v1.26.16

# Conflicts:
#	README.md

.github/workflows/build-image-for-test.yml

@@ -0,0 +1,79 @@
+name: build-image-for-test
+on:
+  push:
+    branches: ['v2-dev']
+    paths:
+      - "build-dev.trigger"
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  build-certd-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: v2-dev
+
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const pnpmWorkspace = "./pnpm-workspace.yaml";
+            fs.unlinkSync(pnpmWorkspace)
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+#      - name: Use Node.js
+#        uses: actions/setup-node@v4
+#        with:
+#          node-version: 18
+#          cache: 'npm'
+#        working-directory: ./packages/ui/certd-client
+      - run: |
+          npm install -g pnpm@8.15.7
+          pnpm install
+          npm run build
+        working-directory: ./packages/ui/certd-client
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to aliyun container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-shenzhen.aliyuncs.com
+          username: ${{ secrets.aliyun_cs_username }}
+          password: ${{ secrets.aliyun_cs_password }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.dockerhub_username }}
+          password: ${{ secrets.dockerhub_password }}
+
+      - name: Build default platforms
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-dev:latest
+            greper/certd-dev:latest
+

.github/workflows/build-image.yml

@@ -17,6 +17,8 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: get_certd_version
         id: get_certd_version

.github/workflows/deploy-demo.yml

@@ -2,8 +2,8 @@ name: deploy-demo
 on:
   push:
     branches: ['v2-dev']
-#    paths:
-#      - "deploy.trigger"
+    paths:
+      - "deploy.trigger"
   workflow_run:
     workflows: [ "build-image" ]
     types:
@@ -21,6 +21,9 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: v2-dev
       - name: get_certd_version
         id: get_certd_version
         uses: actions/github-script@v6
@@ -37,8 +40,7 @@ jobs:
       - uses: GuillaumeFalourd/wait-sleep-action@v1
         with:
           time: '10' # for 60 seconds
-      - name: Send HTTP request
-        id: request
+      - name: deploy-certd-demo
         uses: tyrrrz/action-http-request@master
         with:
           url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
@@ -52,4 +54,14 @@ jobs:
           retry-count: 3
           retry-delay: 5000
 
-
+      - name: deploy-certd-doc
+        uses: tyrrrz/action-http-request@master
+        with:
+          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
+          method: POST
+          body: |
+            {}
+          headers: |
+            Content-Type: application/json
+          retry-count: 3
+          retry-delay: 5000

.github/workflows/sync-to-gitee-dev.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email

.github/workflows/sync-to-gitee.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email

CHANGELOG.md

@@ -3,6 +3,83 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Bug Fixes
+
+* 修复lego No help topic for 错误 ([aaaf8d7](https://github.com/certd/certd/commit/aaaf8d7db34896cf8f2ff8f12eec1ab0cae58f0f))
+
+### Performance Improvements
+
+* 支持白山云cdn部署 ([b1b2cd0](https://github.com/certd/certd/commit/b1b2cd088b684eda764962abd61754c26a204d1c))
+* 支持华为云cdn ([81a3fdb](https://github.com/certd/certd/commit/81a3fdbc29b71f380762008cc151493ec97458f9))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Bug Fixes
+
+* 顶部菜单变...的bug ([6dabad7](https://github.com/certd/certd/commit/6dabad76baba96be0f8af36a3fbfb9f5182aecf1))
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+* 授权加密支持解密查看 ([5575c83](https://github.com/certd/certd/commit/5575c839705f6987ad2bdcd33256b0962c6a9c6a))
+* 重置管理员密码同时启用管理员账户，避免之前禁用了，重置密码还是登录不进去 ([f92d918](https://github.com/certd/certd/commit/f92d918a1e28e29b794ad4754661ea760c18af46))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复阿里云部署大杀器报插件_还未注册错误的bug ([abd2dcf](https://github.com/certd/certd/commit/abd2dcf2e85a545321bae6451406d081f773b132))
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/certd/certd/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+### Performance Improvements
+
+* 顶部菜单自定义 ([54d136c](https://github.com/certd/certd/commit/54d136cc6ae122f7c891b7a5c7232fe5de8e5cb5))
+* 禁用readonly用户 ([d10d42e](https://github.com/certd/certd/commit/d10d42e20619bb55a50d636b8867ff33db4e3b4b))
+* 限制其他用户流水线数量 ([315e437](https://github.com/certd/certd/commit/315e43746baf01682737f82e41579237a48409af))
+* 用户管理优化头像上传 ([661293c](https://github.com/certd/certd/commit/661293c189a3abf3cdc953b5225192372f57930d))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+### Bug Fixes
+
+* 修复对话框全屏按钮与关闭按钮重叠的bug ([95df56c](https://github.com/certd/certd/commit/95df56cc5ca5e3eb843cd17cb7078cde47729f1e))
+* deprecated的运行时不要报错，只报警告 ([bcbefaa](https://github.com/certd/certd/commit/bcbefaaa35cf6d0eec085b3a2c5bfc7c6a8de9e1))
+
+### Performance Improvements
+
+* 更新certd本身的证书文档说明 ([0c50ede](https://github.com/certd/certd/commit/0c50ede129337b82df54575cbd2f4c2a783a0732))
+* 支持同时监听https端口，7002 ([d5a17f9](https://github.com/certd/certd/commit/d5a17f9e6afd63fda2df0981118480f25a1fac2e))
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+### Performance Improvements
+
+* 部署到阿里云任意云资源，阿里云部署大杀器 ([4075be7](https://github.com/certd/certd/commit/4075be7849b140acb92bd8da8a9acbf4eef85180))
+* 文件名特殊字符限制输入 ([c4164c6](https://github.com/certd/certd/commit/c4164c66e29f3ec799f98108a344806ca61e94ff))
+* 新增部署到百度云CDN插件 ([f126f9f](https://github.com/certd/certd/commit/f126f9f932d37fa01fff1accc7bdd17d349f8db5))
+* 新增部署到腾讯云CDN-v2，推荐使用 ([d782655](https://github.com/certd/certd/commit/d782655cb4dfbb74138178afbffeee76fc755115))
+* 优化cron选择器，增加下次触发时间显示 ([5b148b7](https://github.com/certd/certd/commit/5b148b7ed960ca6f7f5b733b2eadd56eeecbd4c2))
+* 支持部署到腾讯云COS ([a8a45d7](https://github.com/certd/certd/commit/a8a45d7f757820990e278533277a3deda5ba48f3))
+* 支持配置公共ZeroSSL授权 ([a90d1e6](https://github.com/certd/certd/commit/a90d1e68ee9cbc3705223457b8a86f071b150968))
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Bug Fixes
+
+* 申请证书没有使用到系统设置的http代理的bug ([3db216f](https://github.com/certd/certd/commit/3db216f515ba404cb4330fdab452971b22a50f08))
+* 修复移动任务后出现空阶段的bug ([4ea3edd](https://github.com/certd/certd/commit/4ea3edd59e93ca4f5b2e43b20dd4ef33909caddb))
+* 修复google证书*.xx.com与xx.com同时申请时报错的bug ([f8b99b8](https://github.com/certd/certd/commit/f8b99b81a23e7e9fd5e05ebd5caf355c41d67a90))
+* 允许七牛云cdn插件输入.号开头的通配符域名 ([18ee87d](https://github.com/certd/certd/commit/18ee87daff6eafc2201b58e28d85aafd3cb7a5b9))
+
+### Performance Improvements
+
+* 申请证书启用新的反代地址 ([a705182](https://github.com/certd/certd/commit/a705182b85e51157883e48f23463263793bf3c12))
+* 优化日志颜色 ([1291e98](https://github.com/certd/certd/commit/1291e98e821c5b1810aab7f0aebe3f5f5cd44a20))
+* 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。 ([41d9c3a](https://github.com/certd/certd/commit/41d9c3ac8398def541e65351cbe920d4a927182d))
+* 优化pfx密码密码输入框，让浏览器不自动填写密码 ([ffeede3](https://github.com/certd/certd/commit/ffeede38afa70c5ff6f2015516bead23d2c4df87))
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 ### Bug Fixes

README.md

@@ -13,10 +13,12 @@ Certd 是一个免费全自动申请和自动部署更新SSL证书的管理系
 * 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等，目前已支持30+部署插件）
 * 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 私有化部署，保障数据安全
+* 私有化部署，数据保存本地，镜像由Github Actions构建，过程公开透明
 * 支持sqlite，postgresql数据库
 
 
+
+
 ## 二、在线体验
 
 官方Demo地址，自助注册后体验    
@@ -27,6 +29,10 @@ https://certd.handsfree.work/
 > 包含敏感信息，务必自己本地部署进行生产使用
 
 ## 三、使用教程
+
+更多教程请访问文档网站 [certd.docmirror.cn](https://certd.docmirror.cn/)
+
+
 本案例演示，如何配置自动申请证书，并部署到阿里云CDN，然后快要到期前自动更新证书并重新部署     
 
 ![演示](packages/ui/certd-client/public/static/doc/images/5-view.png)
@@ -40,64 +46,20 @@ https://certd.handsfree.work/
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
 
 当前支持的部署插件列表
-![演示](./doc/images/plugins.png)
+![演示](./docs/images/plugins/list.png)
 
 ## 四、私有化部署
 
-由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全    
 
-### 4.1 宝塔面板一键部署
+您可以根据实际情况从如下方式中选择一种方式进行私有化部署：
 
-1. 安装宝塔面板，前往 [宝塔面板](https://www.bt.cn/u/CL3JHS) 官网，选择9.2.0以上正式版的脚本下载安装
+1. [宝塔面板方式部署](./install/baota/)
+2. [1Panel面板方式部署](./install/1panel/)
+2. [Docker方式部署](./install/docker/)
+3. [源码方式部署](./install/source/)
 
-2. 安装后登录宝塔面板，在菜单栏中点击 Docker，首次进入会提示安装Docker服务，点击立即安装，按提示完成安装
-
-3. 安装完成后在应用商店中找到`certd`（要先点右上角更新应用），点击安装，配置域名等基本信息即可完成安装
-
-### 4.2 宝塔面板容器编排部署
-
-[宝塔面板容器编排部署教程](./doc/deploy/baota/baota.md)
-
-### 4.3 Docker部署
-#### 1. 安装docker、docker-compose
-
-1.1 准备一台云服务器
-* 【阿里云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://www.aliyun.com/benefit?scm=20140722.M_10244282._.V_1&source=5176.11533457&userCode=qya11txb )】
-* 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
-
-1.2 安装docker      
-
-https://docs.docker.com/engine/install/   
-选择对应的操作系统，按照官方文档执行命令即可   
-
-#### 2. 运行certd
-
-[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
-
-当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
-
-```bash
-# 随便创建一个目录
-mkdir certd
-# 进入目录
-cd certd
-# 下载docker-compose.yaml文件，或者手动下载放到certd目录下
-wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
-
-# 可以根据需要修改里面的配置
-# 1.修改镜像版本号【可选】
-# 2.配置数据保存路径【可选】
-# 3.修改端口号【可选】
-vi docker-compose.yaml # 【可选】
-
-# 启动certd
-docker compose up -d
-
-```
-> 如果提示 没有compose命令,请安装docker-compose   
-> https://docs.docker.com/compose/install/linux/
-
-#### 3. 镜像说明：
+#### Docker镜像说明：
 * 国内镜像地址:
   * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
   * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`、`[version]-armv7`
@@ -109,25 +71,7 @@ docker compose up -d
 * 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
   * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
 
-![](./doc/images/action-build.jpg)
-
-#### 4. 访问测试
-
-http://your_server_ip:7001    
-默认账号密码：admin/123456    
-记得修改密码   
-
-### 4.4 源码部署
-```shell
-# 克隆代码
-git clone https://github.com/certd/certd
-git checkout v1.26.7  # 这里换成最新版本号
-cd certd
-# 启动服务
-./start.sh  
-# 数据默认保存在 ./packages/ui/certd-server/data 目录下,注意数据备份
-```
-如果是windows，请先安装`git for windows` ，然后右键，选择`open git bash here`打开终端，再执行`./start.sh`命令
+![](./docs/images/action/action-build.jpg)
 
 
 ## 五、 升级
@@ -151,7 +95,7 @@ docker compose up -d
 
 
 ## 六、一些说明
-* 本项目ssl证书提供商为letencrypt
+* 本项目ssl证书提供商为letencrypt/Google/ZeroSSL
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
   * http-01： 在网站根目录下放置一份txt文件
@@ -165,48 +109,26 @@ docker compose up -d
 
 ## 七、不同平台的设置说明
 
-* [Cloudflare](./docs/plugins/cf/cf.md)
-* [腾讯云](./docs/plugins/tencent/tencent.md)
-* [windows主机](./docs/plugins/host/host.md)
-* [google证书](./docs/plugins/google/google.md)
-* [群晖部署certd及证书更新教程](./docs/plugins/synology/index.md)
-
-* [CNAME证书校验方式说明](./docs/feature/cname/index.md)
+* 已迁移到新的文档网站，请到常见问题章节查看
+* [最新文档站链接 https://certd.docmirror.cn](https://certd.docmirror.cn/)
 
 ## 八、问题处理
 ### 7.1 忘记管理员密码   
-解决方法如下：
-1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPasswd`改为`true`
-```yaml
-services:
-  certd:
-    environment: # 环境变量
-      - certd_system_resetAdminPasswd=false
-```
-2. 重启容器
-```shell
-docker compose up -d
-docker logs -f --tail 500 certd
-# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
-```
-3. 修改docker-compose.yaml，将`certd_system_resetAdminPasswd`改回`false`
-4. 再次重启容器
-```shell
-docker compose up -d
-```
-5. 使用`admin/123456`登录系统，请及时修改管理员密码
+[重置管理员密码方法](https://certd.docmirror.cn/guide/use/forgotpasswd/)
 
 ## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
-* QQ群：141236433
-* 微信群：   
-  ![](https://ai.handsfree.work/images/exchange_wxqroup.png)
 
+| 加群 | 微信群 | QQ群 |
+|---------|-------|-------|
+| 二维码 | <img height="230" src="./docs/guide/contact/images/wx.png"> | <img height="230" src="./docs/guide/contact/images/qq.png"> |
+
+也可以加作者好友
+
+| 加作者好友 | 微信 QQ                                                       |
+|---------|-------------------------------------------------------------|
+| 二维码 | <img height="230" src="./docs/guide/contact/images/me.png"> |
 
-加作者好友
-<p align="center">
-<img height="230" src="./doc/images/me.png">
-</p>
 
 ## 十、捐赠
 ************************
@@ -222,18 +144,18 @@ https://afdian.com/a/greper
 
 专业版特权对比
 
-| 功能      | 免费版                    | 专业版                   |
-|---------|------------------------|-----------------------|
-| 免费证书申请  | 免费无限制                  | 免费无限制                 |
-| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中 |
-| 发邮件功能   | 需要配置                   | 免配置                   |
-| 证书流水线条数 | 10条                    | 无限制                   |
+| 功能      | 免费版               | 专业版                   |
+|---------|-------------------|-----------------------|
+| 免费证书申请  | 免费无限制             | 免费无限制                 |
+| 自动部署插件  | 阿里云、腾讯云、七牛云、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中 |
+| 发邮件功能   | 需要配置              | 免配置                   |
+| 证书流水线条数 | 10条               | 无限制                   |
 
 ************************
 
 ## 十一、贡献代码
 
-1. 本地开发 [贡献插件教程](./doc/dev/development.md)
+1. 本地开发 [贡献插件教程](https://certd.docmirror.cn/guide/development/)
 2. 作为贡献者，代表您同意您贡献的代码如下许可：
    1. 可以调整开源协议以使其更严格或更宽松。
    2. 可以用于商业用途。
@@ -247,9 +169,12 @@ https://afdian.com/a/greper
 * 如需商业授权，请联系作者。
 
 ## 十三、我的其他项目（求Star）
-* [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
-* [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
-* [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
+
+| 项目名称                                                    | stars                                                                                                 | 项目描述                              | 
+|---------------------------------------------------------|-------------------------------------------------------------------------------------------------------|-----------------------------------|
+| [袖手AI](https://ai.handsfree.work/)                    |                                                                                                       | 袖手GPT，国内可用，无需FQ，每日免费额度            | 
+| [fast-crud](https://gitee.com/fast-crud/fast-crud/)     | <img alt="GitHub stars" src="https://img.shields.io/github/stars/fast-crud/fast-crud?logo=github"/>   | 基于vue3的crud快速开发框架                 |  
+| [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | 直连访问github工具，无需FQ，解决github无法访问的问题 |                       
 
 
 

build-dev.trigger

@@ -0,0 +1 @@
+21:59

build.trigger

@@ -1 +1 @@
-03:13
+21:59

doc/deploy/baota/baota.md

@@ -1,32 +0,0 @@
-# 宝塔部署教程
-
-## 编排模版部署
-
-### 创建docker模版
-打开docker-compose.yaml，
-https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
-
-整个内容复制下来
-
-然后到宝塔里面进到docker的编排模版，新建模版
-![](./images/1.png)
-
-### 启动应用
-
-![img.png](./images/2.png)
-
-等待启动完成
-
-### 打开应用
-
-http://ip:7001
-
-
-## 二、一键应用部署
-需要宝塔9.2.0版本
-
-### 应用商店
-进入应用商店，更新应用列表
-
-### 搜索certd
-点击安装

doc/dev/development.md

@@ -1,96 +0,0 @@
-# 本地开发
-欢迎贡献插件
-
-## 1.本地调试运行
-
-### 克隆代码
-```shell
-
-# 克隆代码
-git clone https://github.com/certd/certd
-
-#进入项目目录
-cd certd
-
-# 切换到最新版本代码
-git checkout v1.26.7  # 这里换成最新版本号
-
-```
-
-### 修改pnpm-workspace.yaml文件     
-重要：否则无法正确加载专业版的access和plugin
-```yaml
-# pnpm-workspace.yaml
-packages:
-   - 'packages/**'  # <--------------注释掉这一行，PR时不要提交此修改
-   - 'packages/ui/**'
-```
-
-### 安装依赖和初始化:
-```shell
-# 安装pnpm，如果提示npm命令不存在，就需要先安装nodejs
-npm install -g pnpm@8.15.7 --registry=https://registry.npmmirror.com
-
-# 使用国内镜像源，如果有代理，就不需要
-pnpm config set registry https://registry.npmmirror.com
-# 安装依赖
-pnpm install
-
-# 初始化构建
-npm run init
-```
-
-### 启动 server:    
-```shell
-cd packages/ui/certd-server
-npm run dev
-```
-
-### 启动 client:    
-```shell
-cd packages/ui/certd-client
-npm run dev
-
-# 会自动打开浏览器，确认正常运行
-
-```
-
-## 开发插件
-进入 `packages/ui/certd-server/src/plugins`
-
-### 1.复制`plugin-demo`目录作为你的插件目录
-比如你想做`cloudflare`的插件，那么你可以复制`plugin-demo`目录，将其命名成`plugin-cloudflare`。   
-以下均以`plugin-cloudflare`为例进行说明，你需要将其替换成你的插件名称
-
-### 2. access授权
-如果这是一个新的平台，它应该有授权方式，比如accessKey accessSecret之类的     
-参考`plugin-cloudflare/access.ts` 修改为你要做的平台的`access`
-这样用户就可以在`certd`后台中创建这种授权凭证了
-
-### 3. dns-provider
-如果域名是这个平台进行解析的，那么你需要实现dns-provider，（申请证书需要）    
-参考`plugin-cloudflare/dns-provider.ts` 修改为你要做的平台的`dns-provider`
-
-### 4. plugin-deploy
-如果这个平台有需要部署证书的地方     
-参考`plugin-cloudflare/plugins/plugin-deploy-to-xx.ts` 修改为你要做的平台的`plugin-deploy-to-xx`
-
-### 5. 增加导入
-在`plugin-cloudflare/index.ts`中增加你的插件的`import`
-```ts
-export * from './dns-provider'
-export * from './access'
-export * from './plugins/plugin-deploy-to-xx'
-````
-
-在`./src/plugins/index.ts`中增加`import`
-
-```ts
-export * from "./plugin-cloudflare.js"
-```
-
-## 重启服务进行调试
-刷新浏览器，检查你的插件是否工作正常， 确保能够正常进行证书申请和部署    
-
-## 提交PR
-我们将尽快审核PR

docker/run/docker-compose.yaml

@@ -11,6 +11,8 @@ services:
     ports: # 端口映射
       #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号
       - "7001:7001"
+      #  ↓↓↓↓ ---------------------------------------------------------- https端口，可以根据实际情况，是否暴露相关服务端口
+      - "7002:7002"
     dns:
       #  ↓↓↓↓ ---------------------------------------------------------- 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
       - 223.5.5.5
@@ -26,18 +28,14 @@ services:
       # 设置环境变量即可自定义certd配置
       # 配置项见： packages/ui/certd-server/src/config/config.default.ts
       # 配置规则： certd_ + 配置项, 点号用_代替
-
-                           #  ↓↓↓↓  ------------------------------------ 这里可以设置http代理
-      #- HTTPS_PROXY=http://xxxxxx:xx
-      #- HTTP_PROXY=http://xxxxxx:xx
       #                               ↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
       - certd_system_resetAdminPasswd=false
-      #                                  ↓↓↓↓ -------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次
-      - certd_cron_immediateTriggerOnce=false
-      #                            ↓↓↓↓ -------------------------------- 配置证书和key，则表示https方式启动，使用https协议访问，https://your.domain:7001
-      #- certd_koa_key=./data/ssl/cert.key
-      #- certd_koa_cert=./data/ssl/cert.crt
-
+      #                            ↓↓↓↓ -------------------------------- 默认同时启动https，https访问地址https://your.domain:7002
+      #- certd_https_key=./data/ssl/cert.key
+      #- certd_https_cert=./data/ssl/cert.crt
+      #- certd_https_enabled=true
+      #- certd_https_port=7002
+      -
       #                             ↓↓↓↓ ------------------------------- 使用postgresql数据库
 #      - certd_flyway_scriptDir=./db/migration-pg               # 升级脚本目录
 #      - certd_typeorm_dataSource_default_type=postgres         # 数据库类型

docs/.vitepress/config.ts

@@ -5,7 +5,7 @@ import lightbox from "vitepress-plugin-lightbox";
 // https://vitepress.dev/reference/site-config
 export default defineConfig({
   title: "Certd",
-  description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
+  description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；证书自动化申请部署流水线；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
   markdown: {
     config: (md) => {
       // Use lightbox plugin
@@ -23,12 +23,11 @@ export default defineConfig({
     // ],
     ["meta", {
       name: "keywords",
-      content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署"
-    }],
-    ["meta", {
-      name: "google-site-verification",
-      content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"
+      content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署,SSL平台，证书管理平台，证书流水线"
     }],
+    ["meta", { name: "google-site-verification",content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"}],
+      //<meta name="baidu-site-verification" content="codeva-MiWN8Y07Ua" />
+    ["meta", {name: "baidu-site-verification",content: "codeva-MiWN8Y07Ua"}],
     ["link", { rel: "icon", href: "/static/logo/logo.svg" }]
   ],
   themeConfig: {
@@ -95,8 +94,10 @@ export default defineConfig({
             { text: "腾讯云密钥获取", link: "/guide/use/tencent/" },
             { text: "连接windows主机", link: "/guide/use/host/windows.md" },
             { text: "Google EAB获取", link: "/guide/use/google/" },
+            { text: "阿里云相关", link: "/guide/use/aliyun/" },
             { text: "忘记密码", link: "/guide/use/forgotpasswd/" },
             { text: "数据备份", link: "/guide/use/backup/" },
+            { text: "Certd本身的证书更新", link: "/guide/use/https/index.md" },
             { text: "如何贡献代码", link: "/guide/development/index.md" },
           ]
         },

docs/guide/contact/index.md

@@ -2,19 +2,14 @@
 
 ## 1. 交流群
 如有疑问，欢迎加入群聊（请备注certd）
-###  QQ群：141236433    
-<p align="center">
-<img height="230" src="./images/qq.png">
-</p>
-
-
-### 微信群： 
-<p align="center">
-<img height="230" src="./images/wx.png">
-</p>
+如有疑问，欢迎加入群聊（请备注certd）
 
+| 加群 | 微信群 | QQ群 |
+|---------|-------|-------|
+| 二维码 | <img height="230" src="./images/wx.png"> | <img height="230" src="./images/qq.png"> |
 
 ## 2. 加作者好友
-<p align="center">
-<img height="230" src="./images/me.png">
-</p>
+
+| 加作者好友 | 微信 QQ                                                       |
+|---------|-------------------------------------------------------------|
+| 二维码 | <img height="230" src="./images/me.png"> |

docs/guide/feature/cname/index.md

@@ -20,7 +20,7 @@ _acme-challenge.cert.com ---> xxxxx.cname.proxy.com ----> txt-record-abcdefg
 ```
 * 证书颁发机构就可以从`_acme-challenge.cert.com`查到TXT记录 `txt-record-abcdefg`，从而完成域名所有权校验。
 * 以上可以看出 `xxxxx.cname.proxy.com ----> txt-record-abcdefg` 这一段`Certd`可以自动添加的。
-* 剩下的只需要在你的`proxy.com`域名中手动添加一条固定的`CNAME解析`即可
+* 剩下的只需要在你的`cert.com`域名中手动添加一条固定的`CNAME解析`即可
                          
 
 ## 3. Certd CNAME使用步骤
@@ -36,6 +36,7 @@ _acme-challenge.cert.com ---> xxxxx.cname.proxy.com ----> txt-record-abcdefg
    ![](./images/cname3.png)
    ![](./images/cname4.png)
 4. 申请过程中，Certd会在`xxxxxx.cname.proxy.com`下自动添加TXT记录。 
+5. 到此即可自动化申请证书了
 
 
 

docs/guide/index.md

@@ -28,3 +28,7 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署
 
+## 三、证书颁发机构对比
+* Let's Encrypt：申请最简单。
+* Google: 大厂光环，兼容性好，需要翻墙获取EAB。
+* ZeroSSL： 有数量限制，获取EAB无需翻墙。

docs/guide/install/1panel/index.md

@@ -23,8 +23,11 @@ https://1panel.cn/docs/installation/online_installation/
 
 3. 访问测试
 
-http://ip:7001
-
+http://ip:7001   
+https://ip:7002   
+默认账号密码      
+admin/123456     
+登录后请及时修改密码  
 
 ## 三、升级
 
@@ -42,3 +45,7 @@ http://ip:7001
 
 > 默认数据保存在`/data/certd`目录下，可以手动备份    
 > 建议配置一条 [数据库备份流水线](../../use/backup/)，自动备份
+
+## 五、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/baota/index.md

@@ -31,19 +31,26 @@
 
 ## 二、访问应用
 
-http://ip:7001
-
+http://ip:7001    
+https://ip:7002     
+默认账号密码    
+admin/123456   
+登录后请及时修改密码
 
 ## 三、如何升级
 
-### 1. 通用方式
+### 1. 应用商店安装，直接更新镜像即可
 
-先主机上拉取最新镜像，然后面板上重启容器
+![img.png](./images/upgrade.png)
+
+
+### 2. latest更新方式
+在主机上拉取最新镜像，然后面板上重启容器
 ```shell
 docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 ```
 
-### 2. 固定版本号方式
+### 3. 固定版本号方式
 
 修改容器编排模版中的镜像版本号，然后面板上重启容器
 ```shell
@@ -71,3 +78,7 @@ services:
 ### 4.3 自动备份
 
 > 建议配置一条 [数据库备份流水线](../../use/backup/)，自动备份
+
+## 五、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/docker/index.md

@@ -45,9 +45,10 @@ docker compose up -d
 
 ### 3. 访问测试
 
-http://your_server_ip:7001    
-默认账号密码：admin/123456    
-记得修改密码
+http://your_server_ip:7001   
+https://your_server_ip:7002   
+默认账号密码：admin/123456     
+记得修改密码  
 
 
 ## 二、升级
@@ -64,6 +65,10 @@ docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 docker compose down
 docker compose up -d
 ```
-
+## 三、数据备份
 > 数据默认存在`/data/certd`目录下，不用担心数据丢失   
 > 建议配置一条[数据库备份流水线](../../use/backup/) 自动备份
+
+## 四、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/source/index.md

@@ -17,7 +17,8 @@ cd certd
 
 ### 访问测试
 
-http://your_server_ip:7001    
+http://your_server_ip:7001  
+https://your_server_ip:7002   
 默认账号密码：admin/123456    
 记得修改密码
 
@@ -33,8 +34,12 @@ kill -9 $(lsof -t -i:7001)
 # 重新编译启动
 ./start.sh
 ```
+
+## 三、数据备份
 > 数据默认保存在 `./packages/ui/certd-server/data` 目录下    
 > 建议配置一条[数据库备份流水线](../../use/backup/)  自动备份
 
 
+## 四、备份恢复
 
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/start.md

@@ -25,7 +25,8 @@ https://certd.handsfree.work/
 
 ### 2. 访问测试
 
-http://your_server_ip:7001    
+http://your_server_ip:7001   
+https://your_server_ip:7002    
 默认账号密码：admin/123456    
 记得修改密码
 

docs/guide/use/aliyun/index.md

@@ -0,0 +1,11 @@
+# 阿里云相关
+
+
+## 阿里云客户端请求超时配置
+
+配置环境变量
+```shell
+ALIYUN_CLIENT_CONNECT_TIMEOUT=10000 # 连接超时，单位毫秒
+ALIYUN_CLIENT_READ_TIMEOUT=10000 #读取数据超时，单位毫秒
+
+```

docs/guide/use/backup/index.md

@@ -1,5 +1,17 @@
 # 数据库自动备份
 
+## 一、手动备份
+数据库文件根据不同的部署方式保存的位置不一样，您可以手动复制出来进行备份
+
+* docker： 默认保存在`/data/certd/db.sqlite`
+* 源码： 默认保存在 `./packages/ui/certd-server/data/db.sqlite`
+* 宝塔： [手动数据备份位置](https://certd.docmirror.cn/guide/install/baota/#%E5%9B%9B%E3%80%81%E6%95%B0%E6%8D%AE%E5%A4%87%E4%BB%BD) 
+* 1panel:  默认保存在`/data/certd/db.sqlite`
+
+
+## 二、自动备份
+通过配置数据库自动备份流水线实现数据备份
+
 ## 1. 创建自动备份流水线
 ![](./images/1.png)
 
@@ -7,7 +19,12 @@
 ![](./images/2.png)
 
 ## 3. 选择备份方法
-![img.png](./images/3.png)
+![](./images/3.png)
 
 ## 4. 配置定时和失败通知
-![img.png](./images/4.png)
+![](./images/4.png)
+
+
+## 三、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/use/host/windows.md

@@ -4,7 +4,10 @@
 
 ## windows开启OpenSSH Server
 ### 1. 安装OpenSSH Server    
-请前往Microsoft官方文档查看如何开启openSSH    
+
+* 下载安装包安装： https://github.com/PowerShell/Win32-OpenSSH/releases  OpenSSH-Win64-vxx.xx.x.msi
+
+* 前往Microsoft官方文档查看如何开启openSSH，以及其他设置    
 https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#install-openssh-for-windows
 
 ### 2. 启动OpenSSH Server服务

docs/guide/use/https/index.md

@@ -0,0 +1,38 @@
+# Certd本身的https证书配置
+
+## 一、启用https
+
+`Certd`默认启用https，监听7002端口    
+如果你想关闭https，或者修改端口，可以在环境变量中配置
+```shell
+CERTD_HTTPS_ENABLE=true
+CERTD_HTTPS_port=7002
+
+```
+
+## 二、自动更新Certd的https证书
+
+### 1、创建证书流水线
+
+参考Certd顶部的创建证书流水线教程
+
+### 2、配置复制到本机任务
+将证书复制到certd的证书安装位置
+
+![](./images/1.png)
+![](./images/2.png)
+
+### 3、配置重启Certd任务
+重启certd的https server，让证书生效
+![img.png](./images/3.png)
+
+
+
+### 4、配置定时任务
+每天定时执行，最终效果如下
+
+![](./images/ok.png)
+
+:::warning   
+建议将本流水线的触发时间与其他流水线时间错开，避免重启时影响其他流水线的执行   
+:::

docs/guide/use/rerun/index.md

@@ -0,0 +1,5 @@
+# 如何强制重新执行任务
+
+## 强制重新执行任务
+
+![](./images/rerun.png)

docs/guide/use/synology/index.md

@@ -37,4 +37,22 @@
 * 群晖上已经设置好了证书(证书建议设置好描述，插件需要根据描述查找证书)
 
 ## 2. 在certd上配置自动更新群晖证书插件
-![](./images/deploy.png)
+![](./images/deploy.png)
+
+## 3. 配置任务参数
+![](./images/deploy1.png)
+
+## 4. 创建授权
+![](./images/deploy2.png)
+> 注意群晖上要做两个设置   
+
+![](./images/setting2.png)
+![](./images/setting1.png)
+
+## 5. 运行部署
+点击手动运行即可
+![](./images/deploy3.png)
+![](./images/deploy4.png)
+
+## 6. 配置通知和自动运行
+![](./images/notify.png)

docs/guide/use/tencent/index.md

@@ -6,3 +6,16 @@
 打开 https://console.cloud.tencent.com/cam/capi   
 然后按如下方式获取腾讯云的API密钥    
 ![](./tencent-access.png)
+
+
+## 如何避免收到腾讯云证书过期邮件
+
+腾讯云在证书有效期还剩28天时会发送过期通知邮件    
+您可以通过配置“腾讯云过期证书删除”任务来避免收到此类邮件。
+
+![](./images/delete.png)
+
+注意点：
+> 1. 选择腾讯云授权，需授权`服务角色SSL_QCSLinkedRoleInReplaceLoadCertificate`权限
+> 2. `1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数修改为35天，保证删除之前就已经替换掉即将过期证书
+![](./images/delete2.png)

docs/index.md

@@ -28,7 +28,7 @@ features:
   - title: 多域名、泛域名打到一个证书上
     details: 支持通配符域名/泛域名，支持多个域名打到一个证书上
   - title: 多证书格式支持
-    details: 支持pem、pfx、der等多种证书格式
+    details: 支持pem、pfx、der、jks等多种证书格式，支持Google、Letsencrypt、ZeroSSL证书颁发机构
   - title: 支持私有化部署
     details: 保障数据安全
   - title: 多数据库支持

docs/public/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Allow: /

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.26.10"
+  "version": "1.26.16"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,39 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/publishlab/node-acme-client/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.15](https://github.com/publishlab/node-acme-client/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.14](https://github.com/publishlab/node-acme-client/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/publishlab/node-acme-client/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+## [1.26.13](https://github.com/publishlab/node-acme-client/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.12](https://github.com/publishlab/node-acme-client/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.11](https://github.com/publishlab/node-acme-client/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Bug Fixes
+
+* 申请证书没有使用到系统设置的http代理的bug ([3db216f](https://github.com/publishlab/node-acme-client/commit/3db216f515ba404cb4330fdab452971b22a50f08))
+* 修复google证书*.xx.com与xx.com同时申请时报错的bug ([f8b99b8](https://github.com/publishlab/node-acme-client/commit/f8b99b81a23e7e9fd5e05ebd5caf355c41d67a90))
+
+### Performance Improvements
+
+* 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。 ([41d9c3a](https://github.com/publishlab/node-acme-client/commit/41d9c3ac8398def541e65351cbe920d4a927182d))
+
 ## [1.26.10](https://github.com/publishlab/node-acme-client/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.26.10",
+    "version": "1.26.16",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
@@ -20,6 +20,7 @@
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
         "debug": "^4.3.5",
+        "http-proxy-agent": "^7.0.2",
         "https-proxy-agent": "^7.0.5",
         "node-forge": "^1.3.1"
     },
@@ -59,5 +60,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+    "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/core/acme-client/src/agents.js

@@ -0,0 +1,94 @@
+const nodeHttp = require('node:http');
+const https = require('node:https');
+const { HttpProxyAgent } = require('http-proxy-agent');
+const { HttpsProxyAgent } = require('https-proxy-agent');
+const { log } = require('./logger');
+
+function createAgent(opts = {}) {
+    let httpAgent;
+    let
+        httpsAgent;
+    const httpProxy = opts.httpProxy || process.env.HTTP_PROXY || process.env.http_proxy;
+    if (httpProxy) {
+        log(`acme use httpProxy:${httpProxy}`);
+        httpAgent = new HttpProxyAgent(httpProxy, opts);
+    }
+    else {
+        httpAgent = new nodeHttp.Agent(opts);
+    }
+    const httpsProxy = opts.httpsProxy || process.env.HTTPS_PROXY || process.env.https_proxy;
+    if (httpsProxy) {
+        log(`acme use httpsProxy:${httpsProxy}`);
+        httpsAgent = new HttpsProxyAgent(httpsProxy, opts);
+    }
+    else {
+        httpsAgent = new https.Agent(opts);
+    }
+    return {
+        httpAgent,
+        httpsAgent,
+    };
+}
+
+let defaultAgents = createAgent();
+
+function getGlobalAgents() {
+    return defaultAgents;
+}
+
+function setGlobalProxy(opts) {
+    log('acme setGlobalProxy:', opts);
+    defaultAgents = createAgent(opts);
+}
+
+class HttpError extends Error {
+    constructor(error) {
+        super(error || error.message);
+        if (!error) {
+            return;
+        }
+
+        if (error.message.indexOf('ssl3_get_record:wrong version number') >= 0) {
+            this.message = 'http协议错误，服务端要求http协议，请检查是否使用了https请求';
+        }
+
+        this.name = error.name;
+        this.code = error.code;
+        this.cause = error.cause;
+
+        if (error.response) {
+            this.status = error.response.status;
+            this.statusText = error.response.statusText;
+            this.response = {
+                data: error.response.data,
+            };
+        }
+
+        let url = '';
+        if (error.config) {
+            this.request = {
+                baseURL: error.config.baseURL,
+                url: error.config.url,
+                method: error.config.method,
+                params: error.config.params,
+                data: error.config.data,
+            };
+            url = error.config.baseURL + error.config.url;
+        }
+        if (url) {
+            this.message = `${this.message}:${url}`;
+        }
+
+        delete error.response;
+        delete error.config;
+        delete error.request;
+        // logger.error(error);
+    }
+}
+
+module.exports = {
+    setGlobalProxy,
+    createAgent,
+    getGlobalAgents,
+    HttpError,
+};

packages/core/acme-client/src/api.js

@@ -30,6 +30,7 @@ class AcmeApi {
                 }
             }
         }
+        console.log(locationUrl, mapping);
         return locationUrl;
     }
 

packages/core/acme-client/src/auto.js

@@ -182,12 +182,19 @@ module.exports = async (client, userOpts) => {
 
     authorizations.forEach((authz) => {
         const d = authz.identifier.value;
+        log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`);
+
+        if (authz.status === 'valid') {
+            log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
+            return;
+        }
         let setd = false;
         // eslint-disable-next-line no-restricted-syntax
         for (const group of domainSets) {
             if (!group[d]) {
                 group[d] = authz;
                 setd = true;
+                break;
             }
         }
         if (!setd) {
@@ -197,6 +204,8 @@ module.exports = async (client, userOpts) => {
         }
     });
 
+    // log(`domainSets:${JSON.stringify(domainSets)}`);
+
     const allChallengePromises = [];
     // eslint-disable-next-line no-restricted-syntax
     for (const domainSet of domainSets) {
@@ -233,28 +242,52 @@ module.exports = async (client, userOpts) => {
         return Promise.all(results);
     }
 
-    log(`开始challenge，共${allChallengePromises.length}组`);
-    let i = 0;
-    // eslint-disable-next-line no-restricted-syntax
-    for (const challengePromises of allChallengePromises) {
-        i += 1;
-        log(`开始第${i}组`);
-        if (opts.signal && opts.signal.aborted) {
-            throw new Error('用户取消');
-        }
+    try {
+        log(`开始challenge，共${allChallengePromises.length}组`);
+        let i = 0;
+        // eslint-disable-next-line no-restricted-syntax
+        for (const challengePromises of allChallengePromises) {
+            i += 1;
+            log(`开始第${i}组`);
+            if (opts.signal && opts.signal.aborted) {
+                throw new Error('用户取消');
+            }
 
-        try {
-            // eslint-disable-next-line no-await-in-loop
-            await runPromisePa(challengePromises);
-        }
-        catch (e) {
-            log(`证书申请失败${e.message}`);
-            throw e;
-        }
-        finally {
-            log(`清理challenge痕迹，length:${clearTasks.length}`);
             try {
                 // eslint-disable-next-line no-await-in-loop
+                await runPromisePa(challengePromises);
+            }
+            catch (e) {
+                log(`证书申请失败${e.message}`);
+                throw e;
+            }
+            finally {
+                if (client.opts.sslProvider !== 'google') {
+                    // letsencrypt 如果同时检出两个TXT记录，会以第一个为准，就会校验失败，所以需要提前删除
+                    // zerossl 此方式测试无问题
+                    log(`清理challenge痕迹，length:${clearTasks.length}`);
+                    try {
+                        // eslint-disable-next-line no-await-in-loop
+                        await runAllPromise(clearTasks);
+                    }
+                    catch (e) {
+                        log('清理challenge失败');
+                        log(e);
+                    }
+                }
+            }
+        }
+    }
+    finally {
+        if (client.opts.sslProvider === 'google') {
+            // google 相同的域名txt记录是一样的，不能提前删除，否则校验失败，报错如下
+            //  Error: The TXT record retrieved from _acme-challenge.bbc.handsfree.work.
+            //  at the time the challenge was validated did not contain JshHVu7dt_DT6uYILWhokHefFVad2Q6Mw1L-fNZFcq8
+            //  (the base64url-encoded SHA-256 digest of RlJZNBR0LWnxNK_xd2zqtYVvCiNJOKJ3J1NmCjU_9BjaUJgL3k-qSpIhQ-uF4FBS.NRyqT8fRiq6THzzrvkgzgR5Xai2LsA2SyGLAq_wT3qc).
+            //  See https://tools.ietf.org/html/rfc8555#section-8.4 for more information.
+            log(`清理challenge痕迹，length:${clearTasks.length}`);
+            try {
+            // eslint-disable-next-line no-await-in-loop
                 await runAllPromise(clearTasks);
             }
             catch (e) {
@@ -263,6 +296,7 @@ module.exports = async (client, userOpts) => {
             }
         }
     }
+
     log('challenge结束');
 
     // log('[auto] Waiting for challenge valid status');

packages/core/acme-client/src/axios.js

@@ -1,11 +1,11 @@
 /**
  * Axios instance
  */
-
 const axios = require('axios');
 const { parseRetryAfterHeader } = require('./util');
 const { log } = require('./logger');
 const pkg = require('./../package.json');
+const Agents = require('./agents');
 
 const { AxiosError } = axios;
 
@@ -24,8 +24,8 @@ instance.defaults.acmeSettings = {
     httpsChallengePort: 443,
     tlsAlpnChallengePort: 443,
 
-    retryMaxAttempts: 5,
-    retryDefaultDelay: 5,
+    retryMaxAttempts: 3,
+    retryDefaultDelay: 3,
 };
 // instance.defaults.proxy = {
 //     host: '192.168.34.139',
@@ -56,19 +56,26 @@ function isRetryableError(error) {
 
 /* https://github.com/axios/axios/blob/main/lib/core/settle.js */
 function validateStatus(response) {
-    const validator = response.config.retryValidateStatus;
-
+    if (!response) {
+        return new Error('Response is undefined');
+    }
+    let validator = null;
+    if (response.config) {
+        validator = response.config.retryValidateStatus;
+    }
     if (!response.status || !validator || validator(response.status)) {
         return response;
     }
 
-    throw new AxiosError(
+    const err = new AxiosError(
         `Request failed with status code ${response.status}`,
         (Math.floor(response.status / 100) === 4) ? AxiosError.ERR_BAD_REQUEST : AxiosError.ERR_BAD_RESPONSE,
         response.config,
         response.request,
         response,
     );
+
+    throw new Agents.HttpError(err);
 }
 
 /* Pass all responses through the error interceptor */
@@ -76,8 +83,17 @@ instance.interceptors.request.use((config) => {
     if (!('retryValidateStatus' in config)) {
         config.retryValidateStatus = config.validateStatus;
     }
-
     config.validateStatus = () => false;
+
+    const agents = Agents.getGlobalAgents();
+    // if (config.skipSslVerify) {
+    //     logger.info('跳过SSL验证');
+    //     agents = createAgent({ rejectUnauthorized: false } as any);
+    // }
+    // delete config.skipSslVerify;
+    config.httpsAgent = agents.httpsAgent;
+    config.httpAgent = agents.httpAgent;
+    config.proxy = false; // 必须 否则还会走一层代理，
     return config;
 });
 
@@ -86,7 +102,7 @@ instance.interceptors.response.use(null, async (error) => {
     const { config, response } = error;
 
     if (!config) {
-        return Promise.reject(error);
+        return Promise.reject(new Agents.HttpError(error));
     }
 
     /* Pick up errors we want to retry */
@@ -115,6 +131,9 @@ instance.interceptors.response.use(null, async (error) => {
         }
     }
 
+    if (!response) {
+        return Promise.reject(new Agents.HttpError(error));
+    }
     /* Validate and return response */
     return validateStatus(response);
 });

packages/core/acme-client/src/client.js

@@ -558,6 +558,7 @@ class AcmeClient {
 
         const verifyFn = async (abort) => {
             if (this.opts.signal && this.opts.signal.aborted) {
+                abort();
                 throw new Error('用户取消');
             }
 

packages/core/acme-client/src/http.js

@@ -3,21 +3,9 @@
  */
 
 const { createHmac, createSign, constants: { RSA_PKCS1_PADDING } } = require('crypto');
-const { HttpsProxyAgent } = require('https-proxy-agent');
 const { getJwk } = require('./crypto');
 const { log } = require('./logger');
-const axios1 = require('./axios');
-
-const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
-let httpsAgent = null;
-if (httpsProxy) {
-    httpsAgent = new HttpsProxyAgent(httpsProxy);
-    log(`use https_proxy:${httpsProxy}`);
-}
-const axios = axios1.create({
-    proxy: false,
-    httpsAgent,
-});
+const axios = require('./axios');
 
 /**
  * ACME HTTP client

packages/core/acme-client/src/index.js

@@ -39,6 +39,7 @@ exports.forge = require('./crypto/forge');
  */
 
 exports.axios = require('./axios');
+exports.agents = require('./agents');
 
 /**
  * Logger

packages/core/acme-client/src/logger.js

@@ -22,7 +22,7 @@ exports.setLogger = (fn) => {
  * @param {string} msg Message
  */
 
-exports.log = (msg) => {
-    debug(msg);
-    logger(msg);
+exports.log = (...msg) => {
+    debug(...msg);
+    logger(...msg);
 };

packages/core/acme-client/types/index.d.ts

@@ -37,6 +37,7 @@ export type UrlMapping={
  */
 
 export interface ClientOptions {
+    sslProvider:string;
     directoryUrl: string;
     accountKey: PrivateKeyBuffer | PrivateKeyString;
     accountUrl?: string;
@@ -192,6 +193,7 @@ export const forge: CryptoLegacyInterface;
 
 export const axios: AxiosInstance;
 
+export const agents: any;
 /**
  * Logger
  */

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,38 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Performance Improvements
+
+* 支持华为云cdn ([81a3fdb](https://github.com/certd/certd/commit/81a3fdbc29b71f380762008cc151493ec97458f9))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/certd/certd/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+### Performance Improvements
+
+* 新增部署到百度云CDN插件 ([f126f9f](https://github.com/certd/certd/commit/f126f9f932d37fa01fff1accc7bdd17d349f8db5))
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Bug Fixes
+
+* 申请证书没有使用到系统设置的http代理的bug ([3db216f](https://github.com/certd/certd/commit/3db216f515ba404cb4330fdab452971b22a50f08))
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-12:31
+11:12

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -64,5 +64,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/core/basic/src/utils/index.ts

@@ -17,6 +17,8 @@ import { fileUtils } from './util.file.js';
 import * as _ from 'lodash-es';
 import { cache } from './util.cache.js';
 import dayjs from 'dayjs';
+import { domainUtils } from './util.domain.js';
+import { optionsUtils } from './util.options.js';
 
 export const utils = {
   sleep,
@@ -30,4 +32,6 @@ export const utils = {
   cache,
   nanoid,
   dayjs,
+  domain: domainUtils,
+  options: optionsUtils,
 };

packages/core/basic/src/utils/util.domain.ts

@@ -0,0 +1,51 @@
+//域名是否匹配，支持通配符
+function match(targetDomains: string | string[], inDomains: string[]) {
+  if (!targetDomains || targetDomains.length == 0) {
+    return false;
+  }
+  if (!inDomains || inDomains.length == 0) {
+    return false;
+  }
+
+  if (typeof targetDomains === 'string') {
+    targetDomains = [targetDomains];
+  }
+  for (let targetDomain of targetDomains) {
+    let matched = false;
+    if (targetDomain.startsWith('.')) {
+      targetDomain = '*' + targetDomain;
+    }
+    for (let inDomain of inDomains) {
+      if (inDomain.startsWith('.')) {
+        inDomain = '*' + inDomain;
+      }
+      if (targetDomain === inDomain) {
+        matched = true;
+        break;
+      }
+
+      if (!inDomain.startsWith('*.')) {
+        //不可能匹配
+        continue;
+      }
+      //子域名匹配通配符即可
+      const firstDotIndex = targetDomain.indexOf('.');
+      const targetDomainSuffix = targetDomain.substring(firstDotIndex + 1);
+      if (targetDomainSuffix === inDomain.substring(2)) {
+        matched = true;
+        break;
+      }
+    }
+    //有一个没有匹配上，就失败
+    if (!matched) {
+      return false;
+    }
+    //这个匹配上了，检查下一个
+  }
+  //没有提前return 全部匹配上了
+  return true;
+}
+
+export const domainUtils = {
+  match,
+};

packages/core/basic/src/utils/util.log.ts

@@ -1,4 +1,4 @@
-import log4js, { LoggingEvent, Logger } from "log4js";
+import log4js, { LoggingEvent, Logger } from 'log4js';
 
 const OutputAppender = {
   configure: (config: any, layouts: any, findAppender: any, levels: any) => {
@@ -18,18 +18,22 @@ const OutputAppender = {
   },
 };
 
-// @ts-ignore
-log4js.configure({
-  appenders: { std: { type: "stdout" }, output: { type: OutputAppender } },
-  categories: { default: { appenders: ["std"], level: "info" }, pipeline: { appenders: ["std", "output"], level: "info" } },
-});
-export const logger = log4js.getLogger("default");
+export function resetLogConfigure() {
+  // @ts-ignore
+  log4js.configure({
+    appenders: { std: { type: 'stdout' }, output: { type: OutputAppender } },
+    categories: { default: { appenders: ['std'], level: 'info' }, pipeline: { appenders: ['std', 'output'], level: 'info' } },
+  });
+}
+resetLogConfigure();
+export const logger = log4js.getLogger('default');
 
 export function buildLogger(write: (text: string) => void) {
-  const logger = log4js.getLogger("pipeline");
-  logger.addContext("outputHandler", {
+  const logger = log4js.getLogger('pipeline');
+  logger.addContext('outputHandler', {
     write,
   });
   return logger;
 }
+
 export type ILogger = Logger;

packages/core/basic/src/utils/util.options.ts

@@ -0,0 +1,42 @@
+import { domainUtils } from './util.domain.js';
+
+function groupByDomain(options: any[], inDomains: string[]) {
+  const matched = [];
+  const notMatched = [];
+  for (const item of options) {
+    if (domainUtils.match(item.domain, inDomains)) {
+      matched.push(item);
+    } else {
+      notMatched.push(item);
+    }
+  }
+  return {
+    matched,
+    notMatched,
+  };
+}
+
+function buildGroupOptions(options: any[], inDomains: string[]) {
+  const grouped = groupByDomain(options, inDomains);
+  const groupOptions = [];
+  groupOptions.push({ value: '', disabled: true, label: '----已匹配----' });
+  if (grouped.matched.length === 0) {
+    options.push({ value: '', disabled: true, label: '没有可以匹配的域名' });
+  } else {
+    for (const matched of grouped.matched) {
+      groupOptions.push(matched);
+    }
+  }
+  if (grouped.notMatched.length > 0) {
+    groupOptions.push({ value: '', disabled: true, label: '----未匹配----' });
+    for (const notMatched of grouped.notMatched) {
+      groupOptions.push(notMatched);
+    }
+  }
+  return groupOptions;
+}
+
+export const optionsUtils = {
+  groupByDomain,
+  buildGroupOptions,
+};

packages/core/basic/src/utils/util.request.ts

@@ -5,6 +5,7 @@ import { HttpProxyAgent } from 'http-proxy-agent';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import nodeHttp from 'http';
 import * as https from 'node:https';
+import { merge } from 'lodash-es';
 export class HttpError extends Error {
   status?: number;
   statusText?: string;
@@ -35,6 +36,14 @@ export class HttpError extends Error {
       params: error.config?.params,
       data: error.config?.data,
     };
+    let url = error.config?.url;
+    if (error.config?.baseURL) {
+      url = error.config?.baseURL + url;
+    }
+    if (url) {
+      this.message = `${this.message}  : url=${url}`;
+    }
+
     this.response = {
       data: error.response?.data,
     };
@@ -52,14 +61,11 @@ let defaultAgents = createAgent();
 
 export function setGlobalProxy(opts: { httpProxy?: string; httpsProxy?: string }) {
   logger.info('setGlobalProxy:', opts);
-  if (opts.httpProxy) {
-    process.env.HTTP_PROXY = opts.httpProxy;
-  }
-  if (opts.httpsProxy) {
-    process.env.HTTPS_PROXY = opts.httpsProxy;
-  }
+  defaultAgents = createAgent(opts);
+}
 
-  defaultAgents = createAgent();
+export function getGlobalAgents() {
+  return defaultAgents;
 }
 
 /**
@@ -72,7 +78,10 @@ export function createAxiosService({ logger }: { logger: Logger }) {
   // 请求拦截
   service.interceptors.request.use(
     (config: any) => {
-      logger.info(`http request:${config.url}，method:${config.method}，params:${JSON.stringify(config.params)}`);
+      logger.info(`http request:${config.url}，method:${config.method}`);
+      if (config.logParams !== false && config.params) {
+        logger.info(`params:${JSON.stringify(config.params)}`);
+      }
       if (config.timeout == null) {
         config.timeout = 15000;
       }
@@ -84,6 +93,11 @@ export function createAxiosService({ logger }: { logger: Logger }) {
       delete config.skipSslVerify;
       config.httpsAgent = agents.httpsAgent;
       config.httpAgent = agents.httpAgent;
+
+      // const agent = new https.Agent({
+      //   rejectUnauthorized: false  // 允许自签名证书
+      // });
+      // config.httpsAgent = agent;
       config.proxy = false; //必须 否则还会走一层代理，
       return config;
     },
@@ -96,7 +110,11 @@ export function createAxiosService({ logger }: { logger: Logger }) {
   // 响应拦截
   service.interceptors.response.use(
     (response: any) => {
-      logger.info('http response:', JSON.stringify(response?.data));
+      if (response?.config?.logRes !== false) {
+        logger.info(`http response : status=${response?.status},data=${JSON.stringify(response?.data)}`);
+      } else {
+        logger.info('http response status:', response?.status);
+      }
       return response.data;
     },
     (error: any) => {
@@ -157,27 +175,35 @@ export function createAxiosService({ logger }: { logger: Logger }) {
 
 export const http = createAxiosService({ logger }) as HttpClient;
 export type HttpClientResponse<R> = any;
-export type HttpRequestConfig<D> = {
+export type HttpRequestConfig<D = any> = {
   skipSslVerify?: boolean;
   skipCheckRes?: boolean;
+  logParams?: boolean;
+  logRes?: boolean;
 } & AxiosRequestConfig<D>;
 export type HttpClient = {
   request<D = any, R = any>(config: HttpRequestConfig<D>): Promise<HttpClientResponse<R>>;
 };
 
-export function createAgent(opts: nodeHttp.AgentOptions = {}) {
+export type CreateAgentOptions = {
+  httpProxy?: string;
+  httpsProxy?: string;
+} & nodeHttp.AgentOptions;
+export function createAgent(opts: CreateAgentOptions = {}) {
   let httpAgent, httpsAgent;
-  const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+  const httpProxy = opts.httpProxy || process.env.HTTP_PROXY || process.env.http_proxy;
   if (httpProxy) {
     logger.info('use httpProxy:', httpProxy);
     httpAgent = new HttpProxyAgent(httpProxy, opts as any);
+    merge(httpAgent.options, opts);
   } else {
     httpAgent = new nodeHttp.Agent(opts);
   }
-  const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
+  const httpsProxy = opts.httpsProxy || process.env.HTTPS_PROXY || process.env.https_proxy;
   if (httpsProxy) {
     logger.info('use httpsProxy:', httpsProxy);
     httpsAgent = new HttpsProxyAgent(httpsProxy, opts as any);
+    merge(httpsAgent.options, opts);
   } else {
     httpsAgent = new https.Agent(opts);
   }

packages/core/basic/src/utils/util.sp.ts

@@ -1,8 +1,8 @@
 //转换为import
-import childProcess from "child_process";
-import { safePromise } from "./util.promise.js";
-import { ILogger, logger } from "./util.log.js";
-
+import childProcess from 'child_process';
+import { safePromise } from './util.promise.js';
+import { ILogger, logger } from './util.log.js';
+import iconv from 'iconv-lite';
 export type ExecOption = {
   cmd: string | string[];
   env: any;
@@ -11,12 +11,12 @@ export type ExecOption = {
 };
 
 async function exec(opts: ExecOption): Promise<string> {
-  let cmd = "";
+  let cmd = '';
   const log = opts.logger || logger;
   if (opts.cmd instanceof Array) {
     for (const item of opts.cmd) {
       if (cmd) {
-        cmd += " && " + item;
+        cmd += ' && ' + item;
       } else {
         cmd = item;
       }
@@ -38,7 +38,7 @@ async function exec(opts: ExecOption): Promise<string> {
           log.error(`exec error: ${error}`);
           reject(error);
         } else {
-          const res = stdout.toString("utf-8");
+          const res = stdout.toString('utf-8');
           log.info(`stdout: ${res}`);
           resolve(res);
         }
@@ -55,13 +55,31 @@ export type SpawnOption = {
   logger?: ILogger;
   options?: any;
 };
+
+function isWindows() {
+  return process.platform === 'win32';
+}
+function convert(buffer: any) {
+  if (isWindows()) {
+    const decoded = iconv.decode(buffer, 'GBK');
+    // 检查是否有有效字符
+    return decoded && decoded.trim().length > 0 ? decoded : buffer.toString();
+  } else {
+    return buffer;
+  }
+}
+
+// function convert(buffer: any) {
+//   return buffer;
+// }
+
 async function spawn(opts: SpawnOption): Promise<string> {
-  let cmd = "";
+  let cmd = '';
   const log = opts.logger || logger;
   if (opts.cmd instanceof Array) {
     for (const item of opts.cmd) {
       if (cmd) {
-        cmd += " && " + item;
+        cmd += ' && ' + item;
       } else {
         cmd = item;
       }
@@ -70,8 +88,8 @@ async function spawn(opts: SpawnOption): Promise<string> {
     cmd = opts.cmd;
   }
   log.info(`执行命令: ${cmd}`);
-  let stdout = "";
-  let stderr = "";
+  let stdout = '';
+  let stderr = '';
   return safePromise((resolve, reject) => {
     const ls = childProcess.spawn(cmd, {
       shell: true,
@@ -81,21 +99,23 @@ async function spawn(opts: SpawnOption): Promise<string> {
       },
       ...opts.options,
     });
-    ls.stdout.on("data", (data) => {
+    ls.stdout.on('data', data => {
+      data = convert(data);
       log.info(`stdout: ${data}`);
       stdout += data;
     });
 
-    ls.stderr.on("data", (data) => {
-      log.error(`stderr: ${data}`);
+    ls.stderr.on('data', data => {
+      data = convert(data);
+      log.warn(`stderr: ${data}`);
       stderr += data;
     });
-    ls.on("error", (error) => {
+    ls.on('error', error => {
       log.error(`child process error: ${error}`);
       reject(error);
     });
 
-    ls.on("close", (code: number) => {
+    ls.on('close', (code: number) => {
       if (code !== 0) {
         log.error(`child process exited with code ${code}`);
         reject(new Error(stderr));

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,36 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Performance Improvements
+
+* 支持白山云cdn部署 ([b1b2cd0](https://github.com/certd/certd/commit/b1b2cd088b684eda764962abd61754c26a204d1c))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Performance Improvements
+
+* 申请证书启用新的反代地址 ([a705182](https://github.com/certd/certd/commit/a705182b85e51157883e48f23463263793bf3c12))
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 ### Bug Fixes

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -15,8 +15,8 @@
     "test": "mocha   --loader=ts-node/esm"
   },
   "dependencies": {
-    "@certd/basic": "^1.26.10",
-    "@certd/plus-core": "^1.26.10",
+    "@certd/basic": "^1.26.16",
+    "@certd/plus-core": "^1.26.16",
     "axios": "^1.7.2",
     "dayjs": "^1.11.7",
     "fix-path": "^4.0.0",
@@ -66,5 +66,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/core/pipeline/src/core/executor.ts

@@ -128,6 +128,10 @@ export class Executor {
         this.runtime.skip(runnable);
         return resultType;
       }
+      if (resultType == ResultType.disabled) {
+        this.runtime.disabled(runnable);
+        return resultType;
+      }
       this.runtime.success(runnable);
       return ResultType.success;
     } catch (e: any) {
@@ -164,12 +168,14 @@ export class Executor {
 
     let resList: ResultType[] = [];
     if (stage.concurrency === ConcurrencyStrategy.Parallel) {
+      //并行
       const pList = [];
       for (const item of runnerList) {
         pList.push(item());
       }
       resList = await Promise.all(pList);
     } else {
+      //串行
       for (let i = 0; i < runnerList.length; i++) {
         const runner = runnerList[i];
         resList[i] = await runner();
@@ -181,6 +187,7 @@ export class Executor {
   compositionResultType(resList: ResultType[]): ResultType {
     let hasSuccess = false;
     let hasSkip = false;
+    let hasDisabled = false;
     for (const type of resList) {
       if (type === ResultType.error) {
         return ResultType.error;
@@ -188,8 +195,14 @@ export class Executor {
         hasSuccess = true;
       } else if (type === ResultType.skip) {
         hasSkip = true;
+      } else if (type === ResultType.disabled) {
+        hasDisabled = true;
       }
     }
+    if (!hasSuccess && !hasSkip && hasDisabled) {
+      //全是disabled
+      return ResultType.disabled;
+    }
     if (!hasSuccess && hasSkip) {
       //全是跳过
       return ResultType.skip;

packages/core/pipeline/src/plugin/api.ts

@@ -111,13 +111,19 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     return this._result.files;
   }
 
+  checkSignal() {
+    if (this.ctx.signal && this.ctx.signal.aborted) {
+      throw new Error("用户取消");
+    }
+  }
+
   setCtx(ctx: TaskInstanceContext) {
     this.ctx = ctx;
     this.logger = ctx.logger;
     this.accessService = ctx.accessService;
   }
 
-  async getAccess(accessId: string) {
+  async getAccess<T = any>(accessId: string) {
     if (accessId == null) {
       throw new Error("您还没有配置授权");
     }
@@ -125,7 +131,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     if (res == null) {
       throw new Error("授权不存在，可能已被删除，请前往任务配置里面重新选择授权");
     }
-    return res;
+    return res as T;
   }
 
   randomFileId() {

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -17,5 +17,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -39,5 +39,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/lib-jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-jdcloud",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "main": "./dist/bundle.mjs",
   "module": "./dist/bundle.mjs",
   "types": "./dist/d/index.d.ts",
@@ -27,5 +27,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -18,7 +18,7 @@
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
-    "@certd/pipeline": "^1.26.10",
+    "@certd/pipeline": "^1.26.16",
     "@rollup/plugin-commonjs": "^23.0.4",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.0.1",
@@ -40,5 +40,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,39 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Performance Improvements
+
+* 限制其他用户流水线数量 ([315e437](https://github.com/certd/certd/commit/315e43746baf01682737f82e41579237a48409af))
+* 用户管理优化头像上传 ([661293c](https://github.com/certd/certd/commit/661293c189a3abf3cdc953b5225192372f57930d))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Bug Fixes
+
+* 申请证书没有使用到系统设置的http代理的bug ([3db216f](https://github.com/certd/certd/commit/3db216f515ba404cb4330fdab452971b22a50f08))
+
+### Performance Improvements
+
+* 申请证书启用新的反代地址 ([a705182](https://github.com/certd/certd/commit/a705182b85e51157883e48f23463263793bf3c12))
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.26.10",
+  "version": "1.26.16",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -26,8 +26,9 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/basic": "^1.26.10",
-    "@certd/pipeline": "^1.26.10",
+    "@certd/acme-client": "^1.26.16",
+    "@certd/basic": "^1.26.16",
+    "@certd/pipeline": "^1.26.16",
     "@midwayjs/cache": "~3.14.0",
     "@midwayjs/core": "~3.17.1",
     "@midwayjs/i18n": "~3.17.3",
@@ -68,5 +69,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/libs/lib-server/src/system/basic/service/file-service.ts

@@ -1,4 +1,4 @@
-import { Provide } from '@midwayjs/core';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import dayjs from 'dayjs';
 import path from 'path';
 import fs from 'fs';
@@ -14,6 +14,7 @@ export const uploadTmpFileCacheKey = 'tmpfile_key_';
 /**
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class FileService {
   async saveFile(userId: number, tmpCacheKey: any, permission: 'public' | 'private') {
     if (tmpCacheKey.startsWith(`/${permission}`)) {

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -15,6 +15,7 @@ export class SysPublicSettings extends BaseSettings {
   static __title__ = '系统公共设置';
   static __access__ = 'public';
   registerEnabled = false;
+  limitUserPipelineCount = 0;
   managerOtherUserPipeline = false;
   icpNo?: string;
   // triggerOnStartup = false;
@@ -102,3 +103,20 @@ export class SysSiteEnv {
     contactLink?: string;
   };
 }
+
+export type MenuItem = {
+  id: string;
+  title: string;
+  icon: string;
+  link: string;
+  auth: boolean;
+  permission?: string;
+  children?: MenuItem[];
+};
+export class SysHeaderMenus extends BaseSettings {
+  static __title__ = '顶部菜单';
+  static __key__ = 'sys.header.menus';
+  static __access__ = 'public';
+
+  menus: MenuItem[];
+}

packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts

@@ -7,7 +7,7 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
 import * as _ from 'lodash-es';
 import { BaseService } from '../../../basic/index.js';
 import { logger, setGlobalProxy } from '@certd/basic';
-
+import { agents } from '@certd/acme-client';
 /**
  * 设置
  */
@@ -23,7 +23,6 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
   getRepository() {
     return this.repository;
   }
-
   async getById(id: any): Promise<SysSettingