version
 instance.defaults.acmeSettings = {
    httpChallengePort: 80,
    httpsChallengePort: 443,
-    tlsAlpnChallengePort: 443
-};
+    tlsAlpnChallengePort: 443,

+    retryMaxAttempts: 5,
+    retryDefaultDelay: 5,
+};
 // instance.defaults.proxy = {
 //     host: '192.168.34.139',
 //     port: 10811
@@ -35,6 +40,84 @@ instance.defaults.acmeSettings = {

 instance.defaults.adapter = 'http';

+/**
+ * Retry requests on server errors or when rate limited
+ *
+ * https://datatracker.ietf.org/doc/html/rfc8555#section-6.6
+ */
+
+function isRetryableError(error) {
+    return (error.code !== 'ECONNABORTED')
+        && (error.code !== 'ERR_NOCK_NO_MATCH')
+        && (!error.response
+            || (error.response.status === 429)
+            || ((error.response.status >= 500) && (error.response.status <= 599)));
+}
+
+/* https://github.com/axios/axios/blob/main/lib/core/settle.js */
+function validateStatus(response) {
+    const validator = response.config.retryValidateStatus;
+
+    if (!response.status || !validator || validator(response.status)) {
+        return response;
+    }
+
+    throw new AxiosError(
+        `Request failed with status code ${response.status}`,
+        (Math.floor(response.status / 100) === 4) ? AxiosError.ERR_BAD_REQUEST : AxiosError.ERR_BAD_RESPONSE,
+        response.config,
+        response.request,
+        response,
+    );
+}
+
+/* Pass all responses through the error interceptor */
+instance.interceptors.request.use((config) => {
+    if (!('retryValidateStatus' in config)) {
+        config.retryValidateStatus = config.validateStatus;
+    }
+
+    config.validateStatus = () => false;
+    return config;
+});
+
+/* Handle request retries if applicable */
+instance.interceptors.response.use(null, async (error) => {
+    const { config, response } = error;
+
+    if (!config) {
+        return Promise.reject(error);
+    }
+
+    /* Pick up errors we want to retry */
+    if (isRetryableError(error)) {
+        const { retryMaxAttempts, retryDefaultDelay } = instance.defaults.acmeSettings;
+        config.retryAttempt = ('retryAttempt' in config) ? (config.retryAttempt + 1) : 1;
+
+        if (config.retryAttempt <= retryMaxAttempts) {
+            const code = response ? `HTTP ${response.status}` : error.code;
+            log(`Caught ${code}, retry attempt ${config.retryAttempt}/${retryMaxAttempts} to URL ${config.url}`);
+
+            /* Attempt to parse Retry-After header, fallback to default delay */
+            let retryAfter = response ? parseRetryAfterHeader(response.headers['retry-after']) : 0;
+
+            if (retryAfter > 0) {
+                log(`Found retry-after response header with value: ${response.headers['retry-after']}, waiting ${retryAfter} seconds`);
+            }
+            else {
+                retryAfter = (retryDefaultDelay * config.retryAttempt);
+                log(`Unable to locate or parse retry-after response header, waiting ${retryAfter} seconds`);
+            }
+
+            /* Wait and retry the request */
+            await new Promise((resolve) => { setTimeout(resolve, (retryAfter * 1000)); });
+            return instance(config);
+        }
+    }
+
+    /* Validate and return response */
+    return validateStatus(response);
+});

 /**
 * Export instance
--- a/packages/core/acme-client/src/client.js
+++ b/packages/core/acme-client/src/client.js
@@ -13,7 +13,6 @@ const verify = require('./verify');
 const util = require('./util');
 const auto = require('./auto');

-
 /**
 * ACME states
 *
@@ -24,7 +23,6 @@ const validStates = ['ready', 'valid'];
 const pendingStates = ['pending', 'processing'];
 const invalidStates = ['invalid'];

-
 /**
 * Default options
 *
@@ -38,10 +36,9 @@ const defaultOpts = {
    externalAccountBinding: {},
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 };

-
 /**
 * AcmeClient
 *
@@ -61,7 +58,7 @@ const defaultOpts = {
 * ```js
 * const client = new acme.Client({
 *     directoryUrl: acme.directory.letsencrypt.staging,
- *     accountKey: 'Private key goes here'
+ *     accountKey: 'Private key goes here',
 * });
 * ```
 *
@@ -73,7 +70,7 @@ const defaultOpts = {
 *     accountUrl: 'Optional account URL goes here',
 *     backoffAttempts: 10,
 *     backoffMin: 5000,
- *     backoffMax: 30000
+ *     backoffMax: 30000,
 * });
 * ```
 *
@@ -84,8 +81,8 @@ const defaultOpts = {
 *     accountKey: 'Private key goes here',
 *     externalAccountBinding: {
 *         kid: 'YOUR-EAB-KID',
- *         hmacKey: 'YOUR-EAB-HMAC-KEY'
- *     }
+ *         hmacKey: 'YOUR-EAB-HMAC-KEY',
+ *     },
 * });
 * ```
 */
@@ -96,19 +93,17 @@ class AcmeClient {
            opts.accountKey = Buffer.from(opts.accountKey);
        }

-        this.opts = Object.assign({}, defaultOpts, opts);
-
+        this.opts = { ...defaultOpts, ...opts };
        this.backoffOpts = {
            attempts: this.opts.backoffAttempts,
            min: this.opts.backoffMin,
-            max: this.opts.backoffMax
+            max: this.opts.backoffMax,
        };

-        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding);
+        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping);
        this.api = new AcmeApi(this.http, this.opts.accountUrl);
    }

-
    /**
     * Get Terms of Service URL if available
     *
@@ -128,7 +123,6 @@ class AcmeClient {
        return this.api.getTermsOfServiceUrl();
    }

-
    /**
     * Get current account URL
     *
@@ -150,7 +144,6 @@ class AcmeClient {
        return this.api.getAccountUrl();
    }

-
    /**
     * Create a new account
     *
@@ -162,7 +155,7 @@ class AcmeClient {
     * @example Create a new account
     * ```js
     * const account = await client.createAccount({
-     *     termsOfServiceAgreed: true
+     *     termsOfServiceAgreed: true,
     * });
     * ```
     *
@@ -170,7 +163,7 @@ class AcmeClient {
     * ```js
     * const account = await client.createAccount({
     *     termsOfServiceAgreed: true,
-     *     contact: ['mailto:test@example.com']
+     *     contact: ['mailto:test@example.com'],
     * });
     * ```
     */
@@ -196,7 +189,6 @@ class AcmeClient {
        }
    }

-
    /**
     * Update existing account
     *
@@ -208,7 +200,7 @@ class AcmeClient {
     * @example Update existing account
     * ```js
     * const account = await client.updateAccount({
-     *     contact: ['mailto:foo@example.com']
+     *     contact: ['mailto:foo@example.com'],
     * });
     * ```
     */
@@ -236,7 +228,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Update account private key
     *
@@ -282,7 +273,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Create a new order
     *
@@ -296,8 +286,8 @@ class AcmeClient {
     * const order = await client.createOrder({
     *     identifiers: [
     *         { type: 'dns', value: 'example.com' },
-     *         { type: 'dns', value: 'test.example.com' }
-     *     ]
+     *         { type: 'dns', value: 'test.example.com' },
+     *     ],
     * });
     * ```
     */
@@ -310,11 +300,11 @@ class AcmeClient {
        }

        /* Add URL to response */
-        resp.data.url = resp.headers.location;
+        resp.data.url = this.api.getLocationFromHeader(resp);
+
        return resp.data;
    }

-
    /**
     * Refresh order object from CA
     *
@@ -376,7 +366,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Get identifier authorizations from order
     *
@@ -406,7 +395,6 @@ class AcmeClient {
        }));
    }

-
    /**
     * Deactivate identifier authorization
     *
@@ -427,10 +415,7 @@ class AcmeClient {
            throw new Error('Unable to deactivate identifier authorization, URL not found');
        }

-        const data = {
-            status: 'deactivated'
-        };
-
+        const data = { status: 'deactivated' };
        const resp = await this.api.updateAuthorization(authz.url, data);

        /* Add URL to response */
@@ -438,7 +423,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Get key authorization for ACME challenge
     *
@@ -480,7 +464,6 @@ class AcmeClient {
        throw new Error(`Unable to produce key authorization, unknown challenge type: ${challenge.type}`);
    }

-
    /**
     * Verify that ACME challenge is satisfied
     *
@@ -508,6 +491,9 @@ class AcmeClient {
        const keyAuthorization = await this.getChallengeKeyAuthorization(challenge);

        const verifyFn = async () => {
+            if (this.opts.signal && this.opts.signal.aborted) {
+                throw new Error('用户取消');
+            }
            await verify[challenge.type](authz, challenge, keyAuthorization);
        };

@@ -515,7 +501,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }

-
    /**
     * Notify CA that challenge has been completed
     *
@@ -532,11 +517,13 @@ class AcmeClient {
     */

    async completeChallenge(challenge) {
+        if (this.opts.signal && this.opts.signal.aborted) {
+            throw new Error('用户取消');
+        }
        const resp = await this.api.completeChallenge(challenge.url, {});
        return resp.data;
    }

-
    /**
     * Wait for ACME provider to verify status on a order, authorization or challenge
     *
@@ -570,6 +557,10 @@ class AcmeClient {
        }

        const verifyFn = async (abort) => {
+            if (this.opts.signal && this.opts.signal.aborted) {
+                throw new Error('用户取消');
+            }
+
            const resp = await this.api.apiRequest(item.url, null, [200]);

            /* Verify status */
@@ -593,7 +584,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }

-
    /**
     * Get certificate from ACME order
     *
@@ -640,7 +630,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Revoke certificate
     *
@@ -660,7 +649,7 @@ class AcmeClient {
     * ```js
     * const certificate = { ... }; // Previously created certificate
     * const result = await client.revokeCertificate(certificate, {
-     *     reason: 4
+     *     reason: 4,
     * });
     * ```
     */
@@ -671,7 +660,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Auto mode
     *
@@ -689,7 +677,7 @@ class AcmeClient {
     * @example Order a certificate using auto mode
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -701,14 +689,14 @@ class AcmeClient {
     *     },
     *     challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
     *         // Clean up challenge here
-     *     }
+     *     },
     * });
     * ```
     *
     * @example Order a certificate using auto mode with preferred chain
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -717,7 +705,7 @@ class AcmeClient {
     *     termsOfServiceAgreed: true,
     *     preferredChain: 'DST Root CA X3',
     *     challengeCreateFn: async () => {},
-     *     challengeRemoveFn: async () => {}
+     *     challengeRemoveFn: async () => {},
     * });
     * ```
     */
@@ -727,6 +715,5 @@ class AcmeClient {
    }
 }

-
 /* Export client */
 module.exports = AcmeClient;
--- a/packages/core/acme-client/src/crypto/forge.js
+++ b/packages/core/acme-client/src/crypto/forge.js
@@ -10,10 +10,10 @@
 const net = require('net');
 const { promisify } = require('util');
 const forge = require('node-forge');
+const { createPrivateEcdsaKey, getPublicKey } = require('./index');

 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);

-
 /**
 * Attempt to parse forge object from PEM encoded string
 *
@@ -54,7 +54,6 @@ function forgeObjectFromPem(input) {
    return result;
 }

-
 /**
 * Parse domain names from a certificate or CSR
 *
@@ -93,11 +92,10 @@ function parseDomains(obj) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Generate a private RSA key
 *
@@ -123,7 +121,6 @@ async function createPrivateKey(size = 2048) {

 exports.createPrivateKey = createPrivateKey;

-
 /**
 * Create public key from a private RSA key
 *
@@ -136,14 +133,13 @@ exports.createPrivateKey = createPrivateKey;
 * ```
 */

-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
    const privateKey = forge.pki.privateKeyFromPem(key);
    const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
    const pemKey = forge.pki.publicKeyToPem(publicKey);
    return Buffer.from(pemKey);
 };

-
 /**
 * Parse body of PEM encoded object from buffer or string
 * If multiple objects are chained, the first body will be returned
@@ -157,7 +153,6 @@ exports.getPemBody = (str) => {
    return forge.util.encode64(msg.body);
 };

-
 /**
 * Split chain of PEM encoded objects from buffer or string into array
 *
@@ -167,7 +162,6 @@ exports.getPemBody = (str) => {

 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);

-
 /**
 * Get modulus
 *
@@ -182,7 +176,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 * ```
 */

-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -191,7 +185,6 @@ exports.getModulus = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };

-
 /**
 * Get public exponent
 *
@@ -206,7 +199,7 @@ exports.getModulus = async function(input) {
 * ```
 */

-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -215,7 +208,6 @@ exports.getPublicExponent = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -231,7 +223,7 @@ exports.getPublicExponent = async function(input) {
 * ```
 */

-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
    if (!Buffer.isBuffer(csr)) {
        csr = Buffer.from(csr);
    }
@@ -240,7 +232,6 @@ exports.readCsrDomains = async function(csr) {
    return parseDomains(obj);
 };

-
 /**
 * Read information from a certificate
 *
@@ -260,7 +251,7 @@ exports.readCsrDomains = async function(csr) {
 * ```
 */

-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
    if (!Buffer.isBuffer(cert)) {
        cert = Buffer.from(cert);
    }
@@ -270,15 +261,14 @@ exports.readCertificateInfo = async function(cert) {

    return {
        issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
        },
        domains: parseDomains(obj),
        notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
    };
 };

-
 /**
 * Determine ASN.1 type for CSR subject short name
 * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +289,6 @@ function getCsrValueTagClass(shortName) {
    }
 }

-
 /**
 * Create array of short names and values for Certificate Signing Request subjects
 *
@@ -319,7 +308,6 @@ function createCsrSubject(subjectObj) {
    }, []);
 }

