v1.22.7

build: prepare to build
fix: 修复保存配置报id不能为空的bug
2026-04-04 06:30:51 +08:00 · 2024-08-04 22:32:13 +08:00 · 2024-08-04 22:30:36 +08:00 · 2024-08-04 22:25:51 +08:00 · 2024-08-04 02:55:27 +08:00 · 2024-08-04 02:53:50 +08:00
978 changed files with 9969 additions and 32944 deletions
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -0,0 +1,69 @@
+name: build-image
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "build.trigger"
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  build-certd-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const pnpmWorkspace = "./pnpm-workspace.yaml";
+            fs.unlinkSync(pnpmWorkspace)
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+#      - name: Use Node.js
+#        uses: actions/setup-node@v4
+#        with:
+#          node-version: 18
+#          cache: 'npm'
+#        working-directory: ./packages/ui/certd-client
+      - run: |
+          npm install -g pnpm
+          pnpm install
+          npm run build
+        working-directory: ./packages/ui/certd-client
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to aliyun container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-shenzhen.aliyuncs.com
+          username: ${{ secrets.aliyun_cs_username }}
+          password: ${{ secrets.aliyun_cs_password }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6.5.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -0,0 +1,55 @@
+name: deploy-demo
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "deploy.trigger"
+  workflow_run:
+    workflows: [ "build-image" ]
+    types:
+      - completed
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  deploy-certd-demo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+      - uses: GuillaumeFalourd/wait-sleep-action@v1
+        with:
+          time: '10' # for 60 seconds
+      - name: Send HTTP request
+        id: request
+        uses: tyrrrz/action-http-request@master
+        with:
+          url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
+          method: POST
+          headers: |
+            Content-Type: application/json
+          body: |
+            {
+              "CERTD_VERSION": "${{steps.get_certd_version.outputs.result}}"
+            }
+          retry-count: 3
+          retry-delay: 5000
+
+
--- a/.github/workflows/sync-to-gitee.yml
+++ b/.github/workflows/sync-to-gitee.yml
@@ -2,8 +2,6 @@ name: sync-to-gitee
 on:
  push:
    branches: ['v2']
-  pull_request:
-    branches: ['v2']
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,8 @@ gen

 docker/image/workspace
 /packages/core/lego
+
+tsconfig.tsbuildinfo
+test/**/*.js
+/packages/ui/certd-server/data/db.sqlite
+/packages/ui/certd-server/data/keys.yaml
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,7 @@
+{
+  "printWidth": 160,
+  "bracketSpacing": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,169 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.22.7](https://github.com/certd/certd/compare/v1.22.6...v1.22.7) (2024-08-04)
+
+### Bug Fixes
+
+* 修复保存配置报id不能为空的bug ([367f807](https://github.com/certd/certd/commit/367f80731396003416665c22853dfbc09c2c03a0))
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+* 修复pg下pipeline title 类型问题 ([a9717b9](https://github.com/certd/certd/commit/a9717b9a0df7b5a64d4fe03314fecad4f59774cc))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 腾讯云clb支持更多大区选择 ([e4f4570](https://github.com/certd/certd/commit/e4f4570b29f26c60f1ee9660a4c507cbeaba3d7e))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+### Bug Fixes
+
+* 修复用户管理无法添加用户的bug ([e7e89b8](https://github.com/certd/certd/commit/e7e89b8de7386e84c0d6b8e217e2034909657d68))
+
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/certd/certd/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+* 支持arm64 ([fa14f87](https://github.com/certd/certd/commit/fa14f87a8093ef3addc5e5f3315ce1bfc9982782))
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+### Bug Fixes
+
+* lege 无执行权限问题 ([338eb3b](https://github.com/certd/certd/commit/338eb3bdfeb461e9b3bc7eee97b97a59f5642ffe))
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+### Bug Fixes
+
+* 修复创建流水线时，无法根据dns类型默认正确的dns授权的bug ([a2c43b5](https://github.com/certd/certd/commit/a2c43b50a6069ed48958fd142844a8568c2af452))
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+* 创建证书任务增加定时任务和邮件通知输入 ([427620d](https://github.com/certd/certd/commit/427620d34f3b8ad6933005faf1878908441a2453))
+* 支持配置启动后自动触发一次任务 ([a5a0c1f](https://github.com/certd/certd/commit/a5a0c1f6e7a3f05e581005e491d5b102ee854412))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+### Performance Improvements
+
+* 优化一些小细节 ([b168852](https://github.com/certd/certd/commit/b1688525dbbbfd67e0ab1cf5b4ddfbe9d394f370))
+* 增加备案号设置 ([bd3d959](https://github.com/certd/certd/commit/bd3d959944db63a5690b55ee150e1007133868b9))
+* 自动生成jwtkey，无需手动配置 ([390e485](https://github.com/certd/certd/commit/390e4853a570390a97df6a3b3882579f9547eeb4))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+### Performance Improvements
+
+* 申请证书时可以选择跳过本地dns校验 ([fe91d94](https://github.com/certd/certd/commit/fe91d94090d22ed0a3ea753ba74dfaa1bf057c17))
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+### Performance Improvements
+
+* 上传到主机，支持设置不mkdirs ([5ba9831](https://github.com/certd/certd/commit/5ba9831ed1aa6ec6057df246f1035b36b9c41d2e))
+* 说明优化，默认值优化 ([970c7fd](https://github.com/certd/certd/commit/970c7fd8a0f557770e973d8462ee5684ef742810))
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/certd/certd/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/certd/certd/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 文件上传提示由cert.crt改为cert.pem ([a09b0e4](https://github.com/certd/certd/commit/a09b0e48c176f3ed763791bd50322c29729f7c1c))
+* 优化cname verify ([eba333d](https://github.com/certd/certd/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/certd/certd/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Bug Fixes
+
+* 修复无法强制取消任务的bug ([9cc01db](https://github.com/certd/certd/commit/9cc01db1d569a5c45bb3e731f35d85df324a8e62))
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/certd/certd/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+* 支持windows文件上传 ([7f61cab](https://github.com/certd/certd/commit/7f61cab101fa13b4e88234e9ad47434e6130fed2))
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+### Bug Fixes
+
+* 修复修改密码功能异常问题 ([f740ff5](https://github.com/certd/certd/commit/f740ff517f521dce361284c2c54bccc68aee0ea2))
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+### Bug Fixes
+
+* 日志高度越界 ([c4c9adb](https://github.com/certd/certd/commit/c4c9adb8bfd513f57252e523794e3799a9b220f8))
+* 修复邮箱设置页面SMTP拼写错误的问题 ([b98f1c0](https://github.com/certd/certd/commit/b98f1c0dd0bc6c6b4f814c578692afdf6d90b88d))
+* 修复logo问题 ([7e483e6](https://github.com/certd/certd/commit/7e483e60913d509b113148c735fe13ba1d72dddf))
+
+### Performance Improvements
+
+* 增加警告，修复一些样式错乱问题 ([fd54c2f](https://github.com/certd/certd/commit/fd54c2ffac492222e85ff2f5f49a9ee5cfc73588))
+* ssh登录支持openssh格式私钥、支持私钥密码 ([5c2c508](https://github.com/certd/certd/commit/5c2c50839a9076004f9034d754ac6deb531acdfb))
+
+## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Bug Fixes
+
+* 修复aliyun域名超过100个找不到域名的bug ([5b1494b](https://github.com/certd/certd/commit/5b1494b3ce93d1026dc56ee741342fbb8bf7be24))
+
+### Performance Improvements
+
+* 增加系统设置，可以关闭自助注册功能 ([20feace](https://github.com/certd/certd/commit/20feacea12d43386540db6a600f391d786be4014))
+* 增加cloudflare access token说明 ([934e6e2](https://github.com/certd/certd/commit/934e6e2bd05387cd50ffab95f230933543954098))
+* 支持重置管理员密码，忘记密码的补救方案 ([732cbc5](https://github.com/certd/certd/commit/732cbc5e927b526850724594830392b2f10c6705))
+* 支持cloudflare域名 ([fbb9a47](https://github.com/certd/certd/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/certd/certd/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+### Bug Fixes
+
+* 增加权限相关helper说明 ([83e4083](https://github.com/certd/certd/commit/83e40836ebff10bec60efe8933183e1ba1c22bf9))
+* 增加权限相关helper说明 ([4304c94](https://github.com/certd/certd/commit/4304c9443ad9248f63dd6d8c512d8d6f32f90d37))
+
+### Performance Improvements
+
+* 上传到主机插件支持复制到本机路径 ([92446c3](https://github.com/certd/certd/commit/92446c339936f98f08f654b8971a7393d8435224))
+* 优化文件下载包名 ([d9eb927](https://github.com/certd/certd/commit/d9eb927b0a1445feab08b1958aa9ea80637a5ae6))
+* 增加任务复制功能 ([39ad759](https://github.com/certd/certd/commit/39ad7597fa0e19cc1f7631bbd6fea0a9e05a62c9))
+
+## [1.20.9](https://github.com/certd/certd/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package root
+
+## [1.20.8](https://github.com/certd/certd/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package root
+
 ## [1.20.7](https://github.com/certd/certd/compare/v1.20.6...v1.20.7) (2024-03-22)

 **Note:** Version bump only for package root
--- a/README.md
+++ b/README.md
@@ -1,21 +1,21 @@
 # CertD

-CertD 是一个免费全自动申请和部署SSL证书的工具。       
+CertD 是一个免费全自动申请和自动部署更新SSL证书的工具。       
 后缀D取自linux守护进程的命名风格，意为证书守护进程。    

+关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签
+
 ## 一、特性
-本项目不仅支持证书申请过程自动化，还可以自动化部署证书，让你的证书永不过期。     
+本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     

-* 全自动申请证书（支持阿里云、腾讯云、华为云注册的域名）
-* 全自动部署证书（目前支持服务器上传部署、部署到阿里云、腾讯云等）
-* 支持通配符域名
-* 支持多个域名打到一个证书上
+* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare等各种途径注册的域名）
+* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等）
+* 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 证书自动更新
+* 私有化部署，保障安全
 * 免费、免费、免费（[阿里云单个通配符域名证书最便宜也要1800/年](https://yundun.console.aliyun.com/?p=cas#/certExtend/buy/cn-hangzhou)）


-
 ## 二、在线体验

 官方Demo地址，自助注册后体验    
@@ -38,68 +38,125 @@ https://certd.handsfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     

-## 四、本地docker部署
+## 四、私有化部署
+
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全

 ### 1. 安装docker、docker-compose

-1.1 安装docker    
-https://docs.docker.com/engine/install/
+1.1 准备一台云服务器
+* 【阿里云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://www.aliyun.com/benefit?scm=20140722.M_10244282._.V_1&source=5176.11533457&userCode=qya11txb )】
+* 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
+  

-1.2 安装docker-compose     
-https://docs.docker.com/compose/install/linux/
+1.2 安装docker      
+
+https://docs.docker.com/engine/install/   
+选择对应的操作系统，按照官方文档执行命令即可   
+
+### 2. 运行certd
+
+[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+
+当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)

-### 2. 下载docker-compose.yaml文件
 ```bash
+# 随便创建一个目录
 mkdir certd
+# 进入目录
 cd certd
-wget https://raw.githubusercontent.com/certd/certd/v2/docker/run/docker-compose.yaml
-# 或者使用gitee地址
+# 下载docker-compose.yaml文件，或者手动下载放到certd目录下
 wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml

-# 根据需要修改里面的配置
-# 1.修改镜像版本号
-# 2.配置数据保存路径
-# 3.配置certd_auth_jwt_secret
-vi docker-compose.yaml
+# 可以根据需要修改里面的配置
+# 1.修改镜像版本号【可选】
+# 2.配置数据保存路径【可选】
+# 3.修改端口号【可选】
+vi docker-compose.yaml # 【可选】

-
-```
-> 镜像版本号与release版本号同步：    
-https://github.com/certd/certd/releases
-
-
-### 3. 运行
-```bash
-# 如果docker compose是插件化安装
-export CERTD_VERSION=1.2.0
+# 启动certd
 docker compose up -d

-#如果docker compose是独立安装
-export CERTD_VERSION=1.2.0
-docker-compose up -d
-
 ```
-### 4. 访问
+> 如果提示 没有compose命令,请安装docker-compose   
+> https://docs.docker.com/compose/install/linux/

-http://your_server_ip:7001 
-默认账号密码：admin/123456 
-记得修改密码
+#### 镜像说明：
+* certd镜像地址:
+  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
+
+* 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
+  * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
+
+![](./doc/images/action-build.jpg)


-## 五、一些说明
+### 3. 访问

+http://your_server_ip:7001    
+默认账号密码：admin/123456    
+记得修改密码   
+
+
+## 五、 升级
+如果使用固定版本号
+1. 修改`docker-compose.yaml`中的镜像版本号
+2. 运行 `docker compose up -d` 即可
+
+如果使用`latest`版本
+1. 重新拉取镜像 `docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` 
+2. 重新启动容器 `docker compose restart`
+
+> 数据默认存在`/data/certd`目录下，不用担心数据丢失   
+
+
+更新日志： [CHANGELOG](./CHANGELOG.md)
+
+
+## 六、一些说明
 * 本项目ssl证书提供商为letencrypt
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
  * http-01： 在网站根目录下放置一份txt文件
  * dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式
 * 证书续期：
-  * 实际上acme并没有续期概念。
-  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书。
+  * 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
+  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署

-## 六、联系作者
+
+## 七、不同平台的设置说明
+
+* [Cloudflare](./doc/cf/cf.md)
+* [腾讯云](./doc/tencent/tencent.md)
+* [windows主机](./doc/host/host.md)
+
+
+## 八、问题处理
+### 7.1 忘记管理员密码   
+解决方法如下：
+1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPassword`改为`true`
+```yaml
+services:
+  certd:
+    environment: # 环境变量
+      - certd_system_resetAdminPassword=false
+```
+2. 重启容器
+```shell
+docker compose up -d
+docker logs -f --tail 500 certd
+# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
+```
+3. 修改docker-compose.yaml，将`certd_system_resetAdminPassword`改回`false`
+4. 再次重启容器
+```shell
+docker compose up -d
+```
+5. 使用`admin/123456`登录系统，请及时修改管理员密码
+
+## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
 * QQ群：141236433
 * 微信群：   
@@ -111,7 +168,7 @@ http://your_server_ip:7001
 <img height="230" src="./doc/images/me.png">
 </p>

-## 捐赠
+## 十、捐赠
 媳妇儿说：“一天到晚搞开源，也不管管老婆孩子！😡😡😡”        
 拜托各位捐赠支持一下，让媳妇儿开心开心，我也能有更多时间进行开源项目，感谢🙏🙏🙏
 <p align="center">
@@ -119,12 +176,20 @@ http://your_server_ip:7001
 </p>


-## 七、贡献代码
+## 十一、贡献代码

-[贡献插件教程](./packages/plugins/plugin-center/README.md)
+[贡献插件教程](./plugin.md)


-## 八、我的其他项目
+## 十二、我的其他项目（求Star）
 * [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
 * [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
 * [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
+
+
+
+## 十三、更新日志
+
+更新日志：[CHANGELOG](./CHANGELOG.md)
+
+
--- a/build.trigger
+++ b/build.trigger
@@ -0,0 +1 @@
+02:55
--- a/deploy.js
+++ b/deploy.js
@@ -1,8 +1,7 @@
 import http from 'axios'
 import fs from 'fs'
-
 //读取 packages/core/pipline/package.json的版本号
-import {default as packageJson} from './packages/core/pipeline/package.json';
+import {default as packageJson} from './packages/core/pipeline/package.json' assert { type: "json" };

 const certdVersion = packageJson.version
 console.log("certdVersion", certdVersion)
@@ -33,8 +32,9 @@ async function getPackages(directoryPath) {
 async function getAllPackages() {
    const base = await getPackages("./packages/core")
    const plugins = await getPackages("./packages/plugins")
+    const libs = await getPackages("./packages/libs")

-    return base.concat(plugins)
+    return base.concat(plugins).concat(libs)
 }

 async function sync() {
@@ -49,7 +49,7 @@ async function sync() {
            data: {}
        })
        console.log(`sync success:${pkg}`)
-        await sleep(100*1000)
+        await sleep(30*1000)
    }
 }

@@ -79,7 +79,7 @@ async function triggerBuild() {
            }
        })
        console.log(`webhook success:${webhook}`)
-        await sleep(10*60*1000)
+        await sleep(30*60*1000)
    }

 }
@@ -87,9 +87,9 @@ async function triggerBuild() {
 async function start() {
    // await build()
    console.log("等待60秒")
-    await sleep(200 * 1000)
+    await sleep(100* 1000)
    await sync()
-    await sleep(60 * 1000)
+    await sleep(100 * 1000)
    await triggerBuild()
 }

--- a/deploy.trigger
+++ b/deploy.trigger
@@ -0,0 +1 @@
+5
--- a/doc/cf/cf.md
+++ b/doc/cf/cf.md
@@ -0,0 +1,15 @@
+# Cloudflare 
+
+
+## CF Token申请
+
+### 申请地址：
+https://dash.cloudflare.com/profile/api-tokens
+
+### 权限设置：
+需要设置权限和资源范围  
+权限包括：Zone.Zone.edit, Zone.DNS.edit  
+资源范围：要包含对应域名，推荐直接设置为All Zones  
+最终效果如下，可以切换语言为英文对比如下图检查
+
+![](./cf_token.png)
--- a/doc/cf/cf_token.png
+++ b/doc/cf/cf_token.png
--- a/doc/host/host.md
+++ b/doc/host/host.md
@@ -0,0 +1,24 @@
+# 远程主机
+
+远程主机基于ssh协议，通过ssh连接远程主机，执行命令。
+
+## windows开启OpenSSH Server
+1. 安装OpenSSH Server
+请前往Microsoft官方文档查看如何开启openSSH
+https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#install-openssh-for-windows
+
+2. 启动OpenSSH Server服务
+```
+win+R  弹出运行对话框，输入 services.msc 打开服务管理器
+找到 OpenSSH SSH Server 
+启动ssh server服务，并且设置为自动启动
+```
+
+3. 测试ssh登录
+使用你常用的ssh客户端，连接你的windows主机，进行测试 
+
+```cmd
+# 如何确定你用户名
+C:\Users\xiaoj>
+          ↑↑↑↑---------这个就是windows ssh的登录用户名
+```
--- a/doc/images/15-2-email.png
+++ b/doc/images/15-2-email.png
--- a/doc/images/action-build.jpg
+++ b/doc/images/action-build.jpg
--- a/doc/tencent/dnspod-token.png
+++ b/doc/tencent/dnspod-token.png
--- a/doc/tencent/tencent-access.png
+++ b/doc/tencent/tencent-access.png
--- a/doc/tencent/tencent.md
+++ b/doc/tencent/tencent.md
@@ -0,0 +1,16 @@
+# 腾讯云
+
+
+## DNSPOD 授权设置
+目前腾讯云管理的域名的dns暂时只支持从DNSPOD进行设置    
+打开 https://console.dnspod.cn/account/token/apikey    
+然后按如下方式获取DNSPOD的授权
+![](./dnspod-token.png)
+
+
+## 腾讯云API密钥设置
+
+腾讯云其他部署需要API密钥，需要在腾讯云控制台进行设置   
+打开 https://console.cloud.tencent.com/cam/capi   
+然后按如下方式获取腾讯云的API密钥    
+![](./tencent-access.png)
--- a/docker/image/Dockerfile
+++ b/docker/image/Dockerfile
@@ -1,18 +0,0 @@
-FROM registry.cn-shenzhen.aliyuncs.com/handsfree/node:16-alpine
-EXPOSE 7001
-ENV NODE_ENV production
-ENV MIDWAY_SERVER_ENV production
-WORKDIR /app/
-#RUN npm install cross-env -g  --registry=https://registry.npmmirror.com
-#RUN npm install pm2 -g  --registry=https://registry.npmmirror.com
-#RUN pm2 install pm2-logrotate
-ADD ./workspace/certd-server/ /app/
-RUN yarn install --production  --registry=https://registry.npmmirror.com
-#RUN yarn install --production
-RUN npm run build
-#CMD ["pm2-runtime", "start", "./bootstrap.js","--name", "certd","-i","1"]
-CMD ["npm", "run","start"]
-
-
-
-
--- a/docker/image/build.sh
+++ b/docker/image/build.sh
@@ -1,37 +0,0 @@
-#!/bin/bash
-set -e
-echo "请先输入一个版本号："
-read version
-
-echo "您输入的版本号是： $version"
-echo "登录aliyun镜像仓库"
-sudo docker login --username=252959493@qq.com registry.cn-shenzhen.aliyuncs.com
-
-build=$(pwd)
-cd ../../
-root=$(pwd)
-echo "安装依赖"
-#pnpm install --registry=https://registry.npmmirror.com
-pnpm install
-
-echo "client build"
-cd $root/packages/ui/certd-client
-pnpm run build
-echo "client build success"
-
-echo "server build"
-cd $root/packages/ui/certd-server
-pnpm run build
-echo "server build success"
-
-echo "rm node_modules"
-rm ./node_modules -rf
-
-echo "copy to workspace"
-mkdir -p $build/workspace/certd-server
-\cp ./* $build/workspace/certd-server -rf
-\cp ../certd-client/dist/* $build/workspace/certd-server/public/ -rf
-
-#export TAG=$version
-#sudo -E docker compose build
-#sudo -E docker compose push
--- a/docker/run/Dockerfile
+++ b/docker/run/Dockerfile
@@ -1,9 +0,0 @@
-FROM registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
-EXPOSE 7001
-RUN npm run build
-#RUN npm install pm2 -g  --registry=https://registry.npmmirror.com
-#CMD ["pm2-runtime", "start", "./bootstrap.js","--name", "certd","-i","1","--", "-p", "7001"]
-CMD ["npm","run", "start"]
-
-
-
--- a/docker/run/build.sh
+++ b/docker/run/build.sh
@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-# 判断$CERTD_VERSION 是否存在
-if [ -n "$CERTD_VERSION" ]; then
-    echo "CERTD_VERSION is set = $CERTD_VERSION"
-else
-    echo "CERTD_VERSION is not set"
-    echo "请先输入一个版本号(如 1.0.6)："
-    read CERTD_VERSION
-fi
-
-echo "您输入的版本号是： $CERTD_VERSION"
-sudo -E docker compose up -d
--- a/docker/run/docker-compose.yaml
+++ b/docker/run/docker-compose.yaml
@@ -1,23 +1,33 @@
 version: '3.3'
 services:
  certd:
-    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 修改镜像版本号，或者干脆写成latest
-    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${CERTD_VERSION}
+    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 镜像版本号，建议改成固定版本号【可选】
+    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
    container_name: certd # 容器名
-    restart: unless-stopped # 重启
+    restart: unless-stopped # 自动重启
    volumes:
-      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 修改数据库以及证书存储路径
+      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下【可选】
      - /data/certd:/app/data
    ports: # 端口映射
+      #  ↓↓↓↓ ----------------------------------------------------------3、如果端口有冲突，可以修改第一个7001为其他不冲突的端口号【可选】
      - "7001:7001"
+    dns:
+      # 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
+      - 223.5.5.5
+      - 223.6.6.6
+      - 8.8.8.8
+      - 8.8.4.4
    environment: # 环境变量
      - TZ=Asia/Shanghai
-      - certd_auth_jwt_secret=changeme
-                            #  ↑↑↑↑↑ ---------------------------------- 3、 修改成你的自定义密钥
+      - certd_system_resetAdminPassword=false
+                                     #  ↑↑↑↑↑---------------------------4、如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false【可选】
+      - certd_cron_immediateTriggerOnce=false
+                                     #  ↑↑↑↑↑---------------------------5、如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次【可选】
+      - VITE_APP_ICP_NO=
+                      #  ↑↑↑↑↑ -----------------------------------------6、这里可以设置备案号【可选】
      # 设置环境变量即可自定义certd配置
      # 服务端配置项见： packages/ui/certd-server/src/config/config.default.ts
      # 服务端配置规则： certd_ + 配置项, 点号用_代替
-      # 如jwt密钥配置为： auth.jwt.secret，则设置环境变量 certd_auth_jwt_secret=changeme

      # 客户端配置项见： packages/ui/certd-client/.env
      # 按实际名称配置环境变量即可，如： VITE_APP_API=http://localhost:7001
--- a/lerna.json
+++ b/lerna.json
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.20.7"
+  "version": "1.22.7"
 }
--- a/package.json
+++ b/package.json
@@ -12,16 +12,17 @@
  "scripts": {
    "start": "lerna bootstrap --hoist",
    "i-all": "lerna link && lerna exec npm install  ",
-    "publish": "npm run proxy && npm run prepublishOnly1  && lerna publish --conventional-commits && npm run afterpublishOnly && npm run deploy1",
-    "afterpublishOnly": "",
-    "proxy": "npm config set proxy=http://127.0.0.1:10811",
-    "prepublishOnly1": "npm run before-build && lerna run build ",
-    "before-build": "cd ./packages/core/acme-client && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
-    "deploy1": "node --experimental-json-modules deploy.js "
+    "publish": "npm run prepublishOnly1  && lerna publish --conventional-commits --create-release github && npm run afterpublishOnly",
+    "afterpublishOnly": "time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
+    "prepublishOnly1": "npm run check && npm run before-build && lerna run build ",
+    "before-build": "cd ./packages/core/pipeline && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
+    "deploy1": "node --experimental-json-modules deploy.js ",
+    "check": "node --experimental-json-modules publish-check.js",
+    "init": "lerna run build"
  },
  "license": "AGPL-3.0",
  "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
    "lodash": "^4.17.21"
  },
  "workspaces": [
--- a/packages/core/acme-client/.eslintrc.yml
+++ b/packages/core/acme-client/.eslintrc.yml
@@ -9,15 +9,8 @@ env:
 rules:
  indent: [2, 4, { SwitchCase: 1, VariableDeclarator: 1 }]
  brace-style: [2, 'stroustrup', { allowSingleLine: true }]
-  space-before-function-paren: [2, { anonymous: 'never', named: 'never' }]
  func-names: 0
-  prefer-destructuring: 0
-  object-curly-newline: 0
  class-methods-use-this: 0
-  wrap-iife: [2, 'inside']
  no-param-reassign: 0
-  comma-dangle: [2, 'never']
  max-len: [1, 200, 2, { ignoreUrls: true, ignoreComments: false }]
-  no-multiple-empty-lines: [2, { max: 2, maxBOF: 0, maxEOF: 0 }]
-  prefer-object-spread: 0
  import/no-useless-path-segments: 0
--- a/packages/core/acme-client/.github/scripts/tests-install-cts.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-cts.sh
@@ -5,8 +5,10 @@
 set -euo pipefail

 # Download and install
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv-linux-amd64.tar.gz" -O /tmp/pebble-challtestsrv.tar.gz
+tar zxvf /tmp/pebble-challtestsrv.tar.gz -C /tmp

+mv /tmp/pebble-challtestsrv-linux-amd64/linux/amd64/pebble-challtestsrv /usr/local/bin/pebble-challtestsrv
 chown root:root /usr/local/bin/pebble-challtestsrv
 chmod 0755 /usr/local/bin/pebble-challtestsrv

--- a/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
@@ -22,12 +22,14 @@ wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION
 wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${CONFIG_NAME}" -O /etc/pebble/pebble.json

 # Download and install Pebble
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble-linux-amd64.tar.gz" -O /tmp/pebble.tar.gz
+tar zxvf /tmp/pebble.tar.gz -C /tmp

+mv /tmp/pebble-linux-amd64/linux/amd64/pebble /usr/local/bin/pebble
 chown root:root /usr/local/bin/pebble
 chmod 0755 /usr/local/bin/pebble

 # Config
-sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+sed -i 's#test/certs/localhost#/etc/pebble#' /etc/pebble/pebble.json

 exit 0
--- a/packages/core/acme-client/.github/workflows/tests.yml
+++ b/packages/core/acme-client/.github/workflows/tests.yml
@@ -1,4 +1,3 @@
---
 name: test
 on: [push, pull_request]

@@ -12,7 +11,6 @@ jobs:
        node: [16, 18, 20]
        eab: [0, 1]

-
    #
    # Environment
    #
@@ -21,9 +19,9 @@ jobs:
      FORCE_COLOR: 1
      NPM_CONFIG_COLOR: always

-      PEBBLE_VERSION: 2.3.1
+      PEBBLE_VERSION: 2.6.0
      PEBBLE_ALTERNATE_ROOTS: 2
-      PEBBLECTS_VERSION: 2.3.1
+      PEBBLECTS_VERSION: 2.6.0
      PEBBLECTS_DNS_PORT: 8053
      COREDNS_VERSION: 1.11.1

@@ -41,7 +39,6 @@ jobs:
      ACME_HTTP_PORT: 5002
      ACME_HTTPS_PORT: 5003

-
    #
    # Pipeline
    #
--- a/packages/core/acme-client/.gitignore
+++ b/packages/core/acme-client/.gitignore
@@ -1,3 +1,4 @@
+.actrc
 .vscode/
 node_modules/
 npm-debug.log
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -3,6 +3,97 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.22.6](https://github.com/publishlab/node-acme-client/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.4](https://github.com/publishlab/node-acme-client/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/publishlab/node-acme-client/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+
+## [1.22.3](https://github.com/publishlab/node-acme-client/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.2](https://github.com/publishlab/node-acme-client/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.1](https://github.com/publishlab/node-acme-client/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.22.0](https://github.com/publishlab/node-acme-client/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/publishlab/node-acme-client/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+
+## [1.21.2](https://github.com/publishlab/node-acme-client/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.21.1](https://github.com/publishlab/node-acme-client/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.21.0](https://github.com/publishlab/node-acme-client/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/publishlab/node-acme-client/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/publishlab/node-acme-client/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/publishlab/node-acme-client/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 优化cname verify ([eba333d](https://github.com/publishlab/node-acme-client/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/publishlab/node-acme-client/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/publishlab/node-acme-client/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/publishlab/node-acme-client/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/publishlab/node-acme-client/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+
+## [1.20.14](https://github.com/publishlab/node-acme-client/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.13](https://github.com/publishlab/node-acme-client/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.12](https://github.com/publishlab/node-acme-client/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Bug Fixes
+
+* 修复aliyun域名超过100个找不到域名的bug ([5b1494b](https://github.com/publishlab/node-acme-client/commit/5b1494b3ce93d1026dc56ee741342fbb8bf7be24))
+
+### Performance Improvements
+
+* 支持cloudflare域名 ([fbb9a47](https://github.com/publishlab/node-acme-client/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/publishlab/node-acme-client/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.9](https://github.com/publishlab/node-acme-client/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.8](https://github.com/publishlab/node-acme-client/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.20.7](https://github.com/publishlab/node-acme-client/compare/v1.20.6...v1.20.7) (2024-03-22)

 **Note:** Version bump only for package @certd/acme-client
@@ -19,6 +110,16 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

 # Changelog

+## v5.4.0
+
+* `added` Directory URLs for [Google](https://cloud.google.com/certificate-manager/docs/overview) ACME provider
+* `fixed` Invalidate ACME directory cache after 24 hours
+
+## v5.3.1 (2024-05-22)
+
+* `fixed` Allow `client.auto()` being called with an empty CSR common name
+* `fixed` Bug when calling `updateAccountKey()` with external account binding
+
 ## v5.3.0 (2024-02-05)

 * `added` Support and tests for satisfying `tls-alpn-01` challenges
@@ -51,7 +152,7 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 * `fixed` Upgrade `axios@0.26.1`
 * `fixed` Upgrade `node-forge@1.3.0` - [CVE-2022-24771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771), [CVE-2022-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772), [CVE-2022-24773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773)

-## 4.2.4 (2022-03-19)
+## v4.2.4 (2022-03-19)

 * `fixed` Use SHA-256 when signing CSRs

--- a/packages/core/acme-client/README.md
+++ b/packages/core/acme-client/README.md
@@ -9,13 +9,13 @@ This module is written to handle communication with a Boulder/Let's Encrypt-styl

 ## Compatibility

-| acme-client   | Node.js   |                                           |
-| ------------- | --------- | ----------------------------------------- |
-| v5.x          | >= v16    | [Upgrade guide](docs/upgrade-v5.md)       |
-| v4.x          | >= v10    | [Changelog](CHANGELOG.md#v400-2020-05-29) |
-| v3.x          | >= v8     | [Changelog](CHANGELOG.md#v300-2019-07-13) |
-| v2.x          | >= v4     | [Changelog](CHANGELOG.md#v200-2018-04-02) |
-| v1.x          | >= v4     | [Changelog](CHANGELOG.md#v100-2017-10-20) |
+| acme-client | Node.js |                                           |
+| ----------- | ------- | ----------------------------------------- |
+| v5.x        | >= v16  | [Upgrade guide](docs/upgrade-v5.md)       |
+| v4.x        | >= v10  | [Changelog](CHANGELOG.md#v400-2020-05-29) |
+| v3.x        | >= v8   | [Changelog](CHANGELOG.md#v300-2019-07-13) |
+| v2.x        | >= v4   | [Changelog](CHANGELOG.md#v200-2018-04-02) |
+| v1.x        | >= v4   | [Changelog](CHANGELOG.md#v100-2017-10-20) |

 ## Table of contents

@@ -49,7 +49,7 @@ const accountPrivateKey = '<PEM encoded private key>';

 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: accountPrivateKey
+    accountKey: accountPrivateKey,
 });
 ```

@@ -59,6 +59,9 @@ const client = new acme.Client({
 acme.directory.buypass.staging;
 acme.directory.buypass.production;

+acme.directory.google.staging;
+acme.directory.google.production;
+
 acme.directory.letsencrypt.staging;
 acme.directory.letsencrypt.production;

@@ -75,8 +78,8 @@ const client = new acme.Client({
    accountKey: accountPrivateKey,
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```

@@ -90,7 +93,7 @@ In some cases, for example with some EAB providers, this account creation step m
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
    accountKey: accountPrivateKey,
-    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678'
+    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678',
 });
 ```

@@ -113,8 +116,7 @@ const privateRsaKey = await acme.crypto.createPrivateRsaKey();
 const privateEcdsaKey = await acme.crypto.createPrivateEcdsaKey();

 const [certificateKey, certificateCsr] = await acme.crypto.createCsr({
-    commonName: '*.example.com',
-    altNames: ['example.com']
+    altNames: ['example.com', '*.example.com'],
 });
 ```

@@ -139,7 +141,7 @@ const autoOpts = {
    email: 'test@example.com',
    termsOfServiceAgreed: true,
    challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
-    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
+    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {},
 };

 const certificate = await client.auto(autoOpts);
@@ -156,7 +158,7 @@ To modify challenge priority, provide a list of challenge types in `challengePri
 ```js
 await client.auto({
    ...,
-    challengePriority: ['http-01', 'dns-01']
+    challengePriority: ['http-01', 'dns-01'],
 });
 ```

@@ -171,7 +173,7 @@ To completely disable `acme-client`s internal challenge verification, enable `sk
 ```js
 await client.auto({
    ...,
-    skipChallengeVerification: true
+    skipChallengeVerification: true,
 });
 ```

@@ -185,14 +187,14 @@ For more fine-grained control you can interact with the ACME API using the metho
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });

 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: '*.example.com' }
-    ]
+        { type: 'dns', value: '*.example.com' },
+    ],
 });
 ```

@@ -207,7 +209,7 @@ const acme = require('acme-client');

 acme.axios.defaults.proxy = {
    host: '127.0.0.1',
-    port: 9000
+    port: 9000,
 };
 ```

--- a/packages/core/acme-client/build.md
+++ b/packages/core/acme-client/build.md
@@ -1 +1 @@
-10:30
+20:55
--- a/packages/core/acme-client/docs/client.md
+++ b/packages/core/acme-client/docs/client.md
@@ -63,7 +63,7 @@ Create ACME client instance
 ```js
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: 'Private key goes here'
+    accountKey: 'Private key goes here',
 });
 ```
 **Example**  
@@ -75,7 +75,7 @@ const client = new acme.Client({
    accountUrl: 'Optional account URL goes here',
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 });
 ```
 **Example**  
@@ -86,8 +86,8 @@ const client = new acme.Client({
    accountKey: 'Private key goes here',
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```
 <a name="AcmeClient+getTermsOfServiceUrl"></a>
@@ -145,7 +145,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
 Create a new account
 ```js
 const account = await client.createAccount({
-    termsOfServiceAgreed: true
+    termsOfServiceAgreed: true,
 });
 ```
 **Example**  
@@ -153,7 +153,7 @@ Create a new account with contact info
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccount"></a>
@@ -174,7 +174,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
 Update existing account
 ```js
 const account = await client.updateAccount({
-    contact: ['mailto:foo@example.com']
+    contact: ['mailto:foo@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccountKey"></a>
@@ -218,8 +218,8 @@ Create a new order
 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: 'test.example.com' }
-    ]
+        { type: 'dns', value: 'test.example.com' },
+    ],
 });
 ```
 <a name="AcmeClient+getOrder"></a>
@@ -452,7 +452,7 @@ Revoke certificate with reason
 ```js
 const certificate = { ... }; // Previously created certificate
 const result = await client.revokeCertificate(certificate, {
-    reason: 4
+    reason: 4,
 });
 ```
 <a name="AcmeClient+auto"></a>
@@ -479,7 +479,7 @@ Auto mode
 Order a certificate using auto mode
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });

 const certificate = await client.auto({
@@ -491,14 +491,14 @@ const certificate = await client.auto({
    },
    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
        // Clean up challenge here
-    }
+    },
 });
 ```
 **Example**  
 Order a certificate using auto mode with preferred chain
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });

 const certificate = await client.auto({
@@ -507,7 +507,7 @@ const certificate = await client.auto({
    termsOfServiceAgreed: true,
    preferredChain: 'DST Root CA X3',
    challengeCreateFn: async () => {},
-    challengeRemoveFn: async () => {}
+    challengeRemoveFn: async () => {},
 });
 ```
 <a name="Client"></a>
--- a/packages/core/acme-client/docs/crypto.md
+++ b/packages/core/acme-client/docs/crypto.md
@@ -239,29 +239,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -270,8 +271,9 @@ Certificate Signing Request with ECDSA private key
 const certificateKey = await acme.crypto.createPrivateEcdsaKey();

 const [, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
+```
 <a name="createAlpnCertificate"></a>

 ## createAlpnCertificate(authz, keyAuthorization, [keyPem]) ⇒ <code>Promise.&lt;Array.&lt;buffer&gt;&gt;</code>
@@ -298,6 +300,7 @@ Create a ALPN certificate with ECDSA private key
 ```js
 const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+```
 <a name="isAlpnCertificateAuthorizationValid"></a>

 ## isAlpnCertificateAuthorizationValid(certPem, keyAuthorization) ⇒ <code>boolean</code>
--- a/packages/core/acme-client/docs/forge.md
+++ b/packages/core/acme-client/docs/forge.md
@@ -222,29 +222,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -253,5 +254,5 @@ Certificate Signing Request with predefined private key
 const certificateKey = await acme.forge.createPrivateKey();

 const [, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
--- a/packages/core/acme-client/examples/api.js
+++ b/packages/core/acme-client/examples/api.js
@@ -8,7 +8,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }

-
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -25,7 +24,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }

-
 /**
 * Function used to remove an ACME challenge response
 *
@@ -41,30 +39,29 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }

-
 /**
 * Main
 */

-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });

    /* Register account */
    await client.createAccount({
        termsOfServiceAgreed: true,
-        contact: ['mailto:test@example.com']
+        contact: ['mailto:test@example.com'],
    });

    /* Place new order */
    const order = await client.createOrder({
        identifiers: [
            { type: 'dns', value: 'example.com' },
-            { type: 'dns', value: '*.example.com' }
-        ]
+            { type: 'dns', value: '*.example.com' },
+        ],
    });

    /**
@@ -138,8 +135,7 @@ module.exports = async function() {

    /* Finalize order */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: '*.example.com',
-        altNames: ['example.com']
+        altNames: ['example.com', '*.example.com'],
    });

    const finalized = await client.finalizeOrder(order, csr);
--- a/packages/core/acme-client/examples/auto.js
+++ b/packages/core/acme-client/examples/auto.js
@@ -9,7 +9,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }

-
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -47,7 +46,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    }
 }

-
 /**
 * Function used to remove an ACME challenge response
 *
@@ -80,25 +78,24 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {

        /* Replace this */
        log(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
-        // await dnsProvider.removeRecord(dnsRecord, 'TXT');
+        // await dnsProvider.removeRecord(dnsRecord, 'TXT', recordValue);
    }
 }

-
 /**
 * Main
 */

-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });

    /* Create CSR */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: 'example.com'
+        altNames: ['example.com'],
    });

    /* Certificate */
@@ -107,7 +104,7 @@ module.exports = async function() {
        email: 'test@example.com',
        termsOfServiceAgreed: true,
        challengeCreateFn,
-        challengeRemoveFn
+        challengeRemoveFn,
    });

    /* Done */
--- a/packages/core/acme-client/examples/dns-01/dns-01.js
+++ b/packages/core/acme-client/examples/dns-01/dns-01.js
@@ -19,7 +19,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * Main
 */
@@ -33,18 +32,16 @@ function log(m) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * Order wildcard certificate
         */

        log(`Creating CSR for ${WILDCARD_DOMAIN}`);
        const [key, csr] = await acme.crypto.createCsr({
-            commonName: WILDCARD_DOMAIN,
-            altNames: [`*.${WILDCARD_DOMAIN}`]
+            altNames: [WILDCARD_DOMAIN, `*.${WILDCARD_DOMAIN}`],
        });

        log(`Ordering certificate for ${WILDCARD_DOMAIN}`);
@@ -60,12 +57,11 @@ function log(m) {
            challengeRemoveFn: (authz, challenge, keyAuthorization) => {
                /* TODO: Implement this */
                log(`[TODO] Remove TXT record key=_acme-challenge.${authz.identifier.value} value=${keyAuthorization}`);
-            }
+            },
        });

        log(`Certificate for ${WILDCARD_DOMAIN} created successfully`);

-
        /**
         * HTTPS server
         */
@@ -78,7 +74,7 @@ function log(m) {

        const httpsServer = https.createServer({
            key,
-            cert
+            cert,
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/http-01/http-01.js
+++ b/packages/core/acme-client/examples/http-01/http-01.js
@@ -23,7 +23,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * On-demand certificate generation using http-01
 */
@@ -52,7 +51,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });

    /* Order certificate */
@@ -67,7 +66,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz, challenge) => {
            delete challengeResponses[challenge.token];
-        }
+        },
    });

    /* Done, store certificate */
@@ -77,7 +76,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }

-
 /**
 * Main
 */
@@ -91,10 +89,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * HTTP server
         */
@@ -129,7 +126,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`HTTP server listening on port ${HTTP_SERVER_PORT}`);
        });

-
        /**
         * HTTPS server
         */
@@ -158,7 +154,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
+++ b/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
@@ -22,7 +22,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }

-
 /**
 * On-demand certificate generation using tls-alpn-01
 */
@@ -51,7 +50,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });

    /* Order certificate */
@@ -66,7 +65,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz) => {
            delete alpnResponses[authz.identifier.value];
-        }
+        },
    });

    /* Done, store certificate */
@@ -76,7 +75,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }

-
 /**
 * Main
 */
@@ -90,10 +88,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });

-
        /**
         * ALPN responder
         */
@@ -118,14 +115,14 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`Found ALPN certificate for ${servername}, serving secure context`);
                    cb(null, tls.createSecureContext({
                        key: alpnResponses[servername][0],
-                        cert: alpnResponses[servername][1]
+                        cert: alpnResponses[servername][1],
                    }));
                }
                catch (e) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        });

        /* Terminate once TLS handshake has been established */
@@ -137,7 +134,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`ALPN responder listening on port ${ALPN_RESPONDER_PORT}`);
        });

-
        /**
         * HTTPS server
         */
@@ -166,7 +162,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);

        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.20.7",
+    "version": "1.22.6",
    "main": "src/index.js",
    "types": "types/index.d.ts",
    "license": "MIT",
@@ -16,24 +16,24 @@
        "types"
    ],
    "dependencies": {
-        "@peculiar/x509": "^1.9.7",
+        "@peculiar/x509": "^1.10.0",
        "asn1js": "^3.0.5",
-        "axios": "^1.6.5",
+        "axios": "^1.7.2",
        "debug": "^4.1.1",
        "https-proxy-agent": "^7.0.4",
        "node-forge": "^1.3.1"
    },
    "devDependencies": {
-        "@types/node": "^20.11.5",
+        "@types/node": "^20.12.12",
        "chai": "^4.4.1",
-        "chai-as-promised": "^7.1.1",
-        "eslint": "^8.56.0",
+        "chai-as-promised": "^7.1.2",
+        "eslint": "^8.57.0",
        "eslint-config-airbnb-base": "^15.0.0",
        "eslint-plugin-import": "^2.29.1",
-        "jsdoc-to-markdown": "^8.0.0",
-        "mocha": "^10.2.0",
-        "nock": "^13.5.0",
-        "tsd": "^0.30.4",
+        "jsdoc-to-markdown": "^8.0.1",
+        "mocha": "^10.4.0",
+        "nock": "^13.5.4",
+        "tsd": "^0.31.0",
        "typescript": "^4.8.4",
        "uuid": "^8.3.2"
    },
@@ -59,5 +59,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "b258e926209fef4cc4d633b0383eb54e26c516f9"
+    "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }
--- a/packages/core/acme-client/src/api.js
+++ b/packages/core/acme-client/src/api.js
@@ -4,7 +4,6 @@

 const util = require('./util');

-
 /**
 * AcmeApi
 *
@@ -18,7 +17,6 @@ class AcmeApi {
        this.accountUrl = accountUrl;
    }

-
    /**
     * Get account URL
     *
@@ -34,7 +32,6 @@ class AcmeApi {
        return this.accountUrl;
    }

-
    /**
     * ACME API request
     *
@@ -59,7 +56,6 @@ class AcmeApi {
        return resp;
    }

-
    /**
     * ACME API request by resource name helper
     *
@@ -78,7 +74,6 @@ class AcmeApi {
        return this.apiRequest(resourceUrl, payload, validStatusCodes, { includeJwsKid, includeExternalAccountBinding });
    }

-
    /**
     * Get Terms of Service URL if available
     *
@@ -91,7 +86,6 @@ class AcmeApi {
        return this.http.getMetaField('termsOfService');
    }

-
    /**
     * Create new account
     *
@@ -104,7 +98,7 @@ class AcmeApi {
    async createAccount(data) {
        const resp = await this.apiResourceRequest('newAccount', data, [200, 201], {
            includeJwsKid: false,
-            includeExternalAccountBinding: (data.onlyReturnExisting !== true)
+            includeExternalAccountBinding: (data.onlyReturnExisting !== true),
        });

        /* Set account URL */
@@ -115,7 +109,6 @@ class AcmeApi {
        return resp;
    }

-
    /**
     * Update account
     *
@@ -129,7 +122,6 @@ class AcmeApi {
        return this.apiRequest(this.getAccountUrl(), data, [200, 202]);
    }

-
    /**
     * Update account key
     *
@@ -143,7 +135,6 @@ class AcmeApi {
        return this.apiResourceRequest('keyChange', data, [200]);
    }

-
    /**
     * Create new order
     *
@@ -157,7 +148,6 @@ class AcmeApi {
        return this.apiResourceRequest('newOrder', data, [201]);
    }

-
    /**
     * Get order
     *
@@ -171,7 +161,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }

-
    /**
     * Finalize order
     *
@@ -186,7 +175,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Get identifier authorization
     *
@@ -200,7 +188,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }

-
    /**
     * Update identifier authorization
     *
@@ -215,7 +202,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Complete challenge
     *
@@ -230,7 +216,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }

-
    /**
     * Revoke certificate
     *
@@ -245,6 +230,5 @@ class AcmeApi {
    }
 }

-
 /* Export API */
 module.exports = AcmeApi;
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@@ -4,6 +4,7 @@

 const { readCsrDomains } = require('./crypto');
 const { log } = require('./logger');
+const { wait } = require('./wait');

 const defaultOpts = {
    csr: null,
@@ -13,10 +14,9 @@ const defaultOpts = {
    skipChallengeVerification: false,
    challengePriority: ['http-01', 'dns-01'],
    challengeCreateFn: async () => { throw new Error('Missing challengeCreateFn()'); },
-    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); }
+    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); },
 };

-
 /**
 * ACME client auto mode
 *
@@ -25,8 +25,8 @@ const defaultOpts = {
 * @returns {Promise<buffer>} Certificate
 */

-module.exports = async function(client, userOpts) {
-    const opts = Object.assign({}, defaultOpts, userOpts);
+module.exports = async (client, userOpts) => {
+    const opts = { ...defaultOpts, ...userOpts };
    const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };

    if (!Buffer.isBuffer(opts.csr)) {
@@ -36,7 +36,9 @@ module.exports = async function(client, userOpts) {
    if (opts.email) {
        accountPayload.contact = [`mailto:${opts.email}`];
    }
-
+    if (opts.externalAccountBinding) {
+        accountPayload.externalAccountBinding = opts.externalAccountBinding;
+    }

    /**
     * Register account
@@ -53,19 +55,16 @@ module.exports = async function(client, userOpts) {
        await client.createAccount(accountPayload);
    }

-
    /**
     * Parse domains from CSR
     */

    log('[auto] Parsing domains from Certificate Signing Request');
-    const csrDomains = readCsrDomains(opts.csr);
-    const domains = [csrDomains.commonName].concat(csrDomains.altNames);
-    const uniqueDomains = Array.from(new Set(domains));
+    const { commonName, altNames } = readCsrDomains(opts.csr);
+    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));

    log(`[auto] Resolved ${uniqueDomains.length} unique domains from parsing the Certificate Signing Request`);

-
    /**
     * Place order
     */
@@ -77,7 +76,6 @@ module.exports = async function(client, userOpts) {

    log(`[auto] Placed certificate order successfully, received ${authorizations.length} identity authorizations`);

-
    /**
     * Resolve and satisfy challenges
     */
@@ -119,10 +117,23 @@ module.exports = async function(client, userOpts) {
            let recordItem = null;
            try {
                recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
-
+                log(`[auto] [${d}] challengeCreateFn success`);
+                log(`[auto] [${d}] add challengeRemoveFn()`);
+                clearTasks.push(async () => {
+                    /* Trigger challengeRemoveFn(), suppress errors */
+                    log(`[auto] [${d}] Trigger challengeRemoveFn()`);
+                    try {
+                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
+                    }
+                    catch (e) {
+                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
+                    }
+                });
+                // throw new Error('测试异常');
                /* Challenge verification */
                if (opts.skipChallengeVerification === true) {
-                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true`);
+                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true，wait 60s`);
+                    await wait(60 * 1000);
                }
                else {
                    log(`[auto] [${d}] Running challenge verification`);
@@ -140,19 +151,6 @@ module.exports = async function(client, userOpts) {
                log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
                throw e;
            }
-            finally {
-                log(`[auto] [${d}] add challengeRemoveFn()`);
-                clearTasks.push(async () => {
-                    /* Trigger challengeRemoveFn(), suppress errors */
-                    log(`[auto] [${d}] Trigger challengeRemoveFn()`);
-                    try {
-                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
-                    }
-                    catch (e) {
-                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
-                    }
-                });
-            }
        }
        catch (e) {
            /* Deactivate pending authz when unable to complete challenge */
@@ -177,21 +175,56 @@ module.exports = async function(client, userOpts) {
        await challengeFunc(authz);
    });

-    log('开始challenge');
-    let promise = Promise.resolve();
-    function runPromisesSerially(tasks) {
+    function runAllPromise(tasks) {
+        let promise = Promise.resolve();
        tasks.forEach((task) => {
            promise = promise.then(task);
        });
        return promise;
    }

+    async function runPromisePa(tasks) {
+        const results = [];
+        // eslint-disable-next-line no-await-in-loop,no-restricted-syntax
+        for (const task of tasks) {
+            results.push(task());
+            // eslint-disable-next-line no-await-in-loop
+            await wait(10000);
+        }
+        return Promise.all(results);
+    }

    try {
-        await runPromisesSerially(challengePromises);
+        log('开始challenge');
+        await runPromisePa(challengePromises);
+
+        log('challenge结束');
+
+        // log('[auto] Waiting for challenge valid status');
+        // await Promise.all(challengePromises);
+
+        /**
+         * Finalize order and download certificate
+         */
+
+        log('[auto] Finalizing order and downloading certificate');
+        const finalized = await client.finalizeOrder(order, opts.csr);
+        return await client.getCertificate(finalized, opts.preferredChain);
+    }
+    catch (e) {
+        log('证书申请失败');
+        log(e);
+        throw new Error(`证书申请失败:${e.message}`);
    }
    finally {
-        await runPromisesSerially(clearTasks);
+        log(`清理challenge痕迹，length:${clearTasks.length}`);
+        try {
+            await runAllPromise(clearTasks);
+        }
+        catch (e) {
+            log('清理challenge失败');
+            log(e);
+        }
    }

    // try {
@@ -201,19 +234,4 @@ module.exports = async function(client, userOpts) {
    //     log('清理challenge');
    //     await Promise.allSettled(clearTasks);
    // }
-
-
-    log('challenge结束');
-
-    // log('[auto] Waiting for challenge valid status');
-    // await Promise.all(challengePromises);
-
-
-    /**
-     * Finalize order and download certificate
-     */
-
-    log('[auto] Finalizing order and downloading certificate');
-    const finalized = await client.finalizeOrder(order, opts.csr);
-    return client.getCertificate(finalized, opts.preferredChain);
 };
--- a/packages/core/acme-client/src/axios.js
+++ b/packages/core/acme-client/src/axios.js
@@ -5,7 +5,6 @@
 const axios = require('axios');
 const pkg = require('./../package.json');

-
 /**
 * Instance
 */
@@ -19,9 +18,8 @@ instance.defaults.headers.common['User-Agent'] = `node-${pkg.name}/${pkg.version
 instance.defaults.acmeSettings = {
    httpChallengePort: 80,
    httpsChallengePort: 443,
-    tlsAlpnChallengePort: 443
+    tlsAlpnChallengePort: 443,
 };
-
 // instance.defaults.proxy = {
 //     host: '192.168.34.139',
 //     port: 10811
@@ -35,7 +33,6 @@ instance.defaults.acmeSettings = {

 instance.defaults.adapter = 'http';

-
 /**
 * Export instance
 */
--- a/packages/core/acme-client/src/client.js
+++ b/packages/core/acme-client/src/client.js
@@ -13,7 +13,6 @@ const verify = require('./verify');
 const util = require('./util');
 const auto = require('./auto');

-
 /**
 * ACME states
 *
@@ -24,7 +23,6 @@ const validStates = ['ready', 'valid'];
 const pendingStates = ['pending', 'processing'];
 const invalidStates = ['invalid'];

-
 /**
 * Default options
 *
@@ -38,10 +36,9 @@ const defaultOpts = {
    externalAccountBinding: {},
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 };

-
 /**
 * AcmeClient
 *
@@ -61,7 +58,7 @@ const defaultOpts = {
 * ```js
 * const client = new acme.Client({
 *     directoryUrl: acme.directory.letsencrypt.staging,
- *     accountKey: 'Private key goes here'
+ *     accountKey: 'Private key goes here',
 * });
 * ```
 *
@@ -73,7 +70,7 @@ const defaultOpts = {
 *     accountUrl: 'Optional account URL goes here',
 *     backoffAttempts: 10,
 *     backoffMin: 5000,
- *     backoffMax: 30000
+ *     backoffMax: 30000,
 * });
 * ```
 *
@@ -84,8 +81,8 @@ const defaultOpts = {
 *     accountKey: 'Private key goes here',
 *     externalAccountBinding: {
 *         kid: 'YOUR-EAB-KID',
- *         hmacKey: 'YOUR-EAB-HMAC-KEY'
- *     }
+ *         hmacKey: 'YOUR-EAB-HMAC-KEY',
+ *     },
 * });
 * ```
 */
@@ -96,19 +93,17 @@ class AcmeClient {
            opts.accountKey = Buffer.from(opts.accountKey);
        }

-        this.opts = Object.assign({}, defaultOpts, opts);
-
+        this.opts = { ...defaultOpts, ...opts };
        this.backoffOpts = {
            attempts: this.opts.backoffAttempts,
            min: this.opts.backoffMin,
-            max: this.opts.backoffMax
+            max: this.opts.backoffMax,
        };

-        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding);
+        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping);
        this.api = new AcmeApi(this.http, this.opts.accountUrl);
    }

-
    /**
     * Get Terms of Service URL if available
     *
@@ -128,7 +123,6 @@ class AcmeClient {
        return this.api.getTermsOfServiceUrl();
    }

-
    /**
     * Get current account URL
     *
@@ -150,7 +144,6 @@ class AcmeClient {
        return this.api.getAccountUrl();
    }

-
    /**
     * Create a new account
     *
@@ -162,7 +155,7 @@ class AcmeClient {
     * @example Create a new account
     * ```js
     * const account = await client.createAccount({
-     *     termsOfServiceAgreed: true
+     *     termsOfServiceAgreed: true,
     * });
     * ```
     *
@@ -170,7 +163,7 @@ class AcmeClient {
     * ```js
     * const account = await client.createAccount({
     *     termsOfServiceAgreed: true,
-     *     contact: ['mailto:test@example.com']
+     *     contact: ['mailto:test@example.com'],
     * });
     * ```
     */
@@ -196,7 +189,6 @@ class AcmeClient {
        }
    }

-
    /**
     * Update existing account
     *
@@ -208,7 +200,7 @@ class AcmeClient {
     * @example Update existing account
     * ```js
     * const account = await client.updateAccount({
-     *     contact: ['mailto:foo@example.com']
+     *     contact: ['mailto:foo@example.com'],
     * });
     * ```
     */
@@ -236,7 +228,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Update account private key
     *
@@ -261,7 +252,7 @@ class AcmeClient {
        const accountUrl = this.api.getAccountUrl();

        /* Create new HTTP and API clients using new key */
-        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey);
+        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey, this.opts.externalAccountBinding);
        const newApiClient = new AcmeApi(newHttpClient, accountUrl);

        /* Get old JWK */
@@ -282,7 +273,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Create a new order
     *
@@ -296,8 +286,8 @@ class AcmeClient {
     * const order = await client.createOrder({
     *     identifiers: [
     *         { type: 'dns', value: 'example.com' },
-     *         { type: 'dns', value: 'test.example.com' }
-     *     ]
+     *         { type: 'dns', value: 'test.example.com' },
+     *     ],
     * });
     * ```
     */
@@ -314,7 +304,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Refresh order object from CA
     *
@@ -376,7 +365,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Get identifier authorizations from order
     *
@@ -406,7 +394,6 @@ class AcmeClient {
        }));
    }

-
    /**
     * Deactivate identifier authorization
     *
@@ -427,10 +414,7 @@ class AcmeClient {
            throw new Error('Unable to deactivate identifier authorization, URL not found');
        }

-        const data = {
-            status: 'deactivated'
-        };
-
+        const data = { status: 'deactivated' };
        const resp = await this.api.updateAuthorization(authz.url, data);

        /* Add URL to response */
@@ -438,7 +422,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Get key authorization for ACME challenge
     *
@@ -480,7 +463,6 @@ class AcmeClient {
        throw new Error(`Unable to produce key authorization, unknown challenge type: ${challenge.type}`);
    }

-
    /**
     * Verify that ACME challenge is satisfied
     *
@@ -515,7 +497,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }

-
    /**
     * Notify CA that challenge has been completed
     *
@@ -536,7 +517,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Wait for ACME provider to verify status on a order, authorization or challenge
     *
@@ -593,7 +573,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }

-
    /**
     * Get certificate from ACME order
     *
@@ -640,7 +619,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Revoke certificate
     *
@@ -660,7 +638,7 @@ class AcmeClient {
     * ```js
     * const certificate = { ... }; // Previously created certificate
     * const result = await client.revokeCertificate(certificate, {
-     *     reason: 4
+     *     reason: 4,
     * });
     * ```
     */
@@ -671,7 +649,6 @@ class AcmeClient {
        return resp.data;
    }

-
    /**
     * Auto mode
     *
@@ -689,7 +666,7 @@ class AcmeClient {
     * @example Order a certificate using auto mode
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -701,14 +678,14 @@ class AcmeClient {
     *     },
     *     challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
     *         // Clean up challenge here
-     *     }
+     *     },
     * });
     * ```
     *
     * @example Order a certificate using auto mode with preferred chain
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -717,7 +694,7 @@ class AcmeClient {
     *     termsOfServiceAgreed: true,
     *     preferredChain: 'DST Root CA X3',
     *     challengeCreateFn: async () => {},
-     *     challengeRemoveFn: async () => {}
+     *     challengeRemoveFn: async () => {},
     * });
     * ```
     */
@@ -727,6 +704,5 @@ class AcmeClient {
    }
 }

-
 /* Export client */
 module.exports = AcmeClient;
--- a/packages/core/acme-client/src/crypto/forge.js
+++ b/packages/core/acme-client/src/crypto/forge.js
@@ -13,7 +13,6 @@ const forge = require('node-forge');

 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);

-
 /**
 * Attempt to parse forge object from PEM encoded string
 *
@@ -54,7 +53,6 @@ function forgeObjectFromPem(input) {
    return result;
 }

-
 /**
 * Parse domain names from a certificate or CSR
 *
@@ -93,11 +91,10 @@ function parseDomains(obj) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Generate a private RSA key
 *
@@ -123,7 +120,6 @@ async function createPrivateKey(size = 2048) {

 exports.createPrivateKey = createPrivateKey;

-
 /**
 * Create public key from a private RSA key
 *
@@ -136,14 +132,13 @@ exports.createPrivateKey = createPrivateKey;
 * ```
 */

-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
    const privateKey = forge.pki.privateKeyFromPem(key);
    const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
    const pemKey = forge.pki.publicKeyToPem(publicKey);
    return Buffer.from(pemKey);
 };

-
 /**
 * Parse body of PEM encoded object from buffer or string
 * If multiple objects are chained, the first body will be returned
@@ -157,7 +152,6 @@ exports.getPemBody = (str) => {
    return forge.util.encode64(msg.body);
 };

-
 /**
 * Split chain of PEM encoded objects from buffer or string into array
 *
@@ -167,7 +161,6 @@ exports.getPemBody = (str) => {

 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);

-
 /**
 * Get modulus
 *
@@ -182,7 +175,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 * ```
 */

-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -191,7 +184,6 @@ exports.getModulus = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };

-
 /**
 * Get public exponent
 *
@@ -206,7 +198,7 @@ exports.getModulus = async function(input) {
 * ```
 */

-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -215,7 +207,6 @@ exports.getPublicExponent = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -231,7 +222,7 @@ exports.getPublicExponent = async function(input) {
 * ```
 */

-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
    if (!Buffer.isBuffer(csr)) {
        csr = Buffer.from(csr);
    }
@@ -240,7 +231,6 @@ exports.readCsrDomains = async function(csr) {
    return parseDomains(obj);
 };

-
 /**
 * Read information from a certificate
 *
@@ -260,7 +250,7 @@ exports.readCsrDomains = async function(csr) {
 * ```
 */

-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
    if (!Buffer.isBuffer(cert)) {
        cert = Buffer.from(cert);
    }
@@ -270,15 +260,14 @@ exports.readCertificateInfo = async function(cert) {

    return {
        issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
        },
        domains: parseDomains(obj),
        notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
    };
 };

-
 /**
 * Determine ASN.1 type for CSR subject short name
 * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +288,6 @@ function getCsrValueTagClass(shortName) {
    }
 }

-
 /**
 * Create array of short names and values for Certificate Signing Request subjects
 *
@@ -319,7 +307,6 @@ function createCsrSubject(subjectObj) {
    }, []);
 }

-
 /**
 * Create array of alt names for Certificate Signing Requests
 * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +323,6 @@ function formatCsrAltNames(altNames) {
    });
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -356,29 +342,30 @@ function formatCsrAltNames(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -387,11 +374,11 @@ function formatCsrAltNames(altNames) {
 * const certificateKey = await acme.forge.createPrivateKey();
 *
 * const [, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
 */

-exports.createCsr = async function(data, key = null) {
+exports.createCsr = async (data, key = null) => {
    if (!key) {
        key = await createPrivateKey(data.keySize);
    }
@@ -423,7 +410,7 @@ exports.createCsr = async function(data, key = null) {
        L: data.locality,
        O: data.organization,
        OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
    });

    csr.setSubject(subject);
@@ -434,8 +421,8 @@ exports.createCsr = async function(data, key = null) {
            name: 'extensionRequest',
            extensions: [{
                name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
-            }]
+                altNames: formatCsrAltNames(data.altNames),
+            }],
        }]);
    }

--- a/packages/core/acme-client/src/crypto/index.js
+++ b/packages/core/acme-client/src/crypto/index.js
@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';

-
 /**
 * Determine key type and info by attempting to derive public key
 *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
    const result = {
        isRSA: false,
        isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
    };

    if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
    return result;
 }

-
 /**
 * Generate a private RSA key
 *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
        modulusLength,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {

 exports.createPrivateRsaKey = createPrivateRsaKey;

-
 /**
 * Alias of `createPrivateRsaKey()`
 *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;

 exports.createPrivateKey = createPrivateRsaKey;

-
 /**
 * Generate a private ECDSA key
 *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
        namedCurve,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
 };

-
 /**
 * Get a public key derived from a RSA or ECDSA key
 *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {

    const publicKey = info.publicKey.export({
        type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
    });

    return Buffer.from(publicKey);
 };

-
 /**
 * Get a JSON Web Key derived from a RSA or ECDSA key
 *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {

 function getJwk(keyPem) {
    const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
    });

    /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {

 exports.getJwk = getJwk;

-
 /**
 * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
 *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
    /* Signing algorithm */
    const sigalg = {
        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
    };

    if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
    return [{ privateKey, publicKey }, sigalg];
 }

-
 /**
 * Split chain of PEM encoded objects from string into array
 *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {

 exports.splitPemChain = splitPemChain;

-
 /**
 * Parse body of PEM encoded object and return a Base64URL string
 * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
    return Buffer.from(dec).toString('base64url');
 };

-
 /**
 * Parse domains from a certificate or CSR
 *
@@ -277,11 +267,10 @@ function parseDomains(input) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
    return parseDomains(csr);
 };

-
 /**
 * Read information from a certificate
 * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {

    return {
        issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
        },
        domains: parseDomains(cert),
        notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
    };
 };

-
 /**
 * Determine ASN.1 character string type for CSR subject field name
 *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
    }
 }

-
 /**
 * Create array of subject fields for a Certificate Signing Request
 *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
    }, []);
 }

-
 /**
 * Create x509 subject alternate name extension
 *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
    }));
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -429,29 +413,30 @@ function createSubjectAltNameExtension(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -460,8 +445,9 @@ function createSubjectAltNameExtension(altNames) {
 * const certificateKey = await acme.crypto.createPrivateEcdsaKey();
 *
 * const [, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
+ * ```
 */

 exports.createCsr = async (data, keyPem = null) => {
@@ -489,7 +475,7 @@ exports.createCsr = async (data, keyPem = null) => {
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
    ];

    /* Create CSR */
@@ -504,8 +490,8 @@ exports.createCsr = async (data, keyPem = null) => {
            L: data.locality,
            O: data.organization,
            OU: data.organizationUnit,
-            E: data.emailAddress
-        })
+            E: data.emailAddress,
+        }),
    });

    /* Done */
@@ -513,7 +499,6 @@ exports.createCsr = async (data, keyPem = null) => {
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
 *
@@ -533,6 +518,7 @@ exports.createCsr = async (data, keyPem = null) => {
 * ```js
 * const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 * const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+ * ```
 */

 exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) => {
@@ -564,7 +550,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
    ];

    /* ALPN extension */
@@ -581,8 +567,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        notBefore: now,
        notAfter: now,
        name: createCsrSubject({
-            CN: commonName
-        })
+            CN: commonName,
+        }),
    });

    /* Done */
@@ -590,7 +576,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Validate that a ALPN certificate contains the expected key authorization
 *
--- a/packages/core/acme-client/src/http.js
+++ b/packages/core/acme-client/src/http.js
@@ -12,10 +12,11 @@ const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
 let httpsAgent = null;
 if (httpsProxy) {
    httpsAgent = new HttpsProxyAgent(httpsProxy);
+    log(`use https_proxy:${httpsProxy}`);
 }
 const axios = axios1.create({
    proxy: false,
-    httpsAgent
+    httpsAgent,
 });

 /**
@@ -30,16 +31,19 @@ const axios = axios1.create({
 */

 class HttpClient {
-    constructor(directoryUrl, accountKey, externalAccountBinding = {}) {
+    constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {}) {
        this.directoryUrl = directoryUrl;
        this.accountKey = accountKey;
        this.externalAccountBinding = externalAccountBinding;

        this.maxBadNonceRetries = 5;
-        this.directory = null;
        this.jwk = null;
-    }

+        this.directoryCache = null;
+        this.directoryMaxAge = 86400;
+        this.directoryTimestamp = 0;
+        this.urlMapping = urlMapping;
+    }

    /**
     * HTTP request
@@ -51,6 +55,16 @@ class HttpClient {
     */

    async request(url, method, opts = {}) {
+        if (this.urlMapping && this.urlMapping.enabled === true && this.urlMapping.mappings) {
+            // eslint-disable-next-line no-restricted-syntax
+            for (const key in this.urlMapping.mappings) {
+                if (url.includes(key)) {
+                    const newUrl = url.replace(key, this.urlMapping.mappings[key]);
+                    log(`use reverse proxy: ${newUrl}`);
+                    url = newUrl;
+                }
+            }
+        }
        opts.url = url;
        opts.method = method;
        opts.validateStatus = null;
@@ -70,17 +84,18 @@ class HttpClient {
        return resp;
    }

-
    /**
-     * Ensure provider directory exists
+     * Get ACME provider directory
     *
     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
     *
-     * @returns {Promise}
+     * @returns {Promise<object>} ACME directory contents
     */

    async getDirectory() {
-        if (!this.directory) {
+        const age = (Math.floor(Date.now() / 1000) - this.directoryTimestamp);
+
+        if (!this.directoryCache || (age > this.directoryMaxAge)) {
            const resp = await this.request(this.directoryUrl, 'get');

            if (resp.status >= 400) {
@@ -91,10 +106,11 @@ class HttpClient {
                throw new Error('Attempting to read ACME directory returned no data');
            }

-            this.directory = resp.data;
+            this.directoryCache = resp.data;
        }
-    }

+        return this.directoryCache;
+    }

    /**
     * Get JSON Web Key
@@ -110,7 +126,6 @@ class HttpClient {
        return this.jwk;
    }

-
    /**
     * Get nonce from directory API endpoint
     *
@@ -130,7 +145,6 @@ class HttpClient {
        return resp.headers['replay-nonce'];
    }

-
    /**
     * Get URL for a directory resource
     *
@@ -139,16 +153,15 @@ class HttpClient {
     */

    async getResourceUrl(resource) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();

-        if (!this.directory[resource]) {
+        if (!dir[resource]) {
            throw new Error(`Unable to locate API resource URL in ACME directory: "${resource}"`);
        }

-        return this.directory[resource];
+        return dir[resource];
    }

-
    /**
     * Get directory meta field
     *
@@ -157,16 +170,15 @@ class HttpClient {
     */

    async getMetaField(field) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();

-        if (('meta' in this.directory) && (field in this.directory.meta)) {
-            return this.directory.meta[field];
+        if (('meta' in dir) && (field in dir.meta)) {
+            return dir.meta[field];
        }

        return null;
    }

-
    /**
     * Prepare HTTP request body for signature
     *
@@ -199,11 +211,10 @@ class HttpClient {
        /* Body */
        return {
            payload: payload ? Buffer.from(JSON.stringify(payload)).toString('base64url') : '',
-            protected: Buffer.from(JSON.stringify(header)).toString('base64url')
+            protected: Buffer.from(JSON.stringify(header)).toString('base64url'),
        };
    }

-
    /**
     * Create JWS HTTP request body using HMAC
     *
@@ -226,7 +237,6 @@ class HttpClient {
        return result;
    }

-
    /**
     * Create JWS HTTP request body using RSA or ECC
     *
@@ -267,13 +277,12 @@ class HttpClient {
        result.signature = signer.sign({
            key: this.accountKey,
            padding: RSA_PKCS1_PADDING,
-            dsaEncoding: 'ieee-p1363'
+            dsaEncoding: 'ieee-p1363',
        }, 'base64url');

        return result;
    }

-
    /**
     * Signed HTTP request
     *
@@ -309,7 +318,7 @@ class HttpClient {
        const data = this.createSignedBody(url, payload, { nonce, kid });
        const resp = await this.request(url, 'post', { data });

-        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/rfc8555#section-6.5 */
        if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
            nonce = resp.headers['replay-nonce'] || null;
            attempts += 1;
@@ -323,6 +332,5 @@ class HttpClient {
    }
 }

-
 /* Export client */
 module.exports = HttpClient;
--- a/packages/core/acme-client/src/index.js
+++ b/packages/core/acme-client/src/index.js
@@ -4,7 +4,6 @@

 exports.Client = require('./client');

-
 /**
 * Directory URLs
 */
@@ -12,18 +11,22 @@ exports.Client = require('./client');
 exports.directory = {
    buypass: {
        staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory'
+        production: 'https://api.buypass.com/acme/directory',
+    },
+    google: {
+        staging: 'https://dv.acme-v02.test-api.pki.goog/directory',
+        production: 'https://dv.acme-v02.api.pki.goog/directory',
    },
    letsencrypt: {
        staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory'
+        production: 'https://acme-v02.api.letsencrypt.org/directory',
    },
    zerossl: {
-        production: 'https://acme.zerossl.com/v2/DV90'
-    }
+        staging: 'https://acme.zerossl.com/v2/DV90',
+        production: 'https://acme.zerossl.com/v2/DV90',
+    },
 };

-
 /**
 * Crypto
 */
@@ -31,14 +34,12 @@ exports.directory = {
 exports.crypto = require('./crypto');
 exports.forge = require('./crypto/forge');

-
 /**
 * Axios
 */

 exports.axios = require('./axios');

-
 /**
 * Logger
 */
--- a/packages/core/acme-client/src/logger.js
+++ b/packages/core/acme-client/src/logger.js
@@ -6,7 +6,6 @@ const debug = require('debug')('acme-client');

 let logger = () => {};

-
 /**
 * Set logger function
 *
@@ -17,11 +16,10 @@ exports.setLogger = (fn) => {
    logger = fn;
 };

-
 /**
 * Log message
 *
- * @param {string} Message
+ * @param {string} msg Message
 */

 exports.log = (msg) => {
--- a/packages/core/acme-client/src/util.js
+++ b/packages/core/acme-client/src/util.js
@@ -7,7 +7,6 @@ const dns = require('dns').promises;
 const { readCertificateInfo, splitPemChain } = require('./crypto');
 const { log } = require('./logger');

-
 /**
 * Exponential backoff
 *
@@ -26,7 +25,6 @@ class Backoff {
        this.attempts = 0;
    }

-
    /**
     * Get backoff duration
     *
@@ -40,7 +38,6 @@ class Backoff {
    }
 }

-
 /**
 * Retry promise
 *
@@ -70,7 +67,6 @@ async function retryPromise(fn, attempts, backoff) {
    }
 }

-
 /**
 * Retry promise
 *
@@ -87,7 +83,6 @@ function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
    return retryPromise(fn, attempts, backoff);
 }

-
 /**
 * Parse URLs from link header
 *
@@ -107,7 +102,6 @@ function parseLinkHeader(header, rel = 'alternate') {
    return results.filter((r) => r);
 }

-
 /**
 * Find certificate chain with preferred issuer common name
 *  - If issuer is found in multiple chains, the closest to root wins
@@ -157,7 +151,6 @@ function findCertificateChainForIssuer(chains, issuer) {
    return chains[0];
 }

-
 /**
 * Find and format error in response object
 *
@@ -178,7 +171,6 @@ function formatResponseError(resp) {
    return result.replace(/\n/g, '');
 }

-
 /**
 * Resolve root domain name by looking for SOA record
 *
@@ -204,7 +196,6 @@ async function resolveDomainBySoaRecord(recordName) {
    }
 }

-
 /**
 * Get DNS resolver using domains authoritative NS records
 *
@@ -245,7 +236,6 @@ async function getAuthoritativeDnsResolver(recordName) {
    return resolver;
 }

-
 /**
 * Attempt to retrieve TLS ALPN certificate from peer
 *
@@ -267,7 +257,7 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
            port,
            servername: host,
            rejectUnauthorized: false,
-            ALPNProtocols: ['acme-tls/1']
+            ALPNProtocols: ['acme-tls/1'],
        });

        socket.setTimeout(timeout);
@@ -299,7 +289,6 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
    });
 }

-
 /**
 * Export utils
 */
@@ -310,5 +299,5 @@ module.exports = {
    findCertificateChainForIssuer,
    formatResponseError,
    getAuthoritativeDnsResolver,
-    retrieveTlsAlpnCertificate
+    retrieveTlsAlpnCertificate,
 };
--- a/packages/core/acme-client/src/verify.js
+++ b/packages/core/acme-client/src/verify.js
@@ -9,7 +9,6 @@ const axios = require('./axios');
 const util = require('./util');
 const { isAlpnCertificateAuthorizationValid } = require('./crypto');

-
 /**
 * Verify ACME HTTP challenge
 *
@@ -43,25 +42,24 @@ async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix =
    return true;
 }

-
 /**
 * Walk DNS until TXT records are found
 */

 async function walkDnsChallengeRecord(recordName, resolver = dns) {
    /* Resolve CNAME record first */
-    try {
-        log(`Checking name for CNAME records: ${recordName}`);
-        const cnameRecords = await resolver.resolveCname(recordName);
-
-        if (cnameRecords.length) {
-            log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
-            return walkDnsChallengeRecord(cnameRecords[0]);
-        }
-    }
-    catch (e) {
-        log(`No CNAME records found for name: ${recordName}`);
-    }
+    // try {
+    //     log(`Checking name for CNAME records: ${recordName}`);
+    //     const cnameRecords = await resolver.resolveCname(recordName);
+    //
+    //     if (cnameRecords.length) {
+    //         log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
+    //         return walkDnsChallengeRecord(cnameRecords[0]);
+    //     }
+    // }
+    // catch (e) {
+    //     log(`No CNAME records found for name: ${recordName}`);
+    // }

    /* Resolve TXT records */
    try {
@@ -81,7 +79,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
    throw new Error(`No TXT records found for name: ${recordName}`);
 }

-
 /**
 * Verify ACME DNS challenge
 *
@@ -121,7 +118,6 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
    return true;
 }

-
 /**
 * Verify ACME TLS ALPN challenge
 *
@@ -149,7 +145,6 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
    return true;
 }

-
 /**
 * Export API
 */
@@ -157,5 +152,5 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
 module.exports = {
    'http-01': verifyHttpChallenge,
    'dns-01': verifyDnsChallenge,
-    'tls-alpn-01': verifyTlsAlpnChallenge
+    'tls-alpn-01': verifyTlsAlpnChallenge,
 };
--- a/packages/core/acme-client/src/wait.js
+++ b/packages/core/acme-client/src/wait.js
@@ -0,0 +1,9 @@
+async function wait(ms) {
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
+}
+
+module.exports = {
+    wait
+};
--- a/packages/core/acme-client/test/00-pebble.spec.js
+++ b/packages/core/acme-client/test/00-pebble.spec.js
@@ -16,7 +16,6 @@ const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 const tlsAlpnPort = axios.defaults.acmeSettings.tlsAlpnChallengePort || 443;

-
 describe('pebble', () => {
    const httpsAgent = new https.Agent({ rejectUnauthorized: false });

@@ -39,18 +38,16 @@ describe('pebble', () => {
    const testTlsAlpn01ChallengeHost = `${uuid()}.${domainName}`;
    const testTlsAlpn01ChallengeValue = uuid();

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * DNS mocking
     */
@@ -92,7 +89,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * HTTP-01 challenge response
     */
@@ -118,7 +114,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * HTTPS-01 challenge response
     */
@@ -143,7 +138,7 @@ describe('pebble', () => {
            /* Assert HTTP 302 */
            const resp = await axios.get(`http://${testHttps01ChallengeHost}:${httpPort}/.well-known/acme-challenge/${testHttps01ChallengeToken}`, {
                maxRedirects: 0,
-                validateStatus: null
+                validateStatus: null,
            });

            assert.strictEqual(resp.status, 302);
@@ -165,7 +160,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * DNS-01 challenge response
     */
@@ -188,7 +182,6 @@ describe('pebble', () => {
        });
    });

-
    /**
     * TLS-ALPN-01 challenge response
     */
--- a/packages/core/acme-client/test/10-http.spec.js
+++ b/packages/core/acme-client/test/10-http.spec.js
@@ -9,7 +9,6 @@ const axios = require('./../src/axios');
 const HttpClient = require('./../src/http');
 const pkg = require('./../package.json');

-
 describe('http', () => {
    let testClient;

@@ -20,7 +19,6 @@ describe('http', () => {
    const defaultUaEndpoint = `http://${uuid()}.example.com`;
    const customUaEndpoint = `http://${uuid()}.example.com`;

-
    /**
     * HTTP mocking
     */
@@ -43,7 +41,6 @@ describe('http', () => {
        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
    });

-
    /**
     * Initialize
     */
@@ -52,7 +49,6 @@ describe('http', () => {
        testClient = new HttpClient();
    });

-
    /**
     * HTTP verbs
     */
@@ -65,7 +61,6 @@ describe('http', () => {
        assert.strictEqual(resp.data, 'ok');
    });

-
    /**
     * User-Agent
     */
--- a/packages/core/acme-client/test/10-logger.spec.js
+++ b/packages/core/acme-client/test/10-logger.spec.js
@@ -5,7 +5,6 @@
 const { assert } = require('chai');
 const logger = require('./../src/logger');

-
 describe('logger', () => {
    let lastLogMessage = null;

@@ -13,7 +12,6 @@ describe('logger', () => {
        lastLogMessage = msg;
    }

-
    /**
     * Logger
     */
@@ -23,7 +21,6 @@ describe('logger', () => {
        assert.isNull(lastLogMessage);
    });

-
    it('should log with custom logger', () => {
        logger.setLogger(customLoggerFn);

--- a/packages/core/acme-client/test/10-verify.spec.js
+++ b/packages/core/acme-client/test/10-verify.spec.js
@@ -9,7 +9,6 @@ const verify = require('./../src/verify');

 const domainName = process.env.ACME_DOMAIN_NAME || 'example.com';

-
 describe('verify', () => {
    const challengeTypes = ['http-01', 'dns-01'];

@@ -30,18 +29,16 @@ describe('verify', () => {
    const testTlsAlpn01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
    const testTlsAlpn01Key = uuid();

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * API
     */
@@ -50,7 +47,6 @@ describe('verify', () => {
        assert.containsAllKeys(verify, challengeTypes);
    });

-
    /**
     * http-01
     */
@@ -81,7 +77,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * https-01
     */
@@ -102,7 +97,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * dns-01
     */
@@ -133,7 +127,6 @@ describe('verify', () => {
        });
    });

-
    /**
     * tls-alpn-01
     */
--- a/packages/core/acme-client/test/20-crypto-legacy.spec.js
+++ b/packages/core/acme-client/test/20-crypto-legacy.spec.js
@@ -9,10 +9,9 @@ const spec = require('./spec');
 const forge = require('./../src/crypto/forge');

 const cryptoEngines = {
-    forge
+    forge,
 };

-
 describe('crypto-legacy', () => {
    let testPemKey;
    let testCert;
@@ -28,7 +27,6 @@ describe('crypto-legacy', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');

-
    /**
     * Fixtures
     */
@@ -50,7 +48,6 @@ describe('crypto-legacy', () => {
        });
    });

-
    /**
     * Engines
     */
@@ -62,7 +59,6 @@ describe('crypto-legacy', () => {
            let testNonCnCsr;
            let testNonAsciiCsr;

-
            /**
             * Key generation
             */
@@ -83,14 +79,13 @@ describe('crypto-legacy', () => {
                publicKeyStore.push(key.toString().replace(/[\r\n]/gm, ''));
            });

-
            /**
             * Certificate Signing Request
             */

            it('should generate a csr', async () => {
                const [key, csr] = await engine.createCsr({
-                    commonName: testCsrDomain
+                    commonName: testCsrDomain,
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -102,7 +97,7 @@ describe('crypto-legacy', () => {
            it('should generate a san csr', async () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testSanCsrDomains[0],
-                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -113,7 +108,7 @@ describe('crypto-legacy', () => {

            it('should generate a csr without common name', async () => {
                const [key, csr] = await engine.createCsr({
-                    altNames: testSanCsrDomains
+                    altNames: testSanCsrDomains,
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -126,7 +121,7 @@ describe('crypto-legacy', () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testCsrDomain,
                    organization: '大安區',
-                    organizationUnit: '中文部門'
+                    organizationUnit: '中文部門',
                });

                assert.isTrue(Buffer.isBuffer(key));
@@ -167,7 +162,6 @@ describe('crypto-legacy', () => {
                assert.deepStrictEqual(result.altNames, [testCsrDomain]);
            });

-
            /**
             * Certificate
             */
@@ -188,7 +182,6 @@ describe('crypto-legacy', () => {
                assert.deepEqual(info.domains.altNames, testSanCsrDomains.slice(1, testSanCsrDomains.length));
            });

-
            /**
             * PEM utils
             */
@@ -214,7 +207,6 @@ describe('crypto-legacy', () => {
                });
            });

-
            /**
             * Modulus and exponent
             */
@@ -246,7 +238,6 @@ describe('crypto-legacy', () => {
        });
    });

-
    /**
     * Verify identical results
     */
--- a/packages/core/acme-client/test/20-crypto.spec.js
+++ b/packages/core/acme-client/test/20-crypto.spec.js
@@ -50,7 +50,6 @@ dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0
 -----END TEST-----
 `;

-
 describe('crypto', () => {
    const testCsrDomain = 'example.com';
    const testSanCsrDomains = ['example.com', 'test.example.com', 'abc.example.com'];
@@ -58,7 +57,6 @@ describe('crypto', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');

-
    /**
     * Key types
     */
@@ -68,24 +66,23 @@ describe('crypto', () => {
            createKeyFns: {
                s1024: () => crypto.createPrivateRsaKey(1024),
                s2048: () => crypto.createPrivateRsaKey(),
-                s4096: () => crypto.createPrivateRsaKey(4096)
+                s4096: () => crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFns: {
                p256: () => crypto.createPrivateEcdsaKey(),
                p384: () => crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => crypto.createPrivateEcdsaKey('P-521')
+                p521: () => crypto.createPrivateEcdsaKey('P-521'),
            },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
    }).forEach(([name, { createKeyFns, jwkSpecFn }]) => {
        describe(name, () => {
            const testPrivateKeys = {};
            const testPublicKeys = {};

-
            /**
             * Iterate through all generator variations
             */
@@ -97,7 +94,6 @@ describe('crypto', () => {
                let testNonAsciiCsr;
                let testAlpnCertificate;

-
                /**
                 * Keys and JWK
                 */
@@ -132,14 +128,13 @@ describe('crypto', () => {
                    jwkSpecFn(jwk);
                });

-
                /**
                 * Certificate Signing Request
                 */

                it(`${n}/should generate a csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -151,7 +146,7 @@ describe('crypto', () => {
                it(`${n}/should generate a san csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testSanCsrDomains[0],
-                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -162,7 +157,7 @@ describe('crypto', () => {

                it(`${n}/should generate a csr without common name`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        altNames: testSanCsrDomains
+                        altNames: testSanCsrDomains,
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -175,7 +170,7 @@ describe('crypto', () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testCsrDomain,
                        organization: '大安區',
-                        organizationUnit: '中文部門'
+                        organizationUnit: '中文部門',
                    }, testPrivateKeys[n]);

                    assert.isTrue(Buffer.isBuffer(key));
@@ -186,7 +181,7 @@ describe('crypto', () => {

                it(`${n}/should generate a csr with key as string`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n].toString());

                    assert.isTrue(Buffer.isBuffer(key));
@@ -195,11 +190,10 @@ describe('crypto', () => {

                it(`${n}/should throw with invalid key`, async () => {
                    await assert.isRejected(crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPublicKeys[n]));
                });

-
                /**
                 * Domain and info resolver
                 */
@@ -243,7 +237,6 @@ describe('crypto', () => {
                    });
                });

-
                /**
                 * ALPN
                 */
@@ -284,7 +277,6 @@ describe('crypto', () => {
        });
    });

-
    /**
     * Common functionality
     */
@@ -294,7 +286,6 @@ describe('crypto', () => {
        let testCert;
        let testSanCert;

-
        it('should read private key fixture', async () => {
            testPemKey = await fs.readFile(testKeyPath);
            assert.isTrue(Buffer.isBuffer(testPemKey));
@@ -310,21 +301,19 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(testSanCert));
        });

-
        /**
         * CSR with auto-generated key
         */

        it('should generate a csr with default key', async () => {
            const [key, csr] = await crypto.createCsr({
-                commonName: testCsrDomain
+                commonName: testCsrDomain,
            });

            assert.isTrue(Buffer.isBuffer(key));
            assert.isTrue(Buffer.isBuffer(csr));
        });

-
        /**
         * Certificate
         */
@@ -352,7 +341,6 @@ describe('crypto', () => {
            });
        });

-
        /**
         * ALPN
         */
@@ -365,7 +353,6 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(cert));
        });

-
        /**
         * PEM utils
         */
--- a/packages/core/acme-client/test/50-client.spec.js
+++ b/packages/core/acme-client/test/50-client.spec.js
@@ -20,35 +20,32 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };

 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }

-
 describe('client', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testDomainAlpn = `${uuid()}.${domainName}`;
    const testDomainWildcard = `*.${testDomain}`;
    const testContact = `mailto:test-${uuid()}@nope.com`;

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * Key types
     */
@@ -58,18 +55,18 @@ describe('client', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
            },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
    }).forEach(([name, { createKeyFn, createKeyAltFns, jwkSpecFn }]) => {
        describe(name, () => {
            let testIssuers;
@@ -97,7 +94,6 @@ describe('client', () => {
            let testCertificateAlpn;
            let testCertificateWildcard;

-
            /**
             * Fixtures
             */
@@ -114,11 +110,11 @@ describe('client', () => {

            it('should generate certificate signing request', async () => {
                [, testCsr] = await acme.crypto.createCsr({ commonName: testDomain }, await createKeyFn());
-                [, testCsrAlpn] = await acme.crypto.createCsr({ commonName: testDomainAlpn }, await createKeyFn());
-                [, testCsrWildcard] = await acme.crypto.createCsr({ commonName: testDomainWildcard }, await createKeyFn());
+                [, testCsrAlpn] = await acme.crypto.createCsr({ altNames: [testDomainAlpn] }, await createKeyFn());
+                [, testCsrWildcard] = await acme.crypto.createCsr({ altNames: [testDomainWildcard] }, await createKeyFn());
            });

-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -134,7 +130,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Initialize clients
             */
@@ -142,7 +137,7 @@ describe('client', () => {
            it('should initialize client', () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });
            });

@@ -151,12 +146,11 @@ describe('client', () => {
                jwkSpecFn(jwk);
            });

-
            /**
             * Terms of Service
             */

-            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function () {
                if (!capMetaTosField) {
                    this.skip();
                }
@@ -165,7 +159,7 @@ describe('client', () => {
                assert.isString(tos);
            });

-            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function () {
                if (capMetaTosField) {
                    this.skip();
                }
@@ -174,12 +168,11 @@ describe('client', () => {
                assert.isNull(tos);
            });

-
            /**
             * Create account
             */

-            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function () {
                if (!capMetaTosField) {
                    this.skip();
                }
@@ -187,7 +180,7 @@ describe('client', () => {
                await assert.isRejected(testClient.createAccount());
            });

-            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function() {
+            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function () {
                if (!capEabEnabled) {
                    this.skip();
                }
@@ -195,17 +188,17 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    externalAccountBinding: null
+                    externalAccountBinding: null,
                });

                await assert.isRejected(client.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                }));
            });

            it('should create an account', async () => {
                testAccount = await testClient.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                });

                spec.rfc8555.account(testAccount);
@@ -217,7 +210,6 @@ describe('client', () => {
                assert.isString(testAccountUrl);
            });

-
            /**
             * Create account with alternate key sizes
             */
@@ -226,11 +218,11 @@ describe('client', () => {
                it(`should create account with key=${k}`, async () => {
                    const client = new acme.Client({
                        ...clientOpts,
-                        accountKey: await altKeyFn()
+                        accountKey: await altKeyFn(),
                    });

                    const account = await client.createAccount({
-                        termsOfServiceAgreed: true
+                        termsOfServiceAgreed: true,
                    });

                    spec.rfc8555.account(account);
@@ -238,7 +230,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Find existing account using secondary client
             */
@@ -246,22 +237,22 @@ describe('client', () => {
            it('should throw when trying to find account using invalid account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountSecondaryKey
+                    accountKey: testAccountSecondaryKey,
                });

                await assert.isRejected(client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                }));
            });

            it('should find existing account using account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });

                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -269,7 +260,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });

-
            /**
             * Account URL
             */
@@ -278,7 +268,7 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1'
+                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1',
                });

                await assert.isRejected(client.updateAccount());
@@ -288,11 +278,11 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: testAccountUrl
+                    accountUrl: testAccountUrl,
                });

                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -300,7 +290,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });

-
            /**
             * Update account contact info
             */
@@ -316,12 +305,11 @@ describe('client', () => {
                assert.include(account.contact, testContact);
            });

-
            /**
             * Change account private key
             */

-            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function() {
+            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function () {
                if (!capUpdateAccountKey) {
                    this.skip();
                }
@@ -329,7 +317,7 @@ describe('client', () => {
                await testClient.updateAccountKey(testAccountSecondaryKey);

                const account = await testClient.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });

                spec.rfc8555.account(account);
@@ -337,7 +325,6 @@ describe('client', () => {
                assert.notDeepEqual(account.key, testAccount.key);
            });

-
            /**
             * Create new certificate order
             */
@@ -357,7 +344,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Get status of existing certificate order
             */
@@ -371,7 +357,6 @@ describe('client', () => {
                }));
            });

-
            /**
             * Get identifier authorization
             */
@@ -401,7 +386,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Generate challenge key authorization
             */
@@ -418,7 +402,6 @@ describe('client', () => {
                [testKeyAuthorization, testKeyAuthorizationAlpn, testKeyAuthorizationWildcard].forEach((k) => assert.isString(k));
            });

-
            /**
             * Deactivate identifier authorization
             */
@@ -427,8 +410,8 @@ describe('client', () => {
                const order = await testClient.createOrder({
                    identifiers: [
                        { type: 'dns', value: `${uuid()}.${domainName}` },
-                        { type: 'dns', value: `${uuid()}.${domainName}` }
-                    ]
+                        { type: 'dns', value: `${uuid()}.${domainName}` },
+                    ],
                });

                const authzCollection = await testClient.getAuthorizations(order);
@@ -445,7 +428,6 @@ describe('client', () => {
                });
            });

-
            /**
             * Verify satisfied challenge
             */
@@ -460,7 +442,6 @@ describe('client', () => {
                await testClient.verifyChallenge(testAuthzWildcard, testChallengeWildcard);
            });

-
            /**
             * Complete challenge
             */
@@ -474,7 +455,6 @@ describe('client', () => {
                }));
            });

-
            /**
             * Wait for valid challenge
             */
@@ -483,7 +463,6 @@ describe('client', () => {
                await Promise.all([testChallenge, testChallengeAlpn, testChallengeWildcard].map(async (c) => testClient.waitForValidStatus(c)));
            });

-
            /**
             * Finalize order
             */
@@ -500,7 +479,6 @@ describe('client', () => {
                assert.strictEqual(testOrderWildcard.url, finalizeWildcard.url);
            });

-
            /**
             * Wait for valid order
             */
@@ -509,7 +487,6 @@ describe('client', () => {
                await Promise.all([testOrder, testOrderAlpn, testOrderWildcard].map(async (o) => testClient.waitForValidStatus(o)));
            });

-
            /**
             * Get certificate
             */
@@ -525,7 +502,7 @@ describe('client', () => {
                });
            });

-            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -539,7 +516,7 @@ describe('client', () => {
                }));
            });

-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -551,7 +528,6 @@ describe('client', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });

-
            /**
             * Revoke certificate
             */
@@ -568,7 +544,6 @@ describe('client', () => {
                await assert.isRejected(testClient.getCertificate(testOrderWildcard));
            });

-
            /**
             * Deactivate account
             */
@@ -581,7 +556,6 @@ describe('client', () => {
                assert.strictEqual(account.status, 'deactivated');
            });

-
            /**
             * Verify that no new orders can be made
             */
--- a/packages/core/acme-client/test/70-auto.spec.js
+++ b/packages/core/acme-client/test/70-auto.spec.js
@@ -18,17 +18,16 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };

 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }

-
 describe('client.auto', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testHttpDomain = `${uuid()}.${domainName}`;
@@ -40,21 +39,19 @@ describe('client.auto', () => {
    const testSanDomains = [
        `${uuid()}.${domainName}`,
        `${uuid()}.${domainName}`,
-        `${uuid()}.${domainName}`
+        `${uuid()}.${domainName}`,
    ];

-
    /**
     * Pebble CTS required
     */

-    before(function() {
+    before(function () {
        if (!cts.isEnabled()) {
            this.skip();
        }
    });

-
    /**
     * Key types
     */
@@ -64,16 +61,16 @@ describe('client.auto', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
-            }
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
+            },
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
-            }
-        }
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
+            },
+        },
    }).forEach(([name, { createKeyFn, createKeyAltFns }]) => {
        describe(name, () => {
            let testIssuers;
@@ -82,12 +79,11 @@ describe('client.auto', () => {
            let testSanCertificate;
            let testWildcardCertificate;

-
            /**
             * Fixtures
             */

-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }
@@ -103,7 +99,6 @@ describe('client.auto', () => {
                });
            });

-
            /**
             * Initialize client
             */
@@ -111,31 +106,30 @@ describe('client.auto', () => {
            it('should initialize client', async () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: await createKeyFn()
+                    accountKey: await createKeyFn(),
                });
            });

-
            /**
             * Invalid challenge response
             */

            it('should throw on invalid challenge response', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^authorization not found/i);
            });

            it('should throw on invalid challenge response with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
@@ -143,38 +137,37 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }));
            });

-
            /**
             * Challenge function exceptions
             */

            it('should throw on challengeCreate exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeThrowFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^oops$/);
            });

            it('should not throw on challengeRemove exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeThrowFn
+                    challengeRemoveFn: cts.challengeThrowFn,
                });

                assert.isString(cert);
@@ -188,8 +181,8 @@ describe('client.auto', () => {
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
-                        `${uuid()}.${domainName}`
-                    ]
+                        `${uuid()}.${domainName}`,
+                    ],
                }, await createKeyFn());

                await assert.isRejected(testClient.auto({
@@ -205,28 +198,27 @@ describe('client.auto', () => {
                        results.push(true);
                        return cts.challengeCreateFn(...args);
                    },
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                }));

                assert.strictEqual(results.length, 5);
                assert.deepStrictEqual(results, [false, false, false, true, true]);
            });

-
            /**
             * Order certificates
             */

            it('should order certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDomain
+                    commonName: testDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -235,7 +227,7 @@ describe('client.auto', () => {

            it('should order certificate using http-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpDomain
+                    commonName: testHttpDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -243,7 +235,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });

                assert.isString(cert);
@@ -251,7 +243,7 @@ describe('client.auto', () => {

            it('should order certificate using https-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpsDomain
+                    commonName: testHttpsDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -259,7 +251,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });

                assert.isString(cert);
@@ -267,7 +259,7 @@ describe('client.auto', () => {

            it('should order certificate using dns-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDnsDomain
+                    commonName: testDnsDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -275,7 +267,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertDnsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['dns-01']
+                    challengePriority: ['dns-01'],
                });

                assert.isString(cert);
@@ -283,7 +275,7 @@ describe('client.auto', () => {

            it('should order certificate using tls-alpn-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testAlpnDomain
+                    commonName: testAlpnDomain,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -291,7 +283,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertTlsAlpnChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['tls-alpn-01']
+                    challengePriority: ['tls-alpn-01'],
                });

                assert.isString(cert);
@@ -299,15 +291,14 @@ describe('client.auto', () => {

            it('should order san certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testSanDomains[0],
-                    altNames: testSanDomains
+                    altNames: testSanDomains,
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -316,15 +307,14 @@ describe('client.auto', () => {

            it('should order wildcard certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testWildcardDomain,
-                    altNames: [`*.${testWildcardDomain}`]
+                    altNames: [testWildcardDomain, `*.${testWildcardDomain}`],
                }, await createKeyFn());

                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
@@ -333,7 +323,7 @@ describe('client.auto', () => {

            it('should order certificate with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -341,20 +331,20 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                assert.isString(cert);
            });

-            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }

                await Promise.all(testIssuers.map(async (issuer) => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: `${uuid()}.${domainName}`
+                        commonName: `${uuid()}.${domainName}`,
                    }, await createKeyFn());

                    const cert = await testClient.auto({
@@ -362,7 +352,7 @@ describe('client.auto', () => {
                        termsOfServiceAgreed: true,
                        preferredChain: issuer,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });

                    const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -372,13 +362,13 @@ describe('client.auto', () => {
                }));
            });

-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                if (!capAlternateCertRoots) {
                    this.skip();
                }

                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());

                const cert = await testClient.auto({
@@ -386,7 +376,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    preferredChain: uuid(),
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });

                const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -395,7 +385,6 @@ describe('client.auto', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });

-
            /**
             * Order certificate with alternate key sizes
             */
@@ -403,21 +392,20 @@ describe('client.auto', () => {
            Object.entries(createKeyAltFns).forEach(([k, altKeyFn]) => {
                it(`should order certificate with key=${k}`, async () => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: testDomain
+                        commonName: testDomain,
                    }, await altKeyFn());

                    const cert = await testClient.auto({
                        csr,
                        termsOfServiceAgreed: true,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });

                    assert.isString(cert);
                });
            });

-
            /**
             * Read certificates
             */
@@ -426,7 +414,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testDomain]);
            });

@@ -434,7 +422,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testSanCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testSanDomains[0]);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, testSanDomains);
            });

@@ -442,7 +430,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testWildcardCertificate);

                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testWildcardDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testWildcardDomain, `*.${testWildcardDomain}`]);
            });
        });
--- a/packages/core/acme-client/test/challtestsrv.js
+++ b/packages/core/acme-client/test/challtestsrv.js
@@ -8,7 +8,6 @@ const axios = require('./../src/axios');
 const apiBaseUrl = process.env.ACME_CHALLTESTSRV_URL || null;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;

-
 /**
 * Send request
 */
@@ -21,20 +20,18 @@ async function request(apiPath, data = {}) {
    await axios.request({
        url: `${apiBaseUrl}/${apiPath}`,
        method: 'post',
-        data
+        data,
    });

    return true;
 }

-
 /**
 * State
 */

 exports.isEnabled = () => !!apiBaseUrl;

-
 /**
 * DNS
 */
@@ -42,7 +39,6 @@ exports.isEnabled = () => !!apiBaseUrl;
 exports.addDnsARecord = async (host, addresses) => request('add-a', { host, addresses });
 exports.setDnsCnameRecord = async (host, target) => request('set-cname', { host, target });

-
 /**
 * Challenge response
 */
@@ -55,7 +51,7 @@ async function addHttps01ChallengeResponse(token, content, targetHostname) {
    await addHttp01ChallengeResponse(token, content);
    return request('add-redirect', {
        path: `/.well-known/acme-challenge/${token}`,
-        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`
+        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`,
    });
 }

@@ -72,7 +68,6 @@ exports.addHttps01ChallengeResponse = addHttps01ChallengeResponse;
 exports.addDns01ChallengeResponse = addDns01ChallengeResponse;
 exports.addTlsAlpn01ChallengeResponse = addTlsAlpn01ChallengeResponse;

-
 /**
 * Challenge response mock functions
 */
--- a/packages/core/acme-client/test/get-cert-issuers.js
+++ b/packages/core/acme-client/test/get-cert-issuers.js
@@ -7,7 +7,6 @@ const util = require('./../src/util');

 const pebbleManagementUrl = process.env.ACME_PEBBLE_MANAGEMENT_URL || null;

-
 /**
 * Pebble
 */
@@ -26,7 +25,6 @@ async function getPebbleCertIssuers() {
    return info.map((i) => i.issuer.commonName);
 }

-
 /**
 * Get certificate issuers
 */
--- a/packages/core/acme-client/test/setup.js
+++ b/packages/core/acme-client/test/setup.js
@@ -7,14 +7,12 @@ const chai = require('chai');
 const chaiAsPromised = require('chai-as-promised');
 const axios = require('./../src/axios');

-
 /**
 * Add promise support to Chai
 */

 chai.use(chaiAsPromised);

-
 /**
 * Challenge test server ports
 */
@@ -31,7 +29,6 @@ if (process.env.ACME_TLSALPN_PORT) {
    axios.defaults.acmeSettings.tlsAlpnChallengePort = process.env.ACME_TLSALPN_PORT;
 }

-
 /**
 * External account binding
 */
--- a/packages/core/acme-client/test/spec.js
+++ b/packages/core/acme-client/test/spec.js
@@ -7,7 +7,6 @@ const { assert } = require('chai');
 const spec = {};
 module.exports = spec;

-
 /**
 * ACME
 */
@@ -120,7 +119,6 @@ spec.rfc8555.challenge = (obj) => {
    }
 };

-
 /**
 * Crypto
 */
@@ -150,7 +148,6 @@ spec.crypto.certificateInfo = (obj) => {
    assert.strictEqual(Object.prototype.toString.call(obj.notAfter), '[object Date]');
 };

-
 /**
 * JWK
 */
--- a/packages/core/acme-client/tsconfig.json
+++ b/packages/core/acme-client/tsconfig.json
@@ -1,11 +1,13 @@
 {
+    "compileOnSave": false,
    "compilerOptions": {
        "module": "commonjs",
        "lib": ["es6"],
        "strict": true,
-        "noEmit": true,
+        "noEmit": false,
        "esModuleInterop": true,
        "baseUrl": ".",
+        "composite": true,
        "paths": { "acme-client": ["."] }
    }
 }
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@@ -15,7 +15,6 @@ export type PublicKeyString = string;
 export type CertificateString = string;
 export type CsrString = string;

-
 /**
 * Augmented ACME interfaces
 */
@@ -28,6 +27,10 @@ export interface Authorization extends rfc8555.Authorization {
    url: string;
 }

+export type UrlMapping={
+    enabled: boolean
+    mappings: Record<string, string>
+}

 /**
 * Client
@@ -41,6 +44,7 @@ export interface ClientOptions {
    backoffAttempts?: number;
    backoffMin?: number;
    backoffMax?: number;
+    urlMapping?: UrlMapping;
 }

 export interface ClientExternalAccountBindingOptions {
@@ -80,7 +84,6 @@ export class Client {
    auto(opts: ClientAutoOptions): Promise<string>;
 }

-
 /**
 * Directory URLs
 */
@@ -90,16 +93,20 @@ export const directory: {
        staging: string,
        production: string
    },
+    google: {
+        staging: string,
+        production: string
+    },
    letsencrypt: {
        staging: string,
        production: string
    },
    zerossl: {
+        staging: string,
        production: string
    }
 };

-
 /**
 * Crypto
 */
@@ -177,14 +184,12 @@ export interface CryptoLegacyInterface {

 export const forge: CryptoLegacyInterface;

-
 /**
 * Axios
 */

 export const axios: AxiosInstance;

-
 /**
 * Logger
 */
--- a/packages/core/acme-client/types/index.test-d.ts
+++ b/packages/core/acme-client/types/index.test-d.ts
@@ -4,7 +4,6 @@

 import * as acme from 'acme-client';

-
 (async () => {
    /* Client */
    const accountKey = await acme.crypto.createPrivateKey();
--- a/packages/core/acme-client/types/rfc8555.d.ts
+++ b/packages/core/acme-client/types/rfc8555.d.ts
@@ -27,7 +27,6 @@ export interface AccountUpdateRequest {
    termsOfServiceAgreed?: boolean;
 }

-
 /**
 * Order
 *
@@ -53,7 +52,6 @@ export interface OrderCreateRequest {
    notAfter?: string;
 }

-
 /**
 * Authorization
 *
@@ -73,7 +71,6 @@ export interface Identifier {
    value: string;
 }

-
 /**
 * Challenge
 *
@@ -102,7 +99,6 @@ export interface DnsChallenge extends ChallengeAbstract {

 export type Challenge = HttpChallenge | DnsChallenge;

-
 /**
 * Certificate
 *
--- a/packages/core/pipeline/.gitignore
+++ b/packages/core/pipeline/.gitignore
@@ -23,4 +23,6 @@ dist-ssr
 *.sln
 *.sw?

-test/user.secret.ts
+test/user.secret.*
+test/**/*.js
+src/**/*.spec.ts
--- a/packages/core/pipeline/.mocharc.json
+++ b/packages/core/pipeline/.mocharc.json
@@ -1,5 +1,4 @@
 {
  "extension": ["ts"],
-  "spec": "test/**/*.test.ts",
-  "require": "ts-node/register"
-}
+  "spec": "src/**/*.spec.ts"
+}
--- a/packages/core/pipeline/.npmignore
+++ b/packages/core/pipeline/.npmignore
@@ -1,2 +1,3 @@
 node_modules
-src
+src
+dist/**/*.spec.*
--- a/packages/core/pipeline/.npmrc
+++ b/packages/core/pipeline/.npmrc
@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true
--- a/packages/core/pipeline/CHANGELOG.md
+++ b/packages/core/pipeline/CHANGELOG.md
@@ -3,6 +3,99 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.22.7](https://github.com/certd/certd/compare/v1.22.6...v1.22.7) (2024-08-04)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Performance Improvements
+
+* 支持cloudflare域名 ([fbb9a47](https://github.com/certd/certd/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/certd/certd/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+### Performance Improvements
+
+* 优化文件下载包名 ([d9eb927](https://github.com/certd/certd/commit/d9eb927b0a1445feab08b1958aa9ea80637a5ae6))
+
+## [1.20.9](https://github.com/certd/certd/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.8](https://github.com/certd/certd/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.20.7](https://github.com/certd/certd/compare/v1.20.6...v1.20.7) (2024-03-22)

 **Note:** Version bump only for package @certd/pipeline
--- a/packages/core/pipeline/build.md
+++ b/packages/core/pipeline/build.md
@@ -0,0 +1 @@
+22:30
--- a/packages/core/pipeline/fix-esm-import-paths.js
+++ b/packages/core/pipeline/fix-esm-import-paths.js
@@ -0,0 +1,96 @@
+import * as fs from "fs";
+import * as path from "path";
+
+// https://gist.github.com/lovasoa/8691344
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+function resolveImportPath(sourceFile, importPath, options) {
+  const sourceFileAbs = path.resolve(process.cwd(), sourceFile);
+  const root = path.dirname(sourceFileAbs);
+  const { moduleFilter = defaultModuleFilter } = options;
+
+  if (moduleFilter(importPath)) {
+    const importPathAbs = path.resolve(root, importPath);
+    let possiblePath = [path.resolve(importPathAbs, "./index.ts"), path.resolve(importPathAbs, "./index.js"), importPathAbs + ".ts", importPathAbs + ".js"];
+
+    if (possiblePath.length) {
+      for (let i = 0; i < possiblePath.length; i++) {
+        let entry = possiblePath[i];
+        if (fs.existsSync(entry)) {
+          const resolved = path.relative(root, entry.replace(/\.ts$/, ".js"));
+
+          if (!resolved.startsWith(".")) {
+            return "./" + resolved;
+          }
+
+          return resolved;
+        }
+      }
+    }
+  }
+
+  return null;
+}
+
+function replace(filePath, outFilePath, options) {
+  const code = fs.readFileSync(filePath).toString();
+  const newCode = code.replace(/(import|export) (.+?) from ('[^\n']+'|"[^\n"]+");/gs, function (found, action, imported, from) {
+    const importPath = from.slice(1, -1);
+    let resolvedPath = resolveImportPath(filePath, importPath, options);
+
+    if (resolvedPath) {
+      resolvedPath = resolvedPath.replaceAll("\\", "/");
+      console.log("\t", importPath, resolvedPath);
+      return `${action} ${imported} from "${resolvedPath}";`;
+    }
+
+    return found;
+  });
+
+  if (code !== newCode) {
+    fs.writeFileSync(outFilePath, newCode);
+  }
+}
+
+// Then, use it with a simple async for loop
+async function run(srcDir, options = defaultOptions) {
+  const { sourceFileFilter = defaultSourceFileFilter } = options;
+
+  for await (const entry of walk(srcDir)) {
+    if (sourceFileFilter(entry)) {
+      console.log(entry);
+      replace(entry, entry, options);
+    }
+  }
+}
+
+const defaultSourceFileFilter = function (sourceFilePath) {
+  return /\.(js|ts)$/.test(sourceFilePath) && !/node_modules/.test(sourceFilePath);
+};
+
+const defaultModuleFilter = function (importedModule) {
+  return !path.isAbsolute(importedModule) && !importedModule.startsWith("@") && !importedModule.endsWith(".js");
+};
+
+const defaultOptions = {
+  sourceFileFilter: defaultSourceFileFilter,
+  moduleFilter: defaultModuleFilter,
+};
+
+// Switch this to test on one file or directly run on a directory.
+const DEBUG = false;
+
+if (DEBUG) {
+  replace("./src/index.ts", "./out.ts", defaultOptions);
+} else {
+  await run("./src/", defaultOptions);
+}
--- a/packages/core/pipeline/package.json
+++ b/packages/core/pipeline/package.json
@@ -1,49 +1,47 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.20.7",
-  "main": "./src/index.ts",
-  "module": "./src/index.ts",
-  "types": "./src/index.ts",
-  "publishConfig": {
-    "main": "./dist/bundle.js",
-    "module": "./dist/bundle.mjs",
-    "types": "./dist/d/index.d.ts"
-  },
+  "version": "1.22.7",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
  "scripts": {
    "dev": "vite",
-    "build": "rollup -c",
+    "build": "tsc --skipLibCheck",
+    "build3": "rollup -c",
    "build2": "vue-tsc --noEmit && vite build",
-    "preview": "vite preview"
+    "preview": "vite preview",
+    "test": "mocha   --loader=ts-node/esm"
  },
  "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
+    "fix-path": "^4.0.0",
+    "lodash-es": "^4.17.21",
    "node-forge": "^1.3.1",
    "nodemailer": "^6.9.3",
    "qs": "^6.11.2"
  },
  "devDependencies": {
-    "@certd/acme-client": "^1.20.7",
    "@rollup/plugin-commonjs": "^23.0.4",
    "@rollup/plugin-json": "^6.0.0",
    "@rollup/plugin-node-resolve": "^15.0.1",
    "@rollup/plugin-terser": "^0.4.3",
    "@rollup/plugin-typescript": "^11.0.0",
-    "@types/chai": "^4.3.5",
-    "@types/lodash": "^4.14.194",
+    "@types/chai": "^4.3.10",
+    "@types/lodash-es": "^4.17.12",
    "@types/mocha": "^10.0.1",
    "@types/node-forge": "^1.3.2",
    "@types/uuid": "^9.0.2",
    "@typescript-eslint/eslint-plugin": "^5.59.7",
    "@typescript-eslint/parser": "^5.59.7",
-    "chai": "^4.3.7",
+    "chai": "4.3.10",
    "dayjs": "^1.11.7",
    "eslint": "^8.41.0",
    "eslint-config-prettier": "^8.8.0",
    "eslint-plugin-import": "^2.27.5",
    "eslint-plugin-node": "^11.1.0",
    "eslint-plugin-prettier": "^4.2.1",
-    "lodash": "^4.17.21",
+    "iconv-lite": "^0.6.3",
    "log4js": "^6.9.1",
    "mocha": "^10.2.0",
    "prettier": "^2.8.8",
@@ -52,10 +50,11 @@
    "rollup-plugin-typescript2": "^0.34.1",
    "rollup-plugin-visualizer": "^5.8.2",
    "ts-node": "^10.9.1",
+    "tsc-esm-fix": "^3.0.0",
    "tslib": "^2.5.2",
    "typescript": "^5.0.4",
    "vite": "^4.3.8",
    "vue-tsc": "^1.6.5"
  },
-  "gitHead": "b258e926209fef4cc4d633b0383eb54e26c516f9"
+  "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }
--- a/packages/core/pipeline/rollup.config.js
+++ b/packages/core/pipeline/rollup.config.js
@@ -1,43 +0,0 @@
-const resolve = require("@rollup/plugin-node-resolve");
-const commonjs = require("@rollup/plugin-commonjs");
-//const Typescript = require("rollup-plugin-typescript2");
-const Typescript = require("@rollup/plugin-typescript");
-const json = require("@rollup/plugin-json");
-const terser = require("@rollup/plugin-terser");
-module.exports = {
-  input: "src/index.ts",
-  output: {
-    file: "dist/bundle.js",
-    format: "cjs",
-  },
-  plugins: [
-    // 解析第三方依赖
-    resolve(),
-    // 识别 commonjs 模式第三方依赖
-    commonjs(),
-    Typescript({
-      target: "esnext",
-      rootDir: "src",
-      declaration: true,
-      declarationDir: "dist/d",
-      exclude: ["./node_modules/**", "./src/**/*.vue"],
-      allowSyntheticDefaultImports: true,
-    }),
-    json(),
-    terser(),
-  ],
-  external: [
-    "vue",
-    "lodash",
-    "dayjs",
-    "@certd/acme-client",
-    "@certd/pipeline",
-    "@certd/plugin-cert",
-    "@certd/plugin-aliyun",
-    "@certd/plugin-tencent",
-    "@certd/plugin-huawei",
-    "@certd/plugin-host",
-    "@certd/plugin-tencent",
-    "@certd/plugin-util",
-  ],
-};
--- a/packages/core/pipeline/src/access/api.ts
+++ b/packages/core/pipeline/src/access/api.ts
@@ -1,5 +1,5 @@
-import { Registrable } from "../registry";
-import { FormItemProps } from "../d.ts";
+import { Registrable } from "../registry/index.js";
+import { FormItemProps } from "../dt/index.js";

 export type AccessInputDefine = FormItemProps & {
  title: string;
--- a/packages/core/pipeline/src/access/decorator.ts
+++ b/packages/core/pipeline/src/access/decorator.ts
@@ -1,8 +1,8 @@
 // src/decorator/memoryCache.decorator.ts
-import { AccessDefine, AccessInputDefine } from "./api";
-import { Decorator } from "../decorator";
-import _ from "lodash";
-import { accessRegistry } from "./registry";
+import { AccessDefine, AccessInputDefine } from "./api.js";
+import { Decorator } from "../decorator/index.js";
+import _ from "lodash-es";
+import { accessRegistry } from "./registry.js";

 // 提供一个唯一 key
 export const ACCESS_CLASS_KEY = "pipeline:access";
--- a/packages/core/pipeline/src/access/index.ts
+++ b/packages/core/pipeline/src/access/index.ts
@@ -1,3 +1,3 @@
-export * from "./api";
-export * from "./registry";
-export * from "./decorator";
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
--- a/packages/core/pipeline/src/access/registry.ts
+++ b/packages/core/pipeline/src/access/registry.ts
@@ -1,4 +1,4 @@
-import { Registry } from "../registry";
+import { Registry } from "../registry/index.js";

 // @ts-ignore
-export const accessRegistry = new Registry();
+export const accessRegistry = new Registry("access");
--- a/packages/core/pipeline/src/context/index.ts
+++ b/packages/core/pipeline/src/context/index.ts
@@ -1,5 +1,5 @@
 import { AxiosInstance } from "axios";
-import { IContext } from "../core";
+import { IContext } from "../core/index.js";

 export type HttpClient = AxiosInstance;
 export type UserContext = IContext;
--- a/packages/core/pipeline/src/core/context.ts
+++ b/packages/core/pipeline/src/core/context.ts
@@ -1,4 +1,5 @@
-import { IStorage, MemoryStorage } from "./storage";
+import { IStorage, MemoryStorage } from "./storage.js";
+
 const CONTEXT_VERSION_KEY = "contextVersion";
 export interface IContext {
  getInt(key: string): Promise<number>;
@@ -20,13 +21,11 @@ export class ContextFactory {
  }

  getContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.storage);
-    return context;
+    return new StorageContext(scope, namespace, this.storage);
  }

  getMemoryContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.memoryStorage);
-    return context;
+    return new StorageContext(scope, namespace, this.memoryStorage);
  }
 }

--- a/packages/core/pipeline/src/core/executor.ts
+++ b/packages/core/pipeline/src/core/executor.ts
@@ -1,18 +1,18 @@
-import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { RunHistory, RunnableCollection } from "./run-history";
-import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin";
-import { ContextFactory, IContext } from "./context";
-import { IStorage } from "./storage";
-import { logger } from "../utils/util.log";
+import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { RunHistory, RunnableCollection } from "./run-history.js";
+import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin/index.js";
+import { ContextFactory, IContext } from "./context.js";
+import { IStorage } from "./storage.js";
+import { logger } from "../utils/util.log.js";
 import { Logger } from "log4js";
-import { request } from "../utils/util.request";
-import { IAccessService } from "../access";
-import { RegistryItem } from "../registry";
-import { Decorator } from "../decorator";
-import { IEmailService } from "../service";
-import { FileStore } from "./file-store";
-import { TimeoutPromise } from "../utils/util.promise";
+import { createAxiosService } from "../utils/util.request.js";
+import { IAccessService } from "../access/index.js";
+import { RegistryItem } from "../registry/index.js";
+import { Decorator } from "../decorator/index.js";
+import { IEmailService } from "../service/index.js";
+import { FileStore } from "./file-store.js";
+// import { TimeoutPromise } from "../utils/util.promise.js";

 export type ExecutorOptions = {
  userId: any;
@@ -33,7 +33,7 @@ export class Executor {
  lastRuntime!: RunHistory;
  options: ExecutorOptions;
  canceled = false;
-  onChanged: (history: RunHistory) => void;
+  onChanged: (history: RunHistory) => Promise<void>;
  constructor(options: ExecutorOptions) {
    this.options = options;
    this.pipeline = _.cloneDeep(options.pipeline);
@@ -110,12 +110,13 @@ export class Executor {
    const intervalFlushLogId = setInterval(async () => {
      await this.onChanged(this.runtime);
    }, 5000);
-    const timeout = runnable.timeout ?? 20 * 60 * 1000;
+
+    // const timeout = runnable.timeout ?? 20 * 60 * 1000;
    try {
      if (this.canceled) {
-        throw new Error("task canceled");
+        return ResultType.canceled;
      }
-      await TimeoutPromise(run, timeout);
+      await run();
      this.runtime.success(runnable);
      return ResultType.success;
    } catch (e: any) {
@@ -142,19 +143,25 @@ export class Executor {
  async runStage(stage: Stage) {
    const runnerList = [];
    for (const task of stage.tasks) {
-      const runner = this.runWithHistory(task, "task", async () => {
-        await this.runTask(task);
-      });
+      const runner = async () => {
+        return this.runWithHistory(task, "task", async () => {
+          await this.runTask(task);
+        });
+      };
      runnerList.push(runner);
    }

    let resList: ResultType[] = [];
    if (stage.concurrency === ConcurrencyStrategy.Parallel) {
-      resList = await Promise.all(runnerList);
+      const pList = [];
+      for (const item of runnerList) {
+        pList.push(item());
+      }
+      resList = await Promise.all(pList);
    } else {
      for (let i = 0; i < runnerList.length; i++) {
        const runner = runnerList[i];
-        resList[i] = await runner;
+        resList[i] = await runner();
      }
    }
    return this.compositionResultType(resList);
@@ -206,18 +213,24 @@ export class Executor {
        if (contextKey != null) {
          const value = this.runtime.context[contextKey];
          if (value == null) {
-            currentLogger.warn(`[step init] input ${define.title} is null`);
+            currentLogger.warn(`[step init] input ${define.title} is null，前置任务步骤输出值为空，请按如下步骤排查：`);
+            currentLogger.log(`1、检查前置任务（证书申请任务）是否是配置了成功后跳过，如果是，请改为正常执行`);
+            currentLogger.log(
+              `2、是否曾经删除过前置任务（证书申请任务），然后又重新添加了，如果是，请重新编辑当前任务，重新选择一下前置任务输出的参数（域名证书那一栏）`
+            );
+            currentLogger.log(`3、以上都不是，联系作者吧`);
          }
          step.input[key] = value;
        }
      }
    });

+    const http = createAxiosService({ logger: currentLogger });
    const taskCtx: TaskInstanceContext = {
      pipeline: this.pipeline,
      step,
      lastStatus,
-      http: request,
+      http,
      logger: currentLogger,
      accessService: this.options.accessService,
      emailService: this.options.emailService,
@@ -233,18 +246,26 @@ export class Executor {

    await instance.onInstance();
    await instance.execute();
-
+    //执行结果处理
    if (instance._result.clearLastStatus) {
+      //是否需要清除所有状态
      this.lastStatusMap.clear();
    }
-    //输出到output context
-    _.forEach(define.output, (item, key) => {
+    //输出上下文变量到output context
+    _.forEach(define.output, (item: any, key: any) => {
      step.status!.output[key] = instance[key];
      const stepOutputKey = `step.${step.id}.${key}`;
      this.runtime.context[stepOutputKey] = instance[key];
    });
-
    step.status!.files = instance.getFiles();
+
+    //更新pipeline vars
+    if (Object.keys(instance._result.pipelineVars).length > 0) {
+      // 判断 pipelineVars 有值时更新
+      const vars = this.pipelineContext.getObj("vars");
+      _.merge(vars, instance._result.pipelineVars);
+      await this.pipelineContext.setObj("vars", vars);
+    }
  }

  async notification(when: NotificationWhen, error?: any) {
@@ -274,12 +295,16 @@ export class Executor {
        continue;
      }
      if (notification.type === "email") {
-        this.options.emailService?.send({
-          userId: this.pipeline.userId,
-          subject,
-          content,
-          receivers: notification.options.receivers,
-        });
+        try {
+          await this.options.emailService?.send({
+            userId: this.pipeline.userId,
+            subject,
+            content,
+            receivers: notification.options.receivers,
+          });
+        } catch (e) {
+          logger.error("send email error", e);
+        }
      }
    }
  }
--- a/packages/core/pipeline/src/core/file-store.ts
+++ b/packages/core/pipeline/src/core/file-store.ts
@@ -1,7 +1,8 @@
-import { fileUtils } from "../utils/util.file";
+import { fileUtils } from "../utils/index.js";
 import dayjs from "dayjs";
 import path from "path";
 import fs from "fs";
+import { logger } from "../utils/index.js";

 export type FileStoreOptions = {
  rootDir?: string;
@@ -9,6 +10,12 @@ export type FileStoreOptions = {
  parent: string;
 };

+export interface IFileStore {
+  readFile(filePath: string): Buffer | null;
+  writeFile(filename: string, file: Buffer): string;
+  deleteByParent(scope: string, parent: string): void;
+}
+
 export class FileStore {
  rootDir: string;
  scope: string;
@@ -30,10 +37,11 @@ export class FileStore {
    const localPath = this.buildFilePath(filename);

    fs.writeFileSync(localPath, file);
+    logger.info(`写入文件：${localPath}`);
    return localPath;
  }

-  private buildFilePath(filename: string) {
+  protected buildFilePath(filename: string) {
    const parentDir = path.join(this.rootDir, this.scope + "", this.parent + "", dayjs().format("YYYY-MM-DD"));
    if (!fs.existsSync(parentDir)) {
      fs.mkdirSync(parentDir, { recursive: true });
--- a/packages/core/pipeline/src/core/index.ts
+++ b/packages/core/pipeline/src/core/index.ts
@@ -1,5 +1,6 @@
-export * from "./executor";
-export * from "./run-history";
-export * from "./context";
-export * from "./storage";
-export * from "./file-store";
+export * from "./executor.js";
+export * from "./run-history.js";
+export * from "./context.js";
+export * from "./storage.js";
+export * from "./file-store.js";
+export * from "./license.js";
--- a/packages/core/pipeline/src/core/license.spec.ts
+++ b/packages/core/pipeline/src/core/license.spec.ts
@@ -0,0 +1,15 @@
+import { isPlus, verify } from "./license.js";
+import { equal } from "assert";
+describe("license", function () {
+  it("#license", async function () {
+    const req = {
+      appKey: "z4nXOeTeSnnpUpnmsV",
+      subjectId: "999",
+      license: "",
+    };
+    const plus = isPlus();
+    equal(plus, false);
+    const res = await verify(req);
+    equal(res, true);
+  });
+});
--- a/packages/core/pipeline/src/core/license.ts
+++ b/packages/core/pipeline/src/core/license.ts
@@ -0,0 +1,85 @@
+import { createVerify } from "node:crypto";
+import { logger } from "../utils/index.js";
+
+const SecreteKey =
+  "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXY3TGtMaUp1dGM0NzhTU3RaTExjajVGZXh1YjJwR2NLMGxwa0hwVnlZWjhMY29rRFhuUlAKUGQ5UlJSTVRTaGJsbFl2Mzd4QUhOV1ZIQ0ZsWHkrQklVU001bUlBU1NDQTV0azlJNmpZZ2F4bEFDQm1BY0lGMwozKzBjeGZIYVkrVW9YdVluMkZ6YUt2Ym5GdFZIZ0lkMDg4a3d4clZTZzlCT3BDRVZIR1pxR2I5TWN5MXVHVXhUClFTVENCbmpoTWZlZ0p6cXVPYWVOY0ZPSE5tbmtWRWpLTythbTBPeEhNS1lyS3ZnQnVEbzdoVnFENlBFMUd6V3AKZHdwZUV4QXZDSVJxL2pWTkdRK3FtMkRWOVNJZ3U5bmF4MktmSUtFeU50dUFFS1VpekdqL0VmRFhDM1cxMExhegpKaGNYNGw1SUFZU1o3L3JWVmpGbExWSVl0WDU1T054L1Z3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K";
+const appKey = "z4nXOeTeSnnpUpnmsV";
+export type LicenseVerifyReq = {
+  subjectId: string;
+  license: string;
+};
+
+type License = {
+  appKey: string;
+  code: string;
+  subjectId: string;
+  expireTime: number;
+  activeTime: number;
+  duration: number;
+  version: number;
+  secret: string;
+  signature: string;
+};
+
+class LicenseHolder {
+  isPlus = false;
+}
+const holder = new LicenseHolder();
+holder.isPlus = false;
+
+class LicenseVerifier {
+  checked = false;
+  licenseReq?: LicenseVerifyReq = undefined;
+  async reVerify(req: LicenseVerifyReq) {
+    this.checked = false;
+    return await this.verify(req);
+  }
+
+  setPlus(value: boolean) {
+    holder.isPlus = value;
+    return value;
+  }
+  async verify(req: LicenseVerifyReq) {
+    this.licenseReq = req;
+    if (this.checked) {
+      return this.setPlus(false);
+    }
+    const license = req?.license;
+    if (!license) {
+      this.checked = true;
+      return this.setPlus(false);
+    }
+
+    const licenseJson = Buffer.from(Buffer.from(license, "hex").toString(), "base64").toString();
+    const json: License = JSON.parse(licenseJson);
+    if (json.expireTime < Date.now()) {
+      logger.warn("授权已过期");
+      return this.setPlus(false);
+    }
+    const content = `${appKey},${this.licenseReq.subjectId},${json.code},${json.secret},${json.activeTime},${json.duration},${json.expireTime},${json.version}`;
+    const publicKey = Buffer.from(SecreteKey, "base64").toString();
+    const res = this.verifySignature(content, json.signature, publicKey);
+    this.checked = true;
+    if (!res) {
+      logger.warn("授权校验失败");
+      return this.setPlus(false);
+    }
+    return this.setPlus(true);
+  }
+
+  verifySignature(content: string, signature: any, publicKey: string) {
+    const verify = createVerify("RSA-SHA256");
+    verify.update(content);
+    return verify.verify(publicKey, signature, "base64");
+  }
+}
+
+const verifier = new LicenseVerifier();
+
+export function isPlus() {
+  return holder.isPlus;
+}
+
+export async function verify(req: LicenseVerifyReq) {
+  return await verifier.reVerify(req);
+}
--- a/packages/core/pipeline/src/core/run-history.ts
+++ b/packages/core/pipeline/src/core/run-history.ts
@@ -1,6 +1,6 @@
-import { Context, HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { buildLogger } from "../utils/util.log";
+import { Context, HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { buildLogger } from "../utils/util.log.js";
 import { Logger } from "log4js";

 export type HistoryStatus = {
--- a/packages/core/pipeline/src/core/storage.ts
+++ b/packages/core/pipeline/src/core/storage.ts
@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import { fileUtils } from "../utils/util.file";
+import { fileUtils } from "../utils/util.file.js";

 export interface IStorage {
  get(scope: string, namespace: string, version: string, key: string): Promise<string | null>;
--- a/packages/core/pipeline/src/d.ts/pipeline.ts
+++ b/packages/core/pipeline/src/d.ts/pipeline.ts
@@ -70,6 +70,7 @@ export type Runnable = {
  default?: {
    [key: string]: any;
  };
+  context?: Context;
 };

 export type EmailOptions = {
--- a/packages/core/pipeline/src/decorator/common.ts
+++ b/packages/core/pipeline/src/decorator/common.ts
@@ -1,4 +1,4 @@
-import { Decorator } from "./index";
+import { Decorator } from "./index.js";

 export type AutowireProp = {
  name?: string;
--- a/packages/core/pipeline/src/decorator/index.ts
+++ b/packages/core/pipeline/src/decorator/index.ts
@@ -1,2 +1,2 @@
-export * from "./utils";
-export * from "./common";
+export * from "./utils.js";
+export * from "./common.js";
--- a/packages/core/pipeline/src/decorator/utils.ts
+++ b/packages/core/pipeline/src/decorator/utils.ts
@@ -1,4 +1,4 @@
-import _ from "lodash";
+import _ from "lodash-es";

 const propertyMap: any = {};
 function attachProperty(target: any, propertyKey: string | symbol) {
@@ -11,7 +11,11 @@ function attachProperty(target: any, propertyKey: string | symbol) {
 }

 function getClassProperties(target: any) {
-  return propertyMap[target] || {};
+  //获取父类
+  const parent = Object.getPrototypeOf(target);
+  const parentMap = propertyMap[parent] || {};
+  const current = propertyMap[target] || {};
+  return _.merge({}, parentMap, current);
 }

 function target(target: any, propertyKey?: string | symbol) {
@@ -25,7 +29,7 @@ function target(target: any, propertyKey?: string | symbol) {
 }

 function inject(define: any, instance: any, context: any, preHandler?: (item: any, key: string, instance: any, context: any) => void) {
-  _.forEach(define, (item, key) => {
+  _.forEach(define, (item: any, key: any) => {
    if (preHandler) {
      preHandler(item, key, instance, context);
    }
--- a/packages/core/pipeline/src/dt/fast-crud.ts
+++ b/packages/core/pipeline/src/dt/fast-crud.ts
@@ -0,0 +1,115 @@
+/**
+ * [x]-col的配置
+ */
+export type ColProps = {
+  span?: number;
+  [props: string]: any;
+};
+
+export type FormItemProps = {
+  /**
+   * 字段label
+   */
+  title?: string;
+  /**
+   * 表单字段组件配置
+   */
+  component?: ComponentProps;
+  /**
+   * 表单字段 [a|el|n]-col的配置
+   * 一般用来配置跨列：{span:24} 占满一行
+   */
+  col?: ColProps;
+  /**
+   * 默认值
+   */
+  value?: any;
+  /**
+   * 帮助提示配置
+   */
+  helper?: string | FormItemHelperProps;
+  /**
+   * 排序号
+   */
+  order?: number;
+  /**
+   * 是否显示此字段
+   */
+  show?: boolean;
+  /**
+   * 是否是空白占位栏
+   */
+  blank?: boolean;
+
+  [key: string]: any;
+};
+
+/**
+ * 表单字段帮助说明配置
+ */
+export type FormItemHelperProps = {
+  /**
+   * 自定义渲染帮助说明
+   * @param scope
+   */
+  render?: (scope: any) => any;
+  /**
+   * 帮助文本
+   */
+  text?: string;
+  /**
+   * 帮助说明所在的位置，[ undefined | label]
+   */
+  position?: string;
+  /**
+   * [a|el|n]-tooltip配置
+   */
+  tooltip?: object;
+
+  [key: string]: any;
+};
+
+/**
+ * 组件配置
+ */
+export type ComponentProps = {
+  /**
+   * 组件的名称
+   */
+  name?: string | object;
+  /**
+   * vmodel绑定的目标属性名
+   */
+  vModel?: string;
+
+  /**
+   * 当原始组件名的参数被以上属性名占用时，可以配置在这里
+   * 例如:原始组件有一个叫name的属性，你想要配置它，则可以按如下配置
+   * ```
+   * component:{
+   *   name:"组件的名称"
+   *   props:{
+   *     name:"组件的name属性"  <-----------
+   *   }
+   * }
+   * ```
+   */
+  props?: {
+    [key: string]: any;
+  };
+
+  /**
+   * 组件事件监听
+   */
+  on?: {
+    [key: string]: (context?: any) => void;
+  };
+
+  /**
+   * 组件其他参数
+   * 事件：onXxx:(event)=>void 组件原始事件监听
+   *      on.onXxx:(context)=>void 组件事件监听(对原始事件包装)
+   * 样式：style、class等
+   */
+  [key: string]: any;
+};
--- a/packages/core/pipeline/src/dt/index.ts
+++ b/packages/core/pipeline/src/dt/index.ts
@@ -0,0 +1,2 @@
+export * from "./pipeline.js";
+export * from "./fast-crud.js";
--- a/packages/core/pipeline/src/dt/pipeline.ts
+++ b/packages/core/pipeline/src/dt/pipeline.ts
@@ -0,0 +1,139 @@
+export enum RunStrategy {
+  AlwaysRun,
+  SkipWhenSucceed,
+}
+
+export enum ConcurrencyStrategy {
+  Serial,
+  Parallel,
+}
+
+export enum NextStrategy {
+  AllSuccess,
+  OneSuccess,
+}
+
+export enum HandlerType {
+  //清空后续任务的状态
+  ClearFollowStatus,
+  SendEmail,
+}
+
+export type EventHandler = {
+  type: HandlerType;
+  params: {
+    [key: string]: any;
+  };
+};
+
+export type RunnableStrategy = {
+  runStrategy?: RunStrategy;
+  onSuccess?: EventHandler[];
+  onError?: EventHandler[];
+};
+
+export type Step = Runnable & {
+  type: string; //插件类型
+  input: {
+    [key: string]: any;
+  };
+};
+export type Task = Runnable & {
+  steps: Step[];
+};
+
+export type Stage = Runnable & {
+  tasks: Task[];
+  concurrency: ConcurrencyStrategy;
+  next: NextStrategy;
+};
+
+export type Trigger = {
+  id: string;
+  title: string;
+  cron: string;
+  type: string;
+};
+
+export type FileItem = {
+  id: string;
+  filename: string;
+  path: string;
+};
+export type Runnable = {
+  id: string;
+  title: string;
+  strategy?: RunnableStrategy;
+  runnableType?: string; // pipeline, stage, task , step
+  status?: HistoryResult;
+  timeout?: number;
+  default?: {
+    [key: string]: any;
+  };
+};
+
+export type EmailOptions = {
+  receivers: string[];
+};
+export type NotificationWhen = "error" | "success" | "turnToSuccess" | "start";
+export type NotificationType = "email" | "url";
+export type Notification = {
+  type: NotificationType;
+  when: NotificationWhen[];
+  options: EmailOptions;
+};
+
+export type Pipeline = Runnable & {
+  version?: number;
+  userId: any;
+  stages: Stage[];
+  triggers: Trigger[];
+  notifications?: Notification[];
+};
+
+export type Context = {
+  [key: string]: any;
+};
+
+export type Log = {
+  title: string;
+  time: number;
+  level: string;
+  text: string;
+};
+
+export enum ResultType {
+  start = "start",
+  success = "success",
+  error = "error",
+  canceled = "canceled",
+  skip = "skip",
+  none = "none",
+}
+
+export type HistoryResultGroup = {
+  [key: string]: {
+    runnable: Runnable;
+    res: HistoryResult;
+  };
+};
+export type HistoryResult = {
+  input: any;
+  output: any;
+  files?: FileItem[];
+  /**
+   * 任务状态
+   */
+  status: ResultType;
+  startTime: number;
+  endTime?: number;
+  /**
+   * 处理结果
+   */
+  result?: ResultType; //success, error,skip
+  message?: string;
+};
+
+export type RunnableMap = {
+  [id: string]: Runnable;
+};
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 :30
 :55