-
 /**
 * Create array of alt names for Certificate Signing Requests
 * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +324,6 @@ function formatCsrAltNames(altNames) {
    });
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -356,29 +343,30 @@ function formatCsrAltNames(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -387,17 +375,21 @@ function formatCsrAltNames(altNames) {
 * const certificateKey = await acme.forge.createPrivateKey();
 *
 * const [, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
 */

-exports.createCsr = async function(data, key = null) {
-    if (!key) {
+exports.createCsr = async (data, keyType = null) => {
+    let key = null;
+    if (keyType === 'ec') {
+        key = await createPrivateEcdsaKey();
+    }
+    else {
        key = await createPrivateKey(data.keySize);
    }
-    else if (!Buffer.isBuffer(key)) {
-        key = Buffer.from(key);
-    }
+    // else if (!Buffer.isBuffer(key)) {
+    //     key = Buffer.from(key);
+    // }

    if (typeof data.altNames === 'undefined') {
        data.altNames = [];
@@ -409,6 +401,8 @@ exports.createCsr = async function(data, key = null) {
    const privateKey = forge.pki.privateKeyFromPem(key);
    const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
    csr.publicKey = publicKey;
+    // const privateKey = key;
+    // csr.publicKey = getPublicKey(key);

    /* Ensure subject common name is present in SAN - https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf */
    if (data.commonName && !data.altNames.includes(data.commonName)) {
@@ -423,7 +417,7 @@ exports.createCsr = async function(data, key = null) {
        L: data.locality,
        O: data.organization,
        OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
    });

    csr.setSubject(subject);
@@ -434,8 +428,8 @@ exports.createCsr = async function(data, key = null) {
            name: 'extensionRequest',
            extensions: [{
                name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
-            }]
+                altNames: formatCsrAltNames(data.altNames),
+            }],
        }]);
    }

--- a/packages/core/acme-client/src/crypto/index.js
+++ b/packages/core/acme-client/src/crypto/index.js
@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';

-
 /**
 * Determine key type and info by attempting to derive public key
 *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
    const result = {
        isRSA: false,
        isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
    };

    if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
    return result;
 }

-
 /**
 * Generate a private RSA key
 *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
        modulusLength,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {

 exports.createPrivateRsaKey = createPrivateRsaKey;

-
 /**
 * Alias of `createPrivateRsaKey()`
 *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;

 exports.createPrivateKey = createPrivateRsaKey;

-
 /**
 * Generate a private ECDSA key
 *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
        namedCurve,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
 };

-
 /**
 * Get a public key derived from a RSA or ECDSA key
 *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {

    const publicKey = info.publicKey.export({
        type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
    });

    return Buffer.from(publicKey);
 };

-
 /**
 * Get a JSON Web Key derived from a RSA or ECDSA key
 *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {

 function getJwk(keyPem) {
    const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
    });

    /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {

 exports.getJwk = getJwk;

-
 /**
 * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
 *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
    /* Signing algorithm */
    const sigalg = {
        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
    };

    if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
    return [{ privateKey, publicKey }, sigalg];
 }

-
 /**
 * Split chain of PEM encoded objects from string into array
 *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {

 exports.splitPemChain = splitPemChain;

-
 /**
 * Parse body of PEM encoded object and return a Base64URL string
 * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
    return Buffer.from(dec).toString('base64url');
 };

-
 /**
 * Parse domains from a certificate or CSR
 *
@@ -277,11 +267,10 @@ function parseDomains(input) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
    return parseDomains(csr);
 };

-
 /**
 * Read information from a certificate
 * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {

    return {
        issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
        },
        domains: parseDomains(cert),
        notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
    };
 };

-
 /**
 * Determine ASN.1 character string type for CSR subject field name
 *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
    }
 }

-
 /**
 * Create array of subject fields for a Certificate Signing Request
 *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
    }, []);
 }

-
 /**
 * Create x509 subject alternate name extension
 *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
    }));
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -429,29 +413,30 @@ function createSubjectAltNameExtension(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -460,8 +445,9 @@ function createSubjectAltNameExtension(altNames) {
 * const certificateKey = await acme.crypto.createPrivateEcdsaKey();
 *
 * const [, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
+ * ```
 */

 exports.createCsr = async (data, keyPem = null) => {
@@ -489,7 +475,7 @@ exports.createCsr = async (data, keyPem = null) => {
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
    ];

    /* Create CSR */
@@ -504,8 +490,8 @@ exports.createCsr = async (data, keyPem = null) => {
            L: data.locality,
            O: data.organization,
            OU: data.organizationUnit,
-            E: data.emailAddress
-        })
+            E: data.emailAddress,
+        }),
    });

    /* Done */
@@ -513,7 +499,6 @@ exports.createCsr = async (data, keyPem = null) => {
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
 *
@@ -533,6 +518,7 @@ exports.createCsr = async (data, keyPem = null) => {
 * ```js
 * const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 * const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+ * ```
 */

 exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) => {
@@ -564,7 +550,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
    ];

    /* ALPN extension */
@@ -581,8 +567,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        notBefore: now,
        notAfter: now,
        name: createCsrSubject({
-            CN: commonName
-        })
+            CN: commonName,
+        }),
    });

    /* Done */
@@ -590,7 +576,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Validate that a ALPN certificate contains the expected key authorization
 *
--- a/packages/core/acme-client/src/http.js
+++ b/packages/core/acme-client/src/http.js
@@ -12,10 +12,11 @@ const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
 let httpsAgent = null;
 if (httpsProxy) {
    httpsAgent = new HttpsProxyAgent(httpsProxy);
+    log(`use https_proxy:${httpsProxy}`);
 }
 const axios = axios1.create({
    proxy: false,
-    httpsAgent
+    httpsAgent,
 });

 /**
@@ -30,16 +31,19 @@ const axios = axios1.create({
 */

 class HttpClient {
-    constructor(directoryUrl, accountKey, externalAccountBinding = {}) {
+    constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {}) {
        this.directoryUrl = directoryUrl;
        this.accountKey = accountKey;
        this.externalAccountBinding = externalAccountBinding;

        this.maxBadNonceRetries = 5;
-        this.directory = null;
        this.jwk = null;
-    }

+        this.directoryCache = null;
+        this.directoryMaxAge = 86400;
+        this.directoryTimestamp = 0;
+        this.urlMapping = urlMapping;
+    }

    /**
     * HTTP request
@@ -51,6 +55,16 @@ class HttpClient {
     */

    async request(url, method, opts = {}) {
+        if (this.urlMapping && this.urlMapping.mappings) {
+            // eslint-disable-next-line no-restricted-syntax
+            for (const key in this.urlMapping.mappings) {
+                if (url.includes(key)) {
+                    const newUrl = url.replace(key, this.urlMapping.mappings[key]);
+                    log(`use reverse proxy: ${newUrl}`);
+                    url = newUrl;
+                }
+            }
+        }
        opts.url = url;
        opts.method = method;
        opts.validateStatus = null;
@@ -70,17 +84,20 @@ class HttpClient {
        return resp;
    }

-
    /**
-     * Ensure provider directory exists
+     * Get ACME provider directory
     *
     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
     *
-     * @returns {Promise}
+     * @returns {Promise<object>} ACME directory contents
     */

    async getDirectory() {
-        if (!this.directory) {
+        const now = Math.floor(Date.now() / 1000);
+        const age = (now - this.directoryTimestamp);
+
+        if (!this.directoryCache || (age > this.directoryMaxAge)) {
+            log(`Refreshing ACME directory, age: ${age}`);
            const resp = await this.request(this.directoryUrl, 'get');

            if (resp.status >= 400) {
@@ -91,10 +108,12 @@ class HttpClient {
                throw new Error('Attempting to read ACME directory returned no data');
            }

-            this.directory = resp.data;
+            this.directoryCache = resp.data;
+            this.directoryTimestamp = now;
        }
-    }

+        return this.directoryCache;
+    }

    /**
     * Get JSON Web Key
@@ -110,13 +129,12 @@ class HttpClient {
        return this.jwk;
    }

-
    /**
     * Get nonce from directory API endpoint
     *
     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.2
     *
-     * @returns {Promise<string>} nonce
+     * @returns {Promise<string>} Nonce
     */

    async getNonce() {
@@ -130,7 +148,6 @@ class HttpClient {
        return resp.headers['replay-nonce'];
    }

-
    /**
     * Get URL for a directory resource
     *
@@ -139,16 +156,15 @@ class HttpClient {
     */

    async getResourceUrl(resource) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();

-        if (!this.directory[resource]) {
+        if (!dir[resource]) {
            throw new Error(`Unable to locate API resource URL in ACME directory: "${resource}"`);
        }

-        return this.directory[resource];
+        return dir[resource];
    }

-
    /**
     * Get directory meta field
     *
@@ -157,16 +173,15 @@ class HttpClient {
     */

    async getMetaField(field) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();

-        if (('meta' in this.directory) && (field in this.directory.meta)) {
-            return this.directory.meta[field];
+        if (('meta' in dir) && (field in dir.meta)) {
+            return dir.meta[field];
        }

        return null;
    }

-
    /**
     * Prepare HTTP request body for signature
     *
@@ -199,11 +214,10 @@ class HttpClient {
        /* Body */
        return {
            payload: payload ? Buffer.from(JSON.stringify(payload)).toString('base64url') : '',
-            protected: Buffer.from(JSON.stringify(header)).toString('base64url')
+            protected: Buffer.from(JSON.stringify(header)).toString('base64url'),
        };
    }

-
    /**
     * Create JWS HTTP request body using HMAC
     *
@@ -226,7 +240,6 @@ class HttpClient {
        return result;
    }

-
    /**
     * Create JWS HTTP request body using RSA or ECC
     *
@@ -267,13 +280,12 @@ class HttpClient {
        result.signature = signer.sign({
            key: this.accountKey,
            padding: RSA_PKCS1_PADDING,
-            dsaEncoding: 'ieee-p1363'
+            dsaEncoding: 'ieee-p1363',
        }, 'base64url');

        return result;
    }

-
    /**
     * Signed HTTP request
     *
@@ -309,7 +321,7 @@ class HttpClient {
        const data = this.createSignedBody(url, payload, { nonce, kid });
        const resp = await this.request(url, 'post', { data });

-        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/rfc8555#section-6.5 */
        if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
            nonce = resp.headers['replay-nonce'] || null;
            attempts += 1;
@@ -323,6 +335,5 @@ class HttpClient {
    }
 }

-
 /* Export client */
 module.exports = HttpClient;
--- a/packages/core/acme-client/src/index.js
+++ b/packages/core/acme-client/src/index.js
@@ -4,7 +4,6 @@

 exports.Client = require('./client');

-
 /**
 * Directory URLs
 */
@@ -12,18 +11,22 @@ exports.Client = require('./client');
 exports.directory = {
    buypass: {
        staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory'
+        production: 'https://api.buypass.com/acme/directory',
+    },
+    google: {
+        staging: 'https://dv.acme-v02.test-api.pki.goog/directory',
+        production: 'https://dv.acme-v02.api.pki.goog/directory',
    },
    letsencrypt: {
        staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory'
+        production: 'https://acme-v02.api.letsencrypt.org/directory',
    },
    zerossl: {
-        production: 'https://acme.zerossl.com/v2/DV90'
-    }
+        staging: 'https://acme.zerossl.com/v2/DV90',
+        production: 'https://acme.zerossl.com/v2/DV90',
+    },
 };

-
 /**
 * Crypto
 */
@@ -31,14 +34,12 @@ exports.directory = {
 exports.crypto = require('./crypto');
 exports.forge = require('./crypto/forge');

-
 /**
 * Axios
 */

 exports.axios = require('./axios');

-
 /**
 * Logger
 */
--- a/packages/core/acme-client/src/logger.js
+++ b/packages/core/acme-client/src/logger.js
@@ -6,7 +6,6 @@ const debug = require('debug')('acme-client');

 let logger = () => {};

-
 /**
 * Set logger function
 *
@@ -17,11 +16,10 @@ exports.setLogger = (fn) => {
    logger = fn;
 };

-
 /**
 * Log message
 *
- * @param {string} Message
+ * @param {string} msg Message
 */

 exports.log = (msg) => {
--- a/packages/core/acme-client/src/util.js
+++ b/packages/core/acme-client/src/util.js
@@ -7,7 +7,6 @@ const dns = require('dns').promises;
 const { readCertificateInfo, splitPemChain } = require('./crypto');
 const { log } = require('./logger');

-
 /**
 * Exponential backoff
 *
@@ -26,7 +25,6 @@ class Backoff {
        this.attempts = 0;
    }

-
    /**
     * Get backoff duration
     *
@@ -40,7 +38,6 @@ class Backoff {
    }
 }

-
 /**
 * Retry promise
 *
@@ -70,7 +67,6 @@ async function retryPromise(fn, attempts, backoff) {
    }
 }

-
 /**
 * Retry promise
 *
@@ -87,11 +83,13 @@ function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
    return retryPromise(fn, attempts, backoff);
 }

-
 /**
- * Parse URLs from link header
+ * Parse URLs from Link header
 *
- * @param {string} header Link header contents
+ * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
+ * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link
+ *
+ * @param {string} header Header contents
 * @param {string} rel Link relation, default: `alternate`
 * @returns {string[]} Array of URLs
 */
@@ -107,6 +105,36 @@ function parseLinkHeader(header, rel = 'alternate') {
    return results.filter((r) => r);
 }

+/**
+ * Parse date or duration from Retry-After header
+ *
+ * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After
+ *
+ * @param {string} header Header contents
+ * @returns {number} Retry duration in seconds
+ */
+
+function parseRetryAfterHeader(header) {
+    const sec = parseInt(header, 10);
+    const date = new Date(header);
+
+    /* Seconds into the future */
+    if (Number.isSafeInteger(sec) && (sec > 0)) {
+        return sec;
+    }
+
+    /* Future date string */
+    if (date instanceof Date && !Number.isNaN(date)) {
+        const now = new Date();
+        const diff = Math.ceil((date.getTime() - now.getTime()) / 1000);
+
+        if (diff > 0) {
+            return diff;
+        }
+    }
+
+    return 0;
+}

 /**
 * Find certificate chain with preferred issuer common name
@@ -157,7 +185,6 @@ function findCertificateChainForIssuer(chains, issuer) {
    return chains[0];
 }

-
 /**
 * Find and format error in response object
 *
@@ -168,17 +195,18 @@ function findCertificateChainForIssuer(chains, issuer) {
 function formatResponseError(resp) {
    let result;

-    if (resp.data.error) {
-        result = resp.data.error.detail || resp.data.error;
-    }
-    else {
-        result = resp.data.detail || JSON.stringify(resp.data);
+    if (resp.data) {
+        if (resp.data.error) {
+            result = resp.data.error.detail || resp.data.error;
+        }
+        else {
+            result = resp.data.detail || JSON.stringify(resp.data);
+        }
    }

-    return result.replace(/\n/g, '');
+    return (result || '').replace(/\n/g, '');
 }

-
 /**
 * Resolve root domain name by looking for SOA record
 *
@@ -204,7 +232,6 @@ async function resolveDomainBySoaRecord(recordName) {
    }
 }

-
 /**
 * Get DNS resolver using domains authoritative NS records
 *
@@ -245,7 +272,6 @@ async function getAuthoritativeDnsResolver(recordName) {
    return resolver;
 }

-
 /**
 * Attempt to retrieve TLS ALPN certificate from peer
 *
@@ -267,7 +293,7 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
            port,
            servername: host,
            rejectUnauthorized: false,
-            ALPNProtocols: ['acme-tls/1']
+            ALPNProtocols: ['acme-tls/1'],
        });

        socket.setTimeout(timeout);
@@ -299,7 +325,6 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
    });
 }

-
 /**
 * Export utils
 */
@@ -307,8 +332,9 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
 module.exports = {
    retry,
    parseLinkHeader,
+    parseRetryAfterHeader,
    findCertificateChainForIssuer,
    formatResponseError,
    getAuthoritativeDnsResolver,
-    retrieveTlsAlpnCertificate
+    retrieveTlsAlpnCertificate,
 };
--- a/packages/core/acme-client/src/verify.js
+++ b/packages/core/acme-client/src/verify.js
@@ -9,7 +9,6 @@ const axios = require('./axios');
 const util = require('./util');
 const { isAlpnCertificateAuthorizationValid } = require('./crypto');

-
 /**
 * Verify ACME HTTP challenge
 *
@@ -43,25 +42,24 @@ async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix =
    return true;
 }

-
 /**
 * Walk DNS until TXT records are found
 */

 async function walkDnsChallengeRecord(recordName, resolver = dns) {
    /* Resolve CNAME record first */
-    try {
-        log(`Checking name for CNAME records: ${recordName}`);
-        const cnameRecords = await resolver.resolveCname(recordName);
-
-        if (cnameRecords.length) {
-            log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
-            return walkDnsChallengeRecord(cnameRecords[0]);
-        }
-    }
-    catch (e) {
-        log(`No CNAME records found for name: ${recordName}`);
-    }
+    // try {
+    //     log(`Checking name for CNAME records: ${recordName}`);
+    //     const cnameRecords = await resolver.resolveCname(recordName);
+    //
+    //     if (cnameRecords.length) {
+    //         log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
+    //         return walkDnsChallengeRecord(cnameRecords[0]);
+    //     }
+    // }
+    // catch (e) {
+    //     log(`No CNAME records found for name: ${recordName}`);
+    // }

    /* Resolve TXT records */
    try {
@@ -81,7 +79,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
    throw new Error(`No TXT records found for name: ${recordName}`);
 }

-
 /**
 * Verify ACME DNS challenge
 *
@@ -121,7 +118,6 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
    return true;
 }

-
 /**
 * Verify ACME TLS ALPN challenge
 *
@@ -149,7 +145,6 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
    return true;
 }

-
 /**
 * Export API
 */
@@ -157,5 +152,5 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
 module.exports = {
    'http-01': verifyHttpChallenge,
    'dns-01': verifyDnsChallenge,
-    'tls-alpn-01': verifyTlsAlpnChallenge
+    'tls-alpn-01': verifyTlsAlpnChallenge,
 };
--- a/packages/core/acme-client/src/wait.js
+++ b/packages/core/acme-client/src/wait.js
@@ -0,0 +1,9 @@
+async function wait(ms) {
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
+}
+
+module.exports = {
+    wait
+};
--- a/packages/core/acme-client/test/00-pebble.spec.js
+++ b/packages/core/acme-client/test/00-pebble.spec.js
@@ -16,7 +16,6 @@ const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 const tlsAlpnPort = axios.defaults.acmeSettings.tlsAlpnChallengePort || 443;

-
 describe('pebble', () => {
    const httpsAgent = new https.Agent({ rejectUnauthorized: false });

@@ -39,18 +38,16 @@ describe('pebble', () => {
    const testTlsAlpn01ChallengeHost = `${uuid()}.${domainName}`;
    const testTlsAlpn01ChallengeValue = uuid();

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * DNS mocking
     */
@@ -92,7 +89,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * HTTP-01 challenge response
     */
@@ -118,7 +114,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * HTTPS-01 challenge response
     */
@@ -143,7 +138,7 @@ describe('pebble', () => {
            /* Assert HTTP 302 */
            const resp = await axios.get(`http://${testHttps01ChallengeHost}:${httpPort}/.well-known/acme-challenge/${testHttps01ChallengeToken}`, {
                maxRedirects: 0,
-                validateStatus: null
+                validateStatus: null,
            });

            assert.strictEqual(resp.status, 302);
@@ -165,7 +160,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * DNS-01 challenge response
     */
@@ -188,7 +182,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * TLS-ALPN-01 challenge response
     */
--- a/packages/core/acme-client/test/10-http.spec.js
+++ b/packages/core/acme-client/test/10-http.spec.js
@@ -9,41 +9,17 @@ const axios = require('./../src/axios');
 const HttpClient = require('./../src/http');
 const pkg = require('./../package.json');

-
 describe('http', () => {
    let testClient;

+    const endpoint = `http://${uuid()}.example.com`;
    const defaultUserAgent = `node-${pkg.name}/${pkg.version}`;
    const customUserAgent = 'custom-ua-123';

-    const primaryEndpoint = `http://${uuid()}.example.com`;
-    const defaultUaEndpoint = `http://${uuid()}.example.com`;
-    const customUaEndpoint = `http://${uuid()}.example.com`;
-
-
-    /**
-     * HTTP mocking
-     */
-
-    before(() => {
-        const defaultUaOpts = { reqheaders: { 'User-Agent': defaultUserAgent } };
-        const customUaOpts = { reqheaders: { 'User-Agent': customUserAgent } };
-
-        nock(primaryEndpoint)
-            .persist().get('/').reply(200, 'ok');
-
-        nock(defaultUaEndpoint, defaultUaOpts)
-            .persist().get('/').reply(200, 'ok');
-
-        nock(customUaEndpoint, customUaOpts)
-            .persist().get('/').reply(200, 'ok');
+    afterEach(() => {
+        nock.cleanAll();
    });

-    after(() => {
-        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
-    });
-
-
    /**
     * Initialize
     */
@@ -52,47 +28,94 @@ describe('http', () => {
        testClient = new HttpClient();
    });

-
    /**
     * HTTP verbs
     */

    it('should http get', async () => {
-        const resp = await testClient.request(primaryEndpoint, 'get');
+        nock(endpoint).get('/').reply(200, 'ok');
+        const resp = await testClient.request(endpoint, 'get');

        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });

-
    /**
     * User-Agent
     */

    it('should request using default user-agent', async () => {
-        const resp = await testClient.request(defaultUaEndpoint, 'get');
+        nock(endpoint).matchHeader('user-agent', defaultUserAgent).get('/').reply(200, 'ok');
+        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
+        const resp = await testClient.request(endpoint, 'get');

        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });

-    it('should not request using custom user-agent', async () => {
-        await assert.isRejected(testClient.request(customUaEndpoint, 'get'));
+    it('should reject using custom user-agent', async () => {
+        nock(endpoint).matchHeader('user-agent', defaultUserAgent).get('/').reply(200, 'ok');
+        axios.defaults.headers.common['User-Agent'] = customUserAgent;
+        await assert.isRejected(testClient.request(endpoint, 'get'));
    });

    it('should request using custom user-agent', async () => {
+        nock(endpoint).matchHeader('user-agent', customUserAgent).get('/').reply(200, 'ok');
        axios.defaults.headers.common['User-Agent'] = customUserAgent;
-        const resp = await testClient.request(customUaEndpoint, 'get');
+        const resp = await testClient.request(endpoint, 'get');

        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });

-    it('should not request using default user-agent', async () => {
-        axios.defaults.headers.common['User-Agent'] = customUserAgent;
-        await assert.isRejected(testClient.request(defaultUaEndpoint, 'get'));
+    it('should reject using default user-agent', async () => {
+        nock(endpoint).matchHeader('user-agent', customUserAgent).get('/').reply(200, 'ok');
+        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
+        await assert.isRejected(testClient.request(endpoint, 'get'));
+    });
+
+    /**
+     * Retry on HTTP errors
+     */
+
+    it('should retry on 429 rate limit', async () => {
+        let rateLimitCount = 0;
+
+        nock(endpoint).persist().get('/').reply(() => {
+            rateLimitCount += 1;
+
+            if (rateLimitCount < 3) {
+                return [429, 'Rate Limit Exceeded', { 'Retry-After': 1 }];
+            }
+
+            return [200, 'ok'];
+        });
+
+        assert.strictEqual(rateLimitCount, 0);
+        const resp = await testClient.request(endpoint, 'get');
+
+        assert.isObject(resp);
+        assert.strictEqual(resp.status, 200);
+        assert.strictEqual(resp.data, 'ok');
+        assert.strictEqual(rateLimitCount, 3);
+    });
+
+    it('should retry on 5xx server error', async () => {
+        let serverErrorCount = 0;
+
+        nock(endpoint).persist().get('/').reply(() => {
+            serverErrorCount += 1;
+            return [500, 'Internal Server Error', { 'Retry-After': 1 }];
+        });
+
+        assert.strictEqual(serverErrorCount, 0);
+        const resp = await testClient.request(endpoint, 'get');
+
+        assert.isObject(resp);
+        assert.strictEqual(resp.status, 500);
+        assert.strictEqual(serverErrorCount, 4);
    });
 });
--- a/packages/core/acme-client/test/10-logger.spec.js
+++ b/packages/core/acme-client/test/10-logger.spec.js
@@ -5,7 +5,6 @@
 const { assert } = require('chai');
 const logger = require('./../src/logger');

-
 describe('logger', () => {
    let lastLogMessage = null;

@@ -13,7 +12,6 @@ describe('logger', () => {
        lastLogMessage = msg;
    }

-
    /**
     * Logger
     */
@@ -23,7 +21,6 @@ describe('logger', () => {
        assert.isNull(lastLogMessage);
    });

-
    it('should log with custom logger', () => {
        logger.setLogger(customLoggerFn);

--- a/packages/core/acme-client/test/10-util.spec.js
+++ b/packages/core/acme-client/test/10-util.spec.js
@@ -0,0 +1,145 @@
+/**
+ * Utility method tests
+ */
+
+const dns = require('dns').promises;
+const fs = require('fs').promises;
+const path = require('path');
+const { assert } = require('chai');
+const util = require('./../src/util');
+const { readCertificateInfo } = require('./../src/crypto');
+
+describe('util', () => {
+    const testCertPath1 = path.join(__dirname, 'fixtures', 'certificate.crt');
+    const testCertPath2 = path.join(__dirname, 'fixtures', 'letsencrypt.crt');
+
+    it('retry()', async () => {
+        let attempts = 0;
+        const backoffOpts = {
+            min: 100,
+            max: 500,
+        };
+
+        await assert.isRejected(util.retry(() => {
+            throw new Error('oops');
+        }, backoffOpts));
+
+        const r = await util.retry(() => {
+            attempts += 1;
+
+            if (attempts < 3) {
+                throw new Error('oops');
+            }
+
+            return 'abc';
+        }, backoffOpts);
+
+        assert.strictEqual(r, 'abc');
+        assert.strictEqual(attempts, 3);
+    });
+
+    it('parseLinkHeader()', () => {
+        const r1 = util.parseLinkHeader('<https://example.com/a>;rel="alternate"');
+        assert.isArray(r1);
+        assert.strictEqual(r1.length, 1);
+        assert.strictEqual(r1[0], 'https://example.com/a');
+
+        const r2 = util.parseLinkHeader('<https://example.com/b>;rel="test"');
+        assert.isArray(r2);
+        assert.strictEqual(r2.length, 0);
+
+        const r3 = util.parseLinkHeader('<http://example.com/c>; rel="test"', 'test');
+        assert.isArray(r3);
+        assert.strictEqual(r3.length, 1);
+        assert.strictEqual(r3[0], 'http://example.com/c');
+
+        const r4 = util.parseLinkHeader(`<https://example.com/a>; rel="alternate",
+            <https://example.com/x>; rel="nope",
+            <https://example.com/b>;rel="alternate",
+            <https://example.com/c>;   rel="alternate"`);
+        assert.isArray(r4);
+        assert.strictEqual(r4.length, 3);
+        assert.strictEqual(r4[0], 'https://example.com/a');
+        assert.strictEqual(r4[1], 'https://example.com/b');
+        assert.strictEqual(r4[2], 'https://example.com/c');
+    });
+
+    it('parseRetryAfterHeader()', () => {
+        const r1 = util.parseRetryAfterHeader('');
+        assert.strictEqual(r1, 0);
+
+        const r2 = util.parseRetryAfterHeader('abcdef');
+        assert.strictEqual(r2, 0);
+
+        const r3 = util.parseRetryAfterHeader('123');
+        assert.strictEqual(r3, 123);
+
+        const r4 = util.parseRetryAfterHeader('123.456');
+        assert.strictEqual(r4, 123);
+
+        const r5 = util.parseRetryAfterHeader('-555');
+        assert.strictEqual(r5, 0);
+
+        const r6 = util.parseRetryAfterHeader('Wed, 21 Oct 2015 07:28:00 GMT');
+        assert.strictEqual(r6, 0);
+
+        const now = new Date();
+        const future = new Date(now.getTime() + 123000);
+        const r7 = util.parseRetryAfterHeader(future.toUTCString());
+        assert.isTrue(r7 > 100);
+    });
+
+    it('findCertificateChainForIssuer()', async () => {
+        const certs = [
+            (await fs.readFile(testCertPath1)).toString(),
+            (await fs.readFile(testCertPath2)).toString(),
+        ];
+
+        const r1 = util.findCertificateChainForIssuer(certs, 'abc123');
+        const r2 = util.findCertificateChainForIssuer(certs, 'example.com');
+        const r3 = util.findCertificateChainForIssuer(certs, 'E6');
+
+        [r1, r2, r3].forEach((r) => {
+            assert.isString(r);
+            assert.isNotEmpty(r);
+        });
+
+        assert.strictEqual(readCertificateInfo(r1).issuer.commonName, 'example.com');
+        assert.strictEqual(readCertificateInfo(r2).issuer.commonName, 'example.com');
+        assert.strictEqual(readCertificateInfo(r3).issuer.commonName, 'E6');
+    });
+
+    it('formatResponseError()', () => {
+        const e1 = util.formatResponseError({ data: { error: 'aaa' } });
+        assert.strictEqual(e1, 'aaa');
+
+        const e2 = util.formatResponseError({ data: { error: { detail: 'bbb' } } });
+        assert.strictEqual(e2, 'bbb');
+
+        const e3 = util.formatResponseError({ data: { detail: 'ccc' } });
+        assert.strictEqual(e3, 'ccc');
+
+        const e4 = util.formatResponseError({ data: { a: 123 } });
+        assert.strictEqual(e4, '{"a":123}');
+
+        const e5 = util.formatResponseError({});
+        assert.isString(e5);
+        assert.isEmpty(e5);
+    });
+
+    it('getAuthoritativeDnsResolver()', async () => {
+        /* valid domain - should not use global default */
+        const r1 = await util.getAuthoritativeDnsResolver('example.com');
+        assert.instanceOf(r1, dns.Resolver);
+        assert.isNotEmpty(r1.getServers());
+        assert.notDeepEqual(r1.getServers(), dns.getServers());
+
+        /* invalid domain - fallback to global default */
+        const r2 = await util.getAuthoritativeDnsResolver('invalid.xtldx');
+        assert.instanceOf(r2, dns.Resolver);
+        assert.deepStrictEqual(r2.getServers(), dns.getServers());
+    });
+
+    /* TODO: Figure out how to test this */
+    it('retrieveTlsAlpnCertificate()');
+});
--- a/packages/core/acme-client/test/10-verify.spec.js
+++ b/packages/core/acme-client/test/10-verify.spec.js
@@ -9,7 +9,6 @@ const verify = require('./../src/verify');

 const domainName = process.env.ACME_DOMAIN_NAME || 'example.com';

-
 describe('verify', () => {
    const challengeTypes = ['http-01', 'dns-01'];

@@ -30,18 +29,16 @@ describe('verify', () => {
    const testTlsAlpn01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
    const testTlsAlpn01Key = uuid();

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * API
     */
@@ -50,7 +47,6 @@ describe('verify', () => {
        assert.containsAllKeys(verify, challengeTypes);
    });

-
    /**
     * http-01
     */
@@ -81,7 +77,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * https-01
     */
@@ -102,7 +97,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * dns-01
     */
@@ -133,7 +127,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * tls-alpn-01
     */
--- a/packages/core/acme-client/test/20-crypto-legacy.spec.js
+++ b/packages/core/acme-client/test/20-crypto-legacy.spec.js
@@ -9,10 +9,9 @@ const spec = require('./spec');
 const forge = require('./../src/crypto/forge');

 const cryptoEngines = {
-    forge
+    forge,
 };

-
 describe('crypto-legacy', () => {
    let testPemKey;
    let testCert;
@@ -28,7 +27,6 @@ describe('crypto-legacy', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');

-
    /**
     * Fixtures
     */
@@ -50,7 +48,6 @@ describe('crypto-legacy', () => {
        });
    });

-
    /**
     * Engines
     */
@@ -62,7 +59,6 @@ describe('crypto-legacy', () => {
            let testNonCnCsr;
            let testNonAsciiCsr;

-
            /**
             * Key generation
             */
@@ -83,14 +79,13 @@ describe('crypto-legacy', () => {
                publicKeyStore.push(key.toString().replace(/[\r\n]/gm, ''));
            });

-
            /**
             * Certificate Signing Request
             */

            it('should generate a csr', async () => {
                const [key, csr] = await engine.createCsr({
-                    commonName: testCsrDomain
+                    commonName: testCsrDomain,
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -102,7 +97,7 @@ describe('crypto-legacy', () => {
            it('should generate a san csr', async () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testSanCsrDomains[0],
-                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -113,7 +108,7 @@ describe('crypto-legacy', () => {

            it('should generate a csr without common name', async () => {
                const [key, csr] = await engine.createCsr({
-                    altNames: testSanCsrDomains
+                    altNames: testSanCsrDomains,
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -126,7 +121,7 @@ describe('crypto-legacy', () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testCsrDomain,
                    organization: '大安區',
-                    organizationUnit: '中文部門'
+                    organizationUnit: '中文部門',
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -167,7 +162,6 @@ describe('crypto-legacy', () => {
                assert.deepStrictEqual(result.altNames, [testCsrDomain]);
            });

-
            /**
             * Certificate
             */
@@ -188,7 +182,6 @@ describe('crypto-legacy', () => {
                assert.deepEqual(info.domains.altNames, testSanCsrDomains.slice(1, testSanCsrDomains.length));
            });

-
            /**
             * PEM utils
             */
@@ -214,7 +207,6 @@ describe('crypto-legacy', () => {
                });
            });

-
            /**
             * Modulus and exponent
             */
@@ -246,7 +238,6 @@ describe('crypto-legacy', () => {
        });
    });

-
    /**
     * Verify identical results
     */
--- a/packages/core/acme-client/test/20-crypto.spec.js
+++ b/packages/core/acme-client/test/20-crypto.spec.js
@@ -50,7 +50,6 @@ dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0
 -----END TEST-----
 `;

-
 describe('crypto', () => {
    const testCsrDomain = 'example.com';
    const testSanCsrDomains = ['example.com', 'test.example.com', 'abc.example.com'];
@@ -58,7 +57,6 @@ describe('crypto', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');

-
    /**
     * Key types
     */
@@ -68,24 +66,23 @@ describe('crypto', () => {
            createKeyFns: {
                s1024: () => crypto.createPrivateRsaKey(1024),
                s2048: () => crypto.createPrivateRsaKey(),
-                s4096: () => crypto.createPrivateRsaKey(4096)
+                s4096: () => crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFns: {
                p256: () => crypto.createPrivateEcdsaKey(),
                p384: () => crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => crypto.createPrivateEcdsaKey('P-521')
+                p521: () => crypto.createPrivateEcdsaKey('P-521'),
            },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
    }).forEach(([name, { createKeyFns, jwkSpecFn }]) => {
        describe(name, () => {
            const testPrivateKeys = {};
            const testPublicKeys = {};

-
            /**
             * Iterate through all generator variations
             */
@@ -97,7 +94,6 @@ describe('crypto', () => {
                let testNonAsciiCsr;
                let testAlpnCertificate;

-
                /**
                 * Keys and JWK
                 */
@@ -132,14 +128,13 @@ describe('crypto', () => {
                    jwkSpecFn(jwk);
                });

-
                /**
                 * Certificate Signing Request
                 */

                it(`${n}/should generate a csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -151,7 +146,7 @@ describe('crypto', () => {
                it(`${n}/should generate a san csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testSanCsrDomains[0],
-                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -162,7 +157,7 @@ describe('crypto', () => {

                it(`${n}/should generate a csr without common name`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        altNames: testSanCsrDomains
+                        altNames: testSanCsrDomains,
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -175,7 +170,7 @@ describe('crypto', () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testCsrDomain,
                        organization: '大安區',
-                        organizationUnit: '中文部門'
+                        organizationUnit: '中文部門',
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -186,7 +181,7 @@ describe('crypto', () => {

                it(`${n}/should generate a csr with key as string`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n].toString());

                    assert.isTrue(Buffer.isBuffer(key));
@@ -195,11 +190,10 @@ describe('crypto', () => {

                it(`${n}/should throw with invalid key`, async () => {
                    await assert.isRejected(crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPublicKeys[n]));
                });

-
                /**
                 * Domain and info resolver
                 */
@@ -243,7 +237,6 @@ describe('crypto', () => {
                    });
                });

-
                /**
                 * ALPN
                 */
@@ -284,7 +277,6 @@ describe('crypto', () => {
        });
    });

-
    /**
     * Common functionality
     */
@@ -294,7 +286,6 @@ describe('crypto', () => {
        let testCert;
        let testSanCert;

-
        it('should read private key fixture', async () => {
            testPemKey = await fs.readFile(testKeyPath);
            assert.isTrue(Buffer.isBuffer(testPemKey));
@@ -310,21 +301,19 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(testSanCert));
        });

-
        /**
         * CSR with auto-generated key
         */

        it('should generate a csr with default key', async () => {
            const [key, csr] = await crypto.createCsr({
-                commonName: testCsrDomain
+                commonName: testCsrDomain,
            });

            assert.isTrue(Buffer.isBuffer(key));
            assert.isTrue(Buffer.isBuffer(csr));
        });

-
        /**
         * Certificate
         */
@@ -352,7 +341,6 @@ describe('crypto', () => {
            });
        });

-
        /**
         * ALPN
         */
@@ -365,7 +353,6 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(cert));
        });

-
        /**
         * PEM utils
         */
--- a/packages/core/acme-client/test/50-client.spec.js
+++ b/packages/core/acme-client/test/50-client.spec.js
@@ -20,35 +20,32 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };

 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }

-
 describe('client', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testDomainAlpn = `${uuid()}.${domainName}`;
    const testDomainWildcard = `*.${testDomain}`;
    const testContact = `mailto:test-${uuid()}@nope.com`;

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * Key types
     */
@@ -58,18 +55,18 @@ describe('client', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
            },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
    }).forEach(([name, { createKeyFn, createKeyAltFns, jwkSpecFn }]) => {
        describe(name, () => {
            let testIssuers;
@@ -97,7 +94,6 @@ describe('client', () => {
            let testCertificateAlpn;
            let testCertificateWildcard;

-
            /**
             * Fixtures
             */
@@ -114,11 +110,11 @@ describe('client', () => {

            it('should generate certificate signing request', async () => {
                [, testCsr] = await acme.crypto.createCsr({ commonName: testDomain }, await createKeyFn());
-                [, testCsrAlpn] = await acme.crypto.createCsr({ commonName: testDomainAlpn }, await createKeyFn());
-                [, testCsrWildcard] = await acme.crypto.createCsr({ commonName: testDomainWildcard }, await createKeyFn());
+                [, testCsrAlpn] = await acme.crypto.createCsr({ altNames: [testDomainAlpn] }, await createKeyFn());
+                [, testCsrWildcard] = await acme.crypto.createCsr({ altNames: [testDomainWildcard] }, await createKeyFn());
            });

-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -134,7 +130,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Initialize clients
             */
@@ -142,7 +137,7 @@ describe('client', () => {
            it('should initialize client', () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });
            });

@@ -151,12 +146,11 @@ describe('client', () => {
                jwkSpecFn(jwk);
            });

-
            /**
             * Terms of Service
             */

-            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function () {
                if (!capMetaTosField) {
                    this.skip();
                }
@@ -165,7 +159,7 @@ describe('client', () => {
                assert.isString(tos);
            });

-            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function () {
                if (capMetaTosField) {
                    this.skip();
                }
@@ -174,12 +168,11 @@ describe('client', () => {
                assert.isNull(tos);
            });

-
            /**
             * Create account
             */

-            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function () {
                if (!capMetaTosField) {
                    this.skip();
                }
@@ -187,7 +180,7 @@ describe('client', () => {
                await assert.isRejected(testClient.createAccount());
            });

-            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function() {
+            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function () {
                if (!capEabEnabled) {
                    this.skip();
                }
@@ -195,17 +188,17 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    externalAccountBinding: null
+                    externalAccountBinding: null,
                });

                await assert.isRejected(client.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                }));
            });

            it('should create an account', async () => {
                testAccount = await testClient.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                });

                spec.rfc8555.account(testAccount);
@@ -217,7 +210,6 @@ describe('client', () => {
                assert.isString(testAccountUrl);
            });

-
            /**
             * Create account with alternate key sizes
             */
@@ -226,11 +218,11 @@ describe('client', () => {
                it(`should create account with key=${k}`, async () => {
                    const client = new acme.Client({
                        ...clientOpts,
-                        accountKey: await altKeyFn()
+                        accountKey: await altKeyFn(),
                    });

                    const account = await client.createAccount({
-                        termsOfServiceAgreed: true
+                        termsOfServiceAgreed: true,
                    });

                    spec.rfc8555.account(account);
@@ -238,7 +230,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Find existing account using secondary client
             */
@@ -246,22 +237,22 @@ describe('client', () => {
            it('should throw when trying to find account using invalid account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountSecondaryKey
+                    accountKey: testAccountSecondaryKey,
                });

                await assert.isRejected(client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                }));
            });

            it('should find existing account using account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });

                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -269,7 +260,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });

-
            /**
             * Account URL
             */
@@ -278,7 +268,7 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1'
+                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1',
                });

                await assert.isRejected(client.updateAccount());
@@ -288,11 +278,11 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: testAccountUrl
+                    accountUrl: testAccountUrl,
                });

                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -300,7 +290,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });

-
            /**
             * Update account contact info
             */
@@ -316,12 +305,11 @@ describe('client', () => {
                assert.include(account.contact, testContact);
            });

-
            /**
             * Change account private key
             */

-            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function() {
+            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function () {
                if (!capUpdateAccountKey) {
                    this.skip();
                }
@@ -329,7 +317,7 @@ describe('client', () => {
                await testClient.updateAccountKey(testAccountSecondaryKey);

                const account = await testClient.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -337,7 +325,6 @@ describe('client', () => {
                assert.notDeepEqual(account.key, testAccount.key);
            });

-
            /**
             * Create new certificate order
             */
@@ -357,7 +344,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Get status of existing certificate order
             */
@@ -371,7 +357,6 @@ describe('client', () => {
                }));
            });

-
            /**
             * Get identifier authorization
             */
@@ -401,7 +386,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Generate challenge key authorization
             */
@@ -418,7 +402,6 @@ describe('client', () => {
                [testKeyAuthorization, testKeyAuthorizationAlpn, testKeyAuthorizationWildcard].forEach((k) => assert.isString(k));
            });

-
            /**
             * Deactivate identifier authorization
             */
@@ -427,8 +410,8 @@ describe('client', () => {
                const order = await testClient.createOrder({
                    identifiers: [
                        { type: 'dns', value: `${uuid()}.${domainName}` },
-                        { type: 'dns', value: `${uuid()}.${domainName}` }
-                    ]
+                        { type: 'dns', value: `${uuid()}.${domainName}` },
+                    ],
                });

                const authzCollection = await testClient.getAuthorizations(order);
@@ -445,7 +428,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Verify satisfied challenge
             */
@@ -460,7 +442,6 @@ describe('client', () => {
                await testClient.verifyChallenge(testAuthzWildcard, testChallengeWildcard);
            });

-
            /**
             * Complete challenge
             */
@@ -474,7 +455,6 @@ describe('client', () => {
                }));
            });

-
            /**
             * Wait for valid challenge
             */
@@ -483,7 +463,6 @@ describe('client', () => {
                await Promise.all([testChallenge, testChallengeAlpn, testChallengeWildcard].map(async (c) => testClient.waitForValidStatus(c)));
            });

-
            /**
             * Finalize order
             */
@@ -500,7 +479,6 @@ describe('client', () => {
                assert.strictEqual(testOrderWildcard.url, finalizeWildcard.url);
            });

-
            /**
             * Wait for valid order
             */
@@ -509,7 +487,6 @@ describe('client', () => {
                await Promise.all([testOrder, testOrderAlpn, testOrderWildcard].map(async (o) => testClient.waitForValidStatus(o)));
            });

-
            /**
             * Get certificate
             */
@@ -525,7 +502,7 @@ describe('client', () => {
                });
            });

-            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -539,7 +516,7 @@ describe('client', () => {
                }));
            });

-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -551,7 +528,6 @@ describe('client', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });

-
            /**
             * Revoke certificate
             */
@@ -568,7 +544,6 @@ describe('client', () => {
                await assert.isRejected(testClient.getCertificate(testOrderWildcard));
            });

-
            /**
             * Deactivate account
             */
@@ -581,7 +556,6 @@ describe('client', () => {
                assert.strictEqual(account.status, 'deactivated');
            });

-
            /**
             * Verify that no new orders can be made
             */
--- a/packages/core/acme-client/test/70-auto.spec.js
+++ b/packages/core/acme-client/test/70-auto.spec.js
@@ -18,17 +18,16 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };

 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }

-
 describe('client.auto', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testHttpDomain = `${uuid()}.${domainName}`;
@@ -40,21 +39,19 @@ describe('client.auto', () => {
    const testSanDomains = [
        `${uuid()}.${domainName}`,
        `${uuid()}.${domainName}`,
-        `${uuid()}.${domainName}`
+        `${uuid()}.${domainName}`,
    ];

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * Key types
     */
@@ -64,16 +61,16 @@ describe('client.auto', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
-            }
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
+            },
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
-            }
-        }
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
+            },
+        },
    }).forEach(([name, { createKeyFn, createKeyAltFns }]) => {
        describe(name, () => {
            let testIssuers;
@@ -82,12 +79,11 @@ describe('client.auto', () => {
            let testSanCertificate;
            let testWildcardCertificate;

-
            /**
             * Fixtures
             */

-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -103,7 +99,6 @@ describe('client.auto', () => {
                });
            });

-
            /**
             * Initialize client
             */
@@ -111,31 +106,30 @@ describe('client.auto', () => {
            it('should initialize client', async () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: await createKeyFn()
+                    accountKey: await createKeyFn(),
                });
            });

-
            /**
             * Invalid challenge response
             */

            it('should throw on invalid challenge response', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^authorization not found/i);
            });

            it('should throw on invalid challenge response with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
@@ -143,38 +137,37 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }));
            });

-
            /**
             * Challenge function exceptions
             */

            it('should throw on challengeCreate exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeThrowFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^oops$/);
            });

            it('should not throw on challengeRemove exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeThrowFn
+                    challengeRemoveFn: cts.challengeThrowFn,
                });

                assert.isString(cert);
@@ -188,8 +181,8 @@ describe('client.auto', () => {
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
-                        `${uuid()}.${domainName}`
-                    ]
+                        `${uuid()}.${domainName}`,
+                    ],
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
@@ -205,28 +198,27 @@ describe('client.auto', () => {
                        results.push(true);
                        return cts.challengeCreateFn(...args);
                    },
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                }));

                assert.strictEqual(results.length, 5);
                assert.deepStrictEqual(results, [false, false, false, true, true]);
            });

-
            /**
             * Order certificates
             */

            it('should order certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDomain
+                    commonName: testDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -235,7 +227,7 @@ describe('client.auto', () => {

            it('should order certificate using http-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpDomain
+                    commonName: testHttpDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -243,7 +235,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });

                assert.isString(cert);
@@ -251,7 +243,7 @@ describe('client.auto', () => {

            it('should order certificate using https-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpsDomain
+                    commonName: testHttpsDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -259,7 +251,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });

                assert.isString(cert);
@@ -267,7 +259,7 @@ describe('client.auto', () => {

            it('should order certificate using dns-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDnsDomain
+                    commonName: testDnsDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -275,7 +267,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertDnsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['dns-01']
+                    challengePriority: ['dns-01'],
                });

                assert.isString(cert);
@@ -283,7 +275,7 @@ describe('client.auto', () => {

            it('should order certificate using tls-alpn-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testAlpnDomain
+                    commonName: testAlpnDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -291,7 +283,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertTlsAlpnChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['tls-alpn-01']
+                    challengePriority: ['tls-alpn-01'],
                });

                assert.isString(cert);
@@ -299,14 +291,14 @@ describe('client.auto', () => {

            it('should order san certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    altNames: testSanDomains
+                    altNames: testSanDomains,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -315,15 +307,14 @@ describe('client.auto', () => {

            it('should order wildcard certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testWildcardDomain,
-                    altNames: [`*.${testWildcardDomain}`]
+                    altNames: [testWildcardDomain, `*.${testWildcardDomain}`],
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -332,7 +323,7 @@ describe('client.auto', () => {

            it('should order certificate with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -340,20 +331,20 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
            });

-            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }

                await Promise.all(testIssuers.map(async (issuer) => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: `${uuid()}.${domainName}`
+                        commonName: `${uuid()}.${domainName}`,
                    }, await createKeyFn());

                    const cert = await testClient.auto({
@@ -361,7 +352,7 @@ describe('client.auto', () => {
                        termsOfServiceAgreed: true,
                        preferredChain: issuer,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });

                    const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -371,13 +362,13 @@ describe('client.auto', () => {
                }));
            });

-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }

                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -385,7 +376,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    preferredChain: uuid(),
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -394,7 +385,6 @@ describe('client.auto', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });

-
            /**
             * Order certificate with alternate key sizes
             */
@@ -402,21 +392,20 @@ describe('client.auto', () => {
            Object.entries(createKeyAltFns).forEach(([k, altKeyFn]) => {
                it(`should order certificate with key=${k}`, async () => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: testDomain
+                        commonName: testDomain,
                    }, await altKeyFn());

                    const cert = await testClient.auto({
                        csr,
                        termsOfServiceAgreed: true,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });

                    assert.isString(cert);
                });
            });

-
            /**
             * Read certificates
             */
@@ -425,7 +414,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testDomain]);
            });

@@ -433,7 +422,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testSanCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testSanDomains[0]);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, testSanDomains);
            });

@@ -441,7 +430,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testWildcardCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testWildcardDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testWildcardDomain, `*.${testWildcardDomain}`]);
            });
        });
--- a/packages/core/acme-client/test/challtestsrv.js
+++ b/packages/core/acme-client/test/challtestsrv.js
@@ -8,7 +8,6 @@ const axios = require('./../src/axios');
 const apiBaseUrl = process.env.ACME_CHALLTESTSRV_URL || null;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;

-
 /**
 * Send request
 */
@@ -21,20 +20,18 @@ async function request(apiPath, data = {}) {
    await axios.request({
        url: `${apiBaseUrl}/${apiPath}`,
        method: 'post',
-        data
+        data,
    });

    return true;
 }

-
 /**
 * State
 */

 exports.isEnabled = () => !!apiBaseUrl;

-
 /**
 * DNS
 */
@@ -42,7 +39,6 @@ exports.isEnabled = () => !!apiBaseUrl;
 exports.addDnsARecord = async (host, addresses) => request('add-a', { host, addresses });
 exports.setDnsCnameRecord = async (host, target) => request('set-cname', { host, target });

-
 /**
 * Challenge response
 */
@@ -55,7 +51,7 @@ async function addHttps01ChallengeResponse(token, content, targetHostname) {
    await addHttp01ChallengeResponse(token, content);
    return request('add-redirect', {
        path: `/.well-known/acme-challenge/${token}`,
-        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`
+        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`,
    });
 }

@@ -72,7 +68,6 @@ exports.addHttps01ChallengeResponse = addHttps01ChallengeResponse;
 exports.addDns01ChallengeResponse = addDns01ChallengeResponse;
 exports.addTlsAlpn01ChallengeResponse = addTlsAlpn01ChallengeResponse;

-
 /**
 * Challenge response mock functions
 */
--- a/packages/core/acme-client/test/fixtures/letsencrypt.crt
+++ b/packages/core/acme-client/test/fixtures/letsencrypt.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCA1WgAwIBAgISA0ghDoSv5DpT3Pd3lqwjbVDDMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDA2MTAxNzEyMjZaFw0yNDA5MDgxNzEyMjVaMBQxEjAQBgNVBAMTCWxl
+bmNyLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEHJ3DjN7pYV3mftHzaP
+V/WI0RhOJnSI5AIFEPFHDi8UowOINRGIfm9FHGIDqrb4Rmyvr9JrrqBdFGDen8BW
+6OGjggJnMIICYzAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIdCTnxqmpOELDyzPaEM
+seB36lUOMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTSMFUGCCsGAQUF
+BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iub3JnMCIGCCsG
+AQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMG8GA1UdEQRoMGaCCWxlbmNy
+Lm9yZ4IPbGV0c2VuY3J5cHQuY29tgg9sZXRzZW5jcnlwdC5vcmeCDXd3dy5sZW5j
+ci5vcmeCE3d3dy5sZXRzZW5jcnlwdC5jb22CE3d3dy5sZXRzZW5jcnlwdC5vcmcw
+EwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgA/
+F0tP1yJHWJQdZRyEvg0S7ZA3fx+FauvBvyiF7PhkbgAAAZADWfneAAAEAwBHMEUC
+IGlp+dPU2hLT2suTMYkYMlt/xbzSnKLZDA/wYSsPACP7AiEAxbAzx6mkzn0cs0hh
+ti6sLf0pcbmDhxHdlJRjuo6SQZEAdwDf4VbrqgWvtZwPhnGNqMAyTq5W2W6n9aVq
+AdHBO75SXAAAAZADWfqrAAAEAwBIMEYCIQCrAmDUrlX3oGhri1qCIb65Cuf8h2GR
+LC1VfXBenX7dCAIhALXwbhCQ1vO1WLv4CqyihMHOwFaICYqN/N6ylaBlVAM4MAoG
+CCqGSM49BAMDA2gAMGUCMFdgjOXGl+hE2ABDsAeuNq8wi34yTMUHk0KMTOjRAfy9
+rOCGQqvP0myoYlyzXOH9uQIxAMdkG1ZWBZS1dHavbPf1I/MjYpzX6gy0jVHIXXu5
+aYWylBi/Uf2RPj0LWFZh8tNa1Q==
+-----END CERTIFICATE-----
--- a/packages/core/acme-client/test/get-cert-issuers.js
+++ b/packages/core/acme-client/test/get-cert-issuers.js
@@ -7,7 +7,6 @@ const util = require('./../src/util');

 const pebbleManagementUrl = process.env.ACME_PEBBLE_MANAGEMENT_URL || null;

-
 /**
 * Pebble
 */
@@ -26,7 +25,6 @@ async function getPebbleCertIssuers() {
    return info.map((i) => i.issuer.commonName);
 }

-
 /**
 * Get certificate issuers
 */
--- a/packages/core/acme-client/test/setup.js
+++ b/packages/core/acme-client/test/setup.js
@@ -7,14 +7,12 @@ const chai = require('chai');
 const chaiAsPromised = require('chai-as-promised');
 const axios = require('./../src/axios');

-
 /**
 * Add promise support to Chai
 */

 chai.use(chaiAsPromised);

-
 /**
 * Challenge test server ports
 */
@@ -31,6 +29,12 @@ if (process.env.ACME_TLSALPN_PORT) {
    axios.defaults.acmeSettings.tlsAlpnChallengePort = process.env.ACME_TLSALPN_PORT;
 }

+/**
+ * Greatly reduce retry duration while testing
+ */
+
+axios.defaults.acmeSettings.retryMaxAttempts = 3;
+axios.defaults.acmeSettings.retryDefaultDelay = 1;

 /**
 * External account binding
--- a/packages/core/acme-client/test/spec.js
+++ b/packages/core/acme-client/test/spec.js
@@ -7,7 +7,6 @@ const { assert } = require('chai');
 const spec = {};
 module.exports = spec;

-
 /**
 * ACME
 */
@@ -120,7 +119,6 @@ spec.rfc8555.challenge = (obj) => {
    }
 };

-
 /**
 * Crypto
 */
@@ -150,7 +148,6 @@ spec.crypto.certificateInfo = (obj) => {
    assert.strictEqual(Object.prototype.toString.call(obj.notAfter), '[object Date]');
 };

-
 /**
 * JWK
 */
--- a/packages/core/acme-client/tsconfig.json
+++ b/packages/core/acme-client/tsconfig.json
@@ -1,11 +1,13 @@
 {
+    "compileOnSave": false,
    "compilerOptions": {
        "module": "commonjs",
        "lib": ["es6"],
        "strict": true,
-        "noEmit": true,
+        "noEmit": false,
        "esModuleInterop": true,
        "baseUrl": ".",
+        "composite": true,
        "paths": { "acme-client": ["."] }
    }
 }
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@@ -15,7 +15,6 @@ export type PublicKeyString = string;
 export type CertificateString = string;
 export type CsrString = string;

-
 /**
 * Augmented ACME interfaces
 */
@@ -28,6 +27,10 @@ export interface Authorization extends rfc8555.Authorization {
    url: string;
 }

+export type UrlMapping={
+    enabled: boolean
+    mappings: Record<string, string>
+}

 /**
 * Client
@@ -41,6 +44,8 @@ export interface ClientOptions {
    backoffAttempts?: number;
    backoffMin?: number;
    backoffMax?: number;
+    urlMapping?: UrlMapping;
+    signal?: AbortSignal;
 }

 export interface ClientExternalAccountBindingOptions {
@@ -57,6 +62,7 @@ export interface ClientAutoOptions {
    skipChallengeVerification?: boolean;
    challengePriority?: string[];
    preferredChain?: string;
+    signal?: AbortSignal;
 }

 export class Client {
@@ -80,7 +86,6 @@ export class Client {
    auto(opts: ClientAutoOptions): Promise<string>;
 }

-
 /**
 * Directory URLs
 */
@@ -90,16 +95,20 @@ export const directory: {
        staging: string,
        production: string
    },
+    google: {
+        staging: string,
+        production: string
+    },
    letsencrypt: {
        staging: string,
        production: string
    },
    zerossl: {
+        staging: string,
        production: string
    }
 };

-
 /**
 * Crypto
 */
@@ -177,14 +186,12 @@ export interface CryptoLegacyInterface {

 export const forge: CryptoLegacyInterface;

-
 /**
 * Axios
 */

 export const axios: AxiosInstance;

-
 /**
 * Logger
 */
--- a/packages/core/acme-client/types/index.test-d.ts
+++ b/packages/core/acme-client/types/index.test-d.ts
@@ -4,7 +4,6 @@

 import * as acme from 'acme-client';

-
 (async () => {
    /* Client */
    const accountKey = await acme.crypto.createPrivateKey();
--- a/packages/core/acme-client/types/rfc8555.d.ts
+++ b/packages/core/acme-client/types/rfc8555.d.ts
@@ -27,7 +27,6 @@ export interface AccountUpdateRequest {
    termsOfServiceAgreed?: boolean;
 }

-
 /**
 * Order
 *
@@ -53,7 +52,6 @@ export interface OrderCreateRequest {
    notAfter?: string;
 }

-
 /**
 * Authorization
 *
@@ -73,7 +71,6 @@ export interface Identifier {
    value: string;
 }

-
 /**
 * Challenge
 *
@@ -102,7 +99,6 @@ export interface DnsChallenge extends ChallengeAbstract {

 export type Challenge = HttpChallenge | DnsChallenge;

-
 /**
 * Certificate
 *
--- a/packages/core/pipeline/.gitignore
+++ b/packages/core/pipeline/.gitignore
@@ -23,4 +23,6 @@ dist-ssr
 *.sln
 *.sw?

-test/user.secret.ts
+test/user.secret.*
+test/**/*.js
+src/**/*.spec.ts
--- a/packages/core/pipeline/.mocharc.json
+++ b/packages/core/pipeline/.mocharc.json
@@ -1,5 +1,4 @@
 {
  "extension": ["ts"],
-  "spec": "test/**/*.test.ts",
-  "require": "ts-node/register"
-}
+  "spec": "src/**/*.spec.ts"
+}
--- a/packages/core/pipeline/.npmignore
+++ b/packages/core/pipeline/.npmignore
@@ -1,2 +1,3 @@
 node_modules
-src
+src
+dist/**/*.spec.*
--- a/packages/core/pipeline/.npmrc
+++ b/packages/core/pipeline/.npmrc
@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true
--- a/packages/core/pipeline/CHANGELOG.md
+++ b/packages/core/pipeline/CHANGELOG.md
@@ -3,6 +3,106 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.24.0](https://github.com/certd/certd/compare/v1.23.1...v1.24.0) (2024-08-25)
+
+### Bug Fixes
+
+* 修复成功后跳过之后丢失腾讯云证书id的bug ([37eb762](https://github.com/certd/certd/commit/37eb762afe25c5896b75dee25f32809f8426e7b7))
+* 修复执行日志没有清理的bug ([22a3363](https://github.com/certd/certd/commit/22a336370a88a7df2a23c967043bae153da71ed5))
+
+### Features
+
+* 支持google证书申请（需要使用代理） ([a593056](https://github.com/certd/certd/commit/a593056e79e99dd6a74f75b5eab621af7248cfbe))
+
+### Performance Improvements
+
+* 优化成功后跳过的提示 ([7b451bb](https://github.com/certd/certd/commit/7b451bbf6e6337507f4627b5a845f5bd96ab4f7b))
+* 优化证书申请成功率 ([968c469](https://github.com/certd/certd/commit/968c4690a07f69c08dcb3d3a494da4e319627345))
+* email proxy ([453f1ba](https://github.com/certd/certd/commit/453f1baa0b9eb0f648aa1b71ccf5a95b202ce13f))
+
+## [1.23.1](https://github.com/certd/certd/compare/v1.23.0...v1.23.1) (2024-08-06)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.8](https://github.com/certd/certd/compare/v1.22.7...v1.22.8) (2024-08-05)
+
+### Performance Improvements
+
+* 优化pipeline删除时，删除其他history ([b425203](https://github.com/certd/certd/commit/b4252033d56a9ad950f3e204ff021497c3978015))
+
+## [1.22.7](https://github.com/certd/certd/compare/v1.22.6...v1.22.7) (2024-08-04)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)

 ### Performance Improvements
--- a/packages/core/pipeline/build.md
+++ b/packages/core/pipeline/build.md
@@ -0,0 +1 @@
+14:26
--- a/packages/core/pipeline/fix-esm-import-paths.js
+++ b/packages/core/pipeline/fix-esm-import-paths.js
@@ -0,0 +1,96 @@
+import * as fs from "fs";
+import * as path from "path";
+
+// https://gist.github.com/lovasoa/8691344
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+function resolveImportPath(sourceFile, importPath, options) {
+  const sourceFileAbs = path.resolve(process.cwd(), sourceFile);
+  const root = path.dirname(sourceFileAbs);
+  const { moduleFilter = defaultModuleFilter } = options;
+
+  if (moduleFilter(importPath)) {
+    const importPathAbs = path.resolve(root, importPath);
+    let possiblePath = [path.resolve(importPathAbs, "./index.ts"), path.resolve(importPathAbs, "./index.js"), importPathAbs + ".ts", importPathAbs + ".js"];
+
+    if (possiblePath.length) {
+      for (let i = 0; i < possiblePath.length; i++) {
+        let entry = possiblePath[i];
+        if (fs.existsSync(entry)) {
+          const resolved = path.relative(root, entry.replace(/\.ts$/, ".js"));
+
+          if (!resolved.startsWith(".")) {
+            return "./" + resolved;
+          }
+
+          return resolved;
+        }
+      }
+    }
+  }
+
+  return null;
+}
+
+function replace(filePath, outFilePath, options) {
+  const code = fs.readFileSync(filePath).toString();
+  const newCode = code.replace(/(import|export) (.+?) from ('[^\n']+'|"[^\n"]+");/gs, function (found, action, imported, from) {
+    const importPath = from.slice(1, -1);
+    let resolvedPath = resolveImportPath(filePath, importPath, options);
+
+    if (resolvedPath) {
+      resolvedPath = resolvedPath.replaceAll("\\", "/");
+      console.log("\t", importPath, resolvedPath);
+      return `${action} ${imported} from "${resolvedPath}";`;
+    }
+
+    return found;
+  });
+
+  if (code !== newCode) {
+    fs.writeFileSync(outFilePath, newCode);
+  }
+}
+
+// Then, use it with a simple async for loop
+async function run(srcDir, options = defaultOptions) {
+  const { sourceFileFilter = defaultSourceFileFilter } = options;
+
+  for await (const entry of walk(srcDir)) {
+    if (sourceFileFilter(entry)) {
+      console.log(entry);
+      replace(entry, entry, options);
+    }
+  }
+}
+
+const defaultSourceFileFilter = function (sourceFilePath) {
+  return /\.(js|ts)$/.test(sourceFilePath) && !/node_modules/.test(sourceFilePath);
+};
+
+const defaultModuleFilter = function (importedModule) {
+  return !path.isAbsolute(importedModule) && !importedModule.startsWith("@") && !importedModule.endsWith(".js");
+};
+
+const defaultOptions = {
+  sourceFileFilter: defaultSourceFileFilter,
+  moduleFilter: defaultModuleFilter,
+};
+
+// Switch this to test on one file or directly run on a directory.
+const DEBUG = false;
+
+if (DEBUG) {
+  replace("./src/index.ts", "./out.ts", defaultOptions);
+} else {
+  await run("./src/", defaultOptions);
+}
--- a/packages/core/pipeline/package.json
+++ b/packages/core/pipeline/package.json
@@ -1,49 +1,47 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.20.12",
-  "main": "./src/index.ts",
-  "module": "./src/index.ts",
-  "types": "./src/index.ts",
-  "publishConfig": {
-    "main": "./dist/bundle.js",
-    "module": "./dist/bundle.mjs",
-    "types": "./dist/d/index.d.ts"
-  },
+  "version": "1.24.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
  "scripts": {
    "dev": "vite",
-    "build": "rollup -c",
+    "build": "tsc --skipLibCheck",
+    "build3": "rollup -c",
    "build2": "vue-tsc --noEmit && vite build",
-    "preview": "vite preview"
+    "preview": "vite preview",
+    "test": "mocha   --loader=ts-node/esm"
  },
  "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
+    "fix-path": "^4.0.0",
+    "lodash-es": "^4.17.21",
    "node-forge": "^1.3.1",
    "nodemailer": "^6.9.3",
    "qs": "^6.11.2"
  },
  "devDependencies": {
-    "@certd/acme-client": "workspace:^1.20.12",
    "@rollup/plugin-commonjs": "^23.0.4",
    "@rollup/plugin-json": "^6.0.0",
    "@rollup/plugin-node-resolve": "^15.0.1",
    "@rollup/plugin-terser": "^0.4.3",
    "@rollup/plugin-typescript": "^11.0.0",
-    "@types/chai": "^4.3.5",
-    "@types/lodash": "^4.14.194",
+    "@types/chai": "^4.3.10",
+    "@types/lodash-es": "^4.17.12",
    "@types/mocha": "^10.0.1",
    "@types/node-forge": "^1.3.2",
    "@types/uuid": "^9.0.2",
    "@typescript-eslint/eslint-plugin": "^5.59.7",
    "@typescript-eslint/parser": "^5.59.7",
-    "chai": "^4.3.7",
+    "chai": "4.3.10",
    "dayjs": "^1.11.7",
    "eslint": "^8.41.0",
    "eslint-config-prettier": "^8.8.0",
    "eslint-plugin-import": "^2.27.5",
    "eslint-plugin-node": "^11.1.0",
    "eslint-plugin-prettier": "^4.2.1",
-    "lodash": "^4.17.21",
+    "iconv-lite": "^0.6.3",
    "log4js": "^6.9.1",
    "mocha": "^10.2.0",
    "prettier": "^2.8.8",
@@ -52,10 +50,11 @@
    "rollup-plugin-typescript2": "^0.34.1",
    "rollup-plugin-visualizer": "^5.8.2",
    "ts-node": "^10.9.1",
+    "tsc-esm-fix": "^3.0.0",
    "tslib": "^2.5.2",
    "typescript": "^5.0.4",
    "vite": "^4.3.8",
    "vue-tsc": "^1.6.5"
  },
-  "gitHead": "a31f1c7f5e71fa946de9bf0283e11d6ce049b3e9"
+  "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }
--- a/packages/core/pipeline/rollup.config.js
+++ b/packages/core/pipeline/rollup.config.js
@@ -1,43 +0,0 @@
-const resolve = require("@rollup/plugin-node-resolve");
-const commonjs = require("@rollup/plugin-commonjs");
-//const Typescript = require("rollup-plugin-typescript2");
-const Typescript = require("@rollup/plugin-typescript");
-const json = require("@rollup/plugin-json");
-const terser = require("@rollup/plugin-terser");
-module.exports = {
-  input: "src/index.ts",
-  output: {
-    file: "dist/bundle.js",
-    format: "cjs",
-  },
-  plugins: [
-    // 解析第三方依赖
-    resolve(),
-    // 识别 commonjs 模式第三方依赖
-    commonjs(),
-    Typescript({
-      target: "esnext",
-      rootDir: "src",
-      declaration: true,
-      declarationDir: "dist/d",
-      exclude: ["./node_modules/**", "./src/**/*.vue"],
-      allowSyntheticDefaultImports: true,
-    }),
-    json(),
-    terser(),
-  ],
-  external: [
-    "vue",
-    "lodash",
-    "dayjs",
-    "@certd/acme-client",
-    "@certd/pipeline",
-    "@certd/plugin-cert",
-    "@certd/plugin-aliyun",
-    "@certd/plugin-tencent",
-    "@certd/plugin-huawei",
-    "@certd/plugin-host",
-    "@certd/plugin-tencent",
-    "@certd/plugin-util",
-  ],
-};
--- a/packages/core/pipeline/src/access/api.ts
+++ b/packages/core/pipeline/src/access/api.ts
@@ -1,5 +1,5 @@
-import { Registrable } from "../registry";
-import { FormItemProps } from "../d.ts";
+import { Registrable } from "../registry/index.js";
+import { FormItemProps } from "../dt/index.js";

 export type AccessInputDefine = FormItemProps & {
  title: string;
--- a/packages/core/pipeline/src/access/decorator.ts
+++ b/packages/core/pipeline/src/access/decorator.ts
@@ -1,8 +1,8 @@
 // src/decorator/memoryCache.decorator.ts
-import { AccessDefine, AccessInputDefine } from "./api";
-import { Decorator } from "../decorator";
-import _ from "lodash";
-import { accessRegistry } from "./registry";
+import { AccessDefine, AccessInputDefine } from "./api.js";
+import { Decorator } from "../decorator/index.js";
+import _ from "lodash-es";
+import { accessRegistry } from "./registry.js";

 // 提供一个唯一 key
 export const ACCESS_CLASS_KEY = "pipeline:access";
--- a/packages/core/pipeline/src/access/index.ts
+++ b/packages/core/pipeline/src/access/index.ts
@@ -1,3 +1,3 @@
-export * from "./api";
-export * from "./registry";
-export * from "./decorator";
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
--- a/packages/core/pipeline/src/access/registry.ts
+++ b/packages/core/pipeline/src/access/registry.ts
@@ -1,4 +1,4 @@
-import { Registry } from "../registry";
+import { Registry } from "../registry/index.js";

 // @ts-ignore
 export const accessRegistry = new Registry("access");
--- a/packages/core/pipeline/src/context/index.ts
+++ b/packages/core/pipeline/src/context/index.ts
@@ -1,5 +1,5 @@
 import { AxiosInstance } from "axios";
-import { IContext } from "../core";
+import { IContext } from "../core/index.js";

 export type HttpClient = AxiosInstance;
 export type UserContext = IContext;
--- a/packages/core/pipeline/src/core/context.ts
+++ b/packages/core/pipeline/src/core/context.ts
@@ -1,4 +1,5 @@
-import { IStorage, MemoryStorage } from "./storage";
+import { IStorage, MemoryStorage } from "./storage.js";
+
 const CONTEXT_VERSION_KEY = "contextVersion";
 export interface IContext {
  getInt(key: string): Promise<number>;
@@ -20,13 +21,11 @@ export class ContextFactory {
  }

  getContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.storage);
-    return context;
+    return new StorageContext(scope, namespace, this.storage);
  }

  getMemoryContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.memoryStorage);
-    return context;
+    return new StorageContext(scope, namespace, this.memoryStorage);
  }
 }

--- a/packages/core/pipeline/src/core/executor.ts
+++ b/packages/core/pipeline/src/core/executor.ts
@@ -1,18 +1,18 @@
-import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { RunHistory, RunnableCollection } from "./run-history";
-import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin";
-import { ContextFactory, IContext } from "./context";
-import { IStorage } from "./storage";
-import { logger } from "../utils/util.log";
+import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { RunHistory, RunnableCollection } from "./run-history.js";
+import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin/index.js";
+import { ContextFactory, IContext } from "./context.js";
+import { IStorage } from "./storage.js";
+import { logger } from "../utils/util.log.js";
 import { Logger } from "log4js";
-import { createAxiosService } from "../utils/util.request";
-import { IAccessService } from "../access";
-import { RegistryItem } from "../registry";
-import { Decorator } from "../decorator";
-import { IEmailService } from "../service";
-import { FileStore } from "./file-store";
-import { TimeoutPromise } from "../utils/util.promise";
+import { createAxiosService } from "../utils/util.request.js";
+import { IAccessService } from "../access/index.js";
+import { RegistryItem } from "../registry/index.js";
+import { Decorator } from "../decorator/index.js";
+import { IEmailService } from "../service/index.js";
+import { FileStore } from "./file-store.js";
+// import { TimeoutPromise } from "../utils/util.promise.js";

 export type ExecutorOptions = {
  userId: any;
@@ -23,17 +23,20 @@ export type ExecutorOptions = {
  emailService: IEmailService;
  fileRootDir?: string;
 };
+
 export class Executor {
  pipeline: Pipeline;
  runtime!: RunHistory;
  contextFactory: ContextFactory;
  logger: Logger;
  pipelineContext!: IContext;
+  currentStatusMap!: RunnableCollection;
  lastStatusMap!: RunnableCollection;
  lastRuntime!: RunHistory;
  options: ExecutorOptions;
-  canceled = false;
-  onChanged: (history: RunHistory) => void;
+  abort: AbortController = new AbortController();
+
+  onChanged: (history: RunHistory) => Promise<void>;
  constructor(options: ExecutorOptions) {
    this.options = options;
    this.pipeline = _.cloneDeep(options.pipeline);
@@ -50,10 +53,11 @@ export class Executor {
    const lastRuntime = await this.pipelineContext.getObj(`lastRuntime`);
    this.lastRuntime = lastRuntime;
    this.lastStatusMap = new RunnableCollection(lastRuntime?.pipeline);
+    this.currentStatusMap = new RunnableCollection(this.pipeline);
  }

  async cancel() {
-    this.canceled = true;
+    this.abort.abort();
    this.runtime?.cancel(this.pipeline);
    await this.onChanged(this.runtime);
  }
@@ -102,6 +106,8 @@ export class Executor {
        }
      }
      if (lastResult != null && lastResult === ResultType.success && !inputChanged) {
+        runnable.status!.output = lastNode?.status?.output;
+        runnable.status!.files = lastNode?.status?.files;
        this.runtime.skip(runnable);
        await this.onChanged(this.runtime);
        return ResultType.skip;
@@ -110,12 +116,18 @@ export class Executor {
    const intervalFlushLogId = setInterval(async () => {
      await this.onChanged(this.runtime);
    }, 5000);
-    const timeout = runnable.timeout ?? 20 * 60 * 1000;
+
+    // const timeout = runnable.timeout ?? 20 * 60 * 1000;
    try {
-      if (this.canceled) {
-        throw new Error("task canceled");
+      if (this.abort.signal.aborted) {
+        this.runtime.cancel(runnable);
+        return ResultType.canceled;
+      }
+      await run();
+      if (this.abort.signal.aborted) {
+        this.runtime.cancel(runnable);
+        return ResultType.canceled;
      }
-      await TimeoutPromise(run, timeout);
      this.runtime.success(runnable);
      return ResultType.success;
    } catch (e: any) {
@@ -142,19 +154,25 @@ export class Executor {
  async runStage(stage: Stage) {
    const runnerList = [];
    for (const task of stage.tasks) {
-      const runner = this.runWithHistory(task, "task", async () => {
-        await this.runTask(task);
-      });
+      const runner = async () => {
+        return this.runWithHistory(task, "task", async () => {
+          await this.runTask(task);
+        });
+      };
      runnerList.push(runner);
    }

    let resList: ResultType[] = [];
    if (stage.concurrency === ConcurrencyStrategy.Parallel) {
-      resList = await Promise.all(runnerList);
+      const pList = [];
+      for (const item of runnerList) {
+        pList.push(item());
+      }
+      resList = await Promise.all(pList);
    } else {
      for (let i = 0; i < runnerList.length; i++) {
        const runner = runnerList[i];
-        resList[i] = await runner;
+        resList[i] = await runner();
      }
    }
    return this.compositionResultType(resList);
@@ -190,7 +208,7 @@ export class Executor {

  private async runStep(step: Step) {
    const currentLogger = this.runtime._loggers[step.id];
-
+    this.currentStatusMap.add(step);
    const lastStatus = this.lastStatusMap.get(step.id);
    //执行任务
    const plugin: RegistryItem<AbstractTaskPlugin> = pluginRegistry.get(step.type);
@@ -204,11 +222,11 @@ export class Executor {
      if (item.component?.name === "pi-output-selector") {
        const contextKey = step.input[key];
        if (contextKey != null) {
-          const value = this.runtime.context[contextKey];
-          if (value == null) {
-            currentLogger.warn(`[step init] input ${define.title} is null`);
-          }
-          step.input[key] = value;
+          // "cert": "step.-BNFVPMKPu2O-i9NiOQxP.cert",
+          const arr = contextKey.split(".");
+          const id = arr[1];
+          const outputKey = arr[2];
+          step.input[key] = this.currentStatusMap.get(id)?.status?.output[outputKey] ?? this.lastStatusMap.get(id)?.status?.output[outputKey];
        }
      }
    });
@@ -229,23 +247,32 @@ export class Executor {
        parent: this.runtime.id,
        rootDir: this.options.fileRootDir,
      }),
+      signal: this.abort.signal,
    };
    instance.setCtx(taskCtx);

    await instance.onInstance();
    await instance.execute();
-
+    //执行结果处理
    if (instance._result.clearLastStatus) {
+      //是否需要清除所有状态
      this.lastStatusMap.clear();
    }
-    //输出到output context
-    _.forEach(define.output, (item, key) => {
+    //输出上下文变量到output context
+    _.forEach(define.output, (item: any, key: any) => {
      step.status!.output[key] = instance[key];
-      const stepOutputKey = `step.${step.id}.${key}`;
-      this.runtime.context[stepOutputKey] = instance[key];
+      // const stepOutputKey = `step.${step.id}.${key}`;
+      // this.runtime.context[stepOutputKey] = instance[key];
    });
-
    step.status!.files = instance.getFiles();
+
+    //更新pipeline vars
+    if (Object.keys(instance._result.pipelineVars).length > 0) {
+      // 判断 pipelineVars 有值时更新
+      const vars = this.pipelineContext.getObj("vars");
+      _.merge(vars, instance._result.pipelineVars);
+      await this.pipelineContext.setObj("vars", vars);
+    }
  }

  async notification(when: NotificationWhen, error?: any) {
@@ -275,12 +302,16 @@ export class Executor {
        continue;
      }
      if (notification.type === "email") {
-        this.options.emailService?.send({
-          userId: this.pipeline.userId,
-          subject,
-          content,
-          receivers: notification.options.receivers,
-        });
+        try {
+          await this.options.emailService?.send({
+            userId: this.pipeline.userId,
+            subject,
+            content,
+            receivers: notification.options.receivers,
+          });
+        } catch (e) {
+          logger.error("send email error", e);
+        }
      }
    }
  }
--- a/packages/core/pipeline/src/core/file-store.ts
+++ b/packages/core/pipeline/src/core/file-store.ts
@@ -1,8 +1,8 @@
-import { fileUtils } from "../utils";
+import { fileUtils } from "../utils/index.js";
 import dayjs from "dayjs";
 import path from "path";
 import fs from "fs";
-import { logger } from "../utils";
+import { logger } from "../utils/index.js";

 export type FileStoreOptions = {
  rootDir?: string;
@@ -10,9 +10,17 @@ export type FileStoreOptions = {
  parent: string;
 };

+export interface IFileStore {
+  readFile(filePath: string): Buffer | null;
+  writeFile(filename: string, file: Buffer): string;
+  deleteByParent(scope: string, parent: string): void;
+}
+
 export class FileStore {
  rootDir: string;
+  // pipelineId
  scope: string;
+  // historyId
  parent: string;
  constructor(options?: FileStoreOptions) {
    this.rootDir = fileUtils.getFileRootDir(options?.rootDir);
@@ -35,7 +43,7 @@ export class FileStore {
    return localPath;
  }

-  private buildFilePath(filename: string) {
+  protected buildFilePath(filename: string) {
    const parentDir = path.join(this.rootDir, this.scope + "", this.parent + "", dayjs().format("YYYY-MM-DD"));
    if (!fs.existsSync(parentDir)) {
      fs.mkdirSync(parentDir, { recursive: true });
@@ -46,7 +54,10 @@ export class FileStore {
  deleteByParent(scope: string, parent: string) {
    const dir = path.join(this.rootDir, scope, parent);
    if (fs.existsSync(dir)) {
-      fs.unlinkSync(dir);
+      fs.rmSync(dir, {
+        recursive: true,
+        force: true,
+      });
    }
  }
 }
--- a/packages/core/pipeline/src/core/index.ts
+++ b/packages/core/pipeline/src/core/index.ts
@@ -1,5 +1,6 @@
-export * from "./executor";
-export * from "./run-history";
-export * from "./context";
-export * from "./storage";
-export * from "./file-store";
+export * from "./executor.js";
+export * from "./run-history.js";
+export * from "./context.js";
+export * from "./storage.js";
+export * from "./file-store.js";
+export * from "./license.js";
--- a/packages/core/pipeline/src/core/license.spec.ts
+++ b/packages/core/pipeline/src/core/license.spec.ts
@@ -0,0 +1,14 @@
+import { isPlus, verify } from "./license.js";
+import { equal } from "assert";
+describe("license", function () {
+  it("#license", async function () {
+    const req = {
+      subjectId: "999",
+      license: "",
+    };
+    const plus = isPlus();
+    equal(plus, false);
+    const res = await verify(req);
+    equal(res, true);
+  });
+});
--- a/packages/core/pipeline/src/core/license.ts
+++ b/packages/core/pipeline/src/core/license.ts
@@ -0,0 +1,138 @@
+import { createVerify } from "node:crypto";
+import { logger } from "../utils/index.js";
+import dayjs from "dayjs";
+
+let SecreteKey =
+  "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQW9VWE1EWUhjdi82WFROWEZFSUI2RlpuR2FER0cwZnR5bTV1dVhPck9NaVl0UkxSb1lvSGMKNVZxenE0N00rdEFqRFBhaTBlOFhWS1c3aytUQUw3MUs0N2JCQVEyWTBxNU5Ya3lYcE5PTVdueVFMYXBwb0tWNgpPMkFJMnpFVURWMVJVa0ZtMFZTVjU0VXNzMDcrdjI2aW5aQU1CWitDMU42eWFDc2tZL3grNnVlNkVRNVcyZXdFCjZOWEhJcUU1bHdEUmU2SXJtdEpnU2doSnlHTS91azIyejN6NGEraFVPVUlWMy9DbEhYV0VhRHBBRFFsakt3NSsKeHR0dURiTHZyUmdzdWp6czB0dEI2OE1SbXE0R0FJL0JtNWVPWkhlNGxFQjBFVVhFUXdVWE1jV1N1VFZSMUE2cApUM21LRGo5MGcwVDFZUlNOdE5TMm9aRzgvRWIwOVlxK3Z3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K";
+let appKey = "kQth6FHM71IPV3qdWc";
+if (process.env.NODE_ENV !== "production") {
+  SecreteKey =
+    "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXY3TGtMaUp1dGM0NzhTU3RaTExjajVGZXh1YjJwR2NLMGxwa0hwVnlZWjhMY29rRFhuUlAKUGQ5UlJSTVRTaGJsbFl2Mzd4QUhOV1ZIQ0ZsWHkrQklVU001bUlBU1NDQTV0azlJNmpZZ2F4bEFDQm1BY0lGMwozKzBjeGZIYVkrVW9YdVluMkZ6YUt2Ym5GdFZIZ0lkMDg4a3d4clZTZzlCT3BDRVZIR1pxR2I5TWN5MXVHVXhUClFTVENCbmpoTWZlZ0p6cXVPYWVOY0ZPSE5tbmtWRWpLTythbTBPeEhNS1lyS3ZnQnVEbzdoVnFENlBFMUd6V3AKZHdwZUV4QXZDSVJxL2pWTkdRK3FtMkRWOVNJZ3U5bmF4MktmSUtFeU50dUFFS1VpekdqL0VmRFhDM1cxMExhegpKaGNYNGw1SUFZU1o3L3JWVmpGbExWSVl0WDU1T054L1Z3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K";
+  appKey = "z4nXOeTeSnnpUpnmsV1";
+}
+
+export const AppKey = appKey;
+
+export type LicenseVerifyReq = {
+  subjectId: string;
+  license: string;
+};
+
+type License = {
+  appKey: string;
+  code: string;
+  subjectId: string;
+  expireTime: number;
+  activeTime: number;
+  duration: number;
+  version: number;
+  secret: string;
+  vipType: string;
+  signature: string;
+};
+
+class LicenseHolder {
+  isPlus = false;
+  expireTime = 0;
+  vipType = "";
+  message?: string = undefined;
+  secret?: string = undefined;
+}
+const holder = new LicenseHolder();
+holder.isPlus = false;
+
+class LicenseVerifier {
+  checked = false;
+  licenseReq?: LicenseVerifyReq = undefined;
+  async reVerify(req: LicenseVerifyReq) {
+    this.checked = false;
+    return await this.verify(req);
+  }
+
+  setPlus(value: boolean, info: any = {}) {
+    if (value && info) {
+      holder.isPlus = true;
+      holder.expireTime = info.expireTime;
+      holder.secret = info.secret;
+      holder.vipType = info.vipType;
+    } else {
+      holder.isPlus = false;
+      holder.expireTime = 0;
+      holder.vipType = "";
+      holder.message = info.message;
+      holder.secret = undefined;
+    }
+    return {
+      ...holder,
+    };
+  }
+  async verify(req: LicenseVerifyReq) {
+    this.licenseReq = req;
+    if (this.checked) {
+      return this.setPlus(false);
+    }
+    const license = req?.license;
+    if (!license) {
+      this.checked = true;
+      return this.setPlus(false);
+    }
+
+    const licenseJson = Buffer.from(license, "base64").toString();
+    const json: License = JSON.parse(licenseJson);
+    if (json.expireTime < Date.now()) {
+      logger.warn("授权已过期");
+      return this.setPlus(false, { message: "授权已过期" });
+    }
+    const content = `${appKey},${this.licenseReq.subjectId},${json.code},${json.secret},${json.vipType},${json.activeTime},${json.duration},${json.expireTime},${json.version}`;
+    // content := fmt.Sprintf("%s,%s,%s,%s,%d,%d,%d,%d,%d", entity.AppKey, entity.SubjectId, entity.Code, entity.Secret, entity.Level, entity.ActiveTime, entity.Duration, entity.ExpireTime, entity.Version)
+    //z4nXOeTeSnnpUpnmsV,_m9jFTdNHktdaEN4xBDw_,HZz7rAAR3h3zGlDMhScO1wGBYPjXpZ9S_1,uUpr9I8p6K3jWSzu2Wh5NECvgG2FNynU,0,1724199847470,365,1787271324416,1
+    logger.debug("content:", content);
+    const publicKey = Buffer.from(SecreteKey, "base64").toString();
+    const res = this.verifySignature(content, json.signature, publicKey);
+    this.checked = true;
+    if (!res) {
+      logger.warn("授权校验失败");
+      return this.setPlus(false, { message: "授权校验失败" });
+    }
+    logger.info(`授权校验成功，到期时间：${dayjs(json.expireTime).format("YYYY-MM-DD HH:mm:ss")}`);
+    return this.setPlus(true, {
+      expireTime: json.expireTime,
+      vipType: json.vipType || "plus",
+      secret: json.secret,
+    });
+  }
+
+  verifySignature(content: string, signature: any, publicKey: string) {
+    const verify = createVerify("RSA-SHA256");
+    verify.update(content);
+    return verify.verify(publicKey, signature, "base64");
+  }
+}
+
+const verifier = new LicenseVerifier();
+
+export function isPlus() {
+  return holder.isPlus && holder.expireTime > Date.now();
+}
+
+export function isCommercial() {
+  return holder.isPlus && holder.vipType === "comm" && holder.expireTime > Date.now();
+}
+
+export function getPlusInfo() {
+  return {
+    isPlus: holder.isPlus,
+    vipType: holder.vipType,
+    expireTime: holder.expireTime,
+    secret: holder.secret,
+  };
+}
+
+export async function verify(req: LicenseVerifyReq) {
+  try {
+    return await verifier.reVerify(req);
+  } catch (e) {
+    logger.error(e);
+    return verifier.setPlus(false, { message: "授权校验失败" });
+  }
+}
--- a/packages/core/pipeline/src/core/run-history.ts
+++ b/packages/core/pipeline/src/core/run-history.ts
@@ -1,6 +1,6 @@
-import { Context, HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { buildLogger } from "../utils/util.log";
+import { HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { buildLogger } from "../utils/util.log.js";
 import { Logger } from "log4js";

 export type HistoryStatus = {
@@ -14,15 +14,12 @@ export type RunTrigger = {

 export function NewRunHistory(obj: any) {
  const history = new RunHistory(obj.id, obj.trigger, obj.pipeline);
-  history.context = obj.context;
  history.logs = obj.logs;
  history._loggers = obj.loggers;
  return history;
 }
 export class RunHistory {
  id!: string;
-  //运行时上下文变量
-  context: Context = {};
  pipeline!: Pipeline;
  logs: {
    [runnableId: string]: string[];
@@ -168,4 +165,8 @@ export class RunnableCollection {
      item.status = undefined;
    });
  }
+
+  add(runnable: Runnable) {
+    this.collection[runnable.id] = runnable;
+  }
 }
--- a/packages/core/pipeline/src/core/storage.ts
+++ b/packages/core/pipeline/src/core/storage.ts
@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import { fileUtils } from "../utils/util.file";
+import { fileUtils } from "../utils/util.file.js";

 export interface IStorage {
  get(scope: string, namespace: string, version: string, key: string): Promise<string | null>;
--- a/packages/core/pipeline/src/d.ts/pipeline.ts
+++ b/packages/core/pipeline/src/d.ts/pipeline.ts
@@ -70,6 +70,7 @@ export type Runnable = {
  default?: {
    [key: string]: any;
  };
+  context?: Context;
 };

 export type EmailOptions = {
--- a/packages/core/pipeline/src/decorator/common.ts
+++ b/packages/core/pipeline/src/decorator/common.ts
@@ -1,4 +1,4 @@
-import { Decorator } from "./index";
+import { Decorator } from "./index.js";

 export type AutowireProp = {
  name?: string;
--- a/packages/core/pipeline/src/decorator/index.ts
+++ b/packages/core/pipeline/src/decorator/index.ts
@@ -1,2 +1,2 @@
-export * from "./utils";
-export * from "./common";
+export * from "./utils.js";
+export * from "./common.js";
--- a/packages/core/pipeline/src/decorator/utils.ts
+++ b/packages/core/pipeline/src/decorator/utils.ts
@@ -1,4 +1,4 @@
-import _ from "lodash";
+import _ from "lodash-es";

 const propertyMap: any = {};
 function attachProperty(target: any, propertyKey: string | symbol) {
@@ -11,7 +11,11 @@ function attachProperty(target: any, propertyKey: string | symbol) {
 }

 function getClassProperties(target: any) {
-  return propertyMap[target] || {};
+  //获取父类
+  const parent = Object.getPrototypeOf(target);
+  const parentMap = propertyMap[parent] || {};
+  const current = propertyMap[target] || {};
+  return _.merge({}, parentMap, current);
 }

 function target(target: any, propertyKey?: string | symbol) {
@@ -25,7 +29,7 @@ function target(target: any, propertyKey?: string | symbol) {
 }

 function inject(define: any, instance: any, context: any, preHandler?: (item: any, key: string, instance: any, context: any) => void) {
-  _.forEach(define, (item, key) => {
+  _.forEach(define, (item: any, key: any) => {
    if (preHandler) {
      preHandler(item, key, instance, context);
    }
--- a/packages/core/pipeline/src/dt/fast-crud.ts
+++ b/packages/core/pipeline/src/dt/fast-crud.ts
@@ -0,0 +1,115 @@
+/**
+ * [x]-col的配置
+ */
+export type ColProps = {
+  span?: number;
+  [props: string]: any;
+};
+
+export type FormItemProps = {
+  /**
+   * 字段label
+   */
+  title?: string;
+  /**
+   * 表单字段组件配置
+   */
+  component?: ComponentProps;
+  /**
+   * 表单字段 [a|el|n]-col的配置
+   * 一般用来配置跨列：{span:24} 占满一行
+   */
+  col?: ColProps;
+  /**
+   * 默认值
+   */
+  value?: any;
+  /**
+   * 帮助提示配置
+   */
+  helper?: string | FormItemHelperProps;
+  /**
+   * 排序号
+   */
+  order?: number;
+  /**
+   * 是否显示此字段
+   */
+  show?: boolean;
+  /**
+   * 是否是空白占位栏
+   */
+  blank?: boolean;
+
+  [key: string]: any;
+};
+
+/**
+ * 表单字段帮助说明配置
+ */
+export type FormItemHelperProps = {
+  /**
+   * 自定义渲染帮助说明
+   * @param scope
+   */
+  render?: (scope: any) => any;
+  /**
+   * 帮助文本
+   */
+  text?: string;
+  /**
+   * 帮助说明所在的位置，[ undefined | label]
+   */
+  position?: string;
+  /**
+   * [a|el|n]-tooltip配置
+   */
+  tooltip?: object;
+
+  [key: string]: any;
+};
+
+/**
+ * 组件配置
+ */
+export type ComponentProps = {
+  /**
+   * 组件的名称
+   */
+  name?: string | object;
+  /**
+   * vmodel绑定的目标属性名
+   */
+  vModel?: string;
+
+  /**
+   * 当原始组件名的参数被以上属性名占用时，可以配置在这里
+   * 例如:原始组件有一个叫name的属性，你想要配置它，则可以按如下配置
+   * ```
+   * component:{
+   *   name:"组件的名称"
+   *   props:{
+   *     name:"组件的name属性"  <-----------
+   *   }
+   * }
+   * ```
+   */
+  props?: {
+    [key: string]: any;
+  };
+
+  /**
+   * 组件事件监听
+   */
+  on?: {
+    [key: string]: (context?: any) => void;
+  };
+
+  /**
+   * 组件其他参数
+   * 事件：onXxx:(event)=>void 组件原始事件监听
+   *      on.onXxx:(context)=>void 组件事件监听(对原始事件包装)
+   * 样式：style、class等
+   */
+  [key: string]: any;
+};
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 :08
 :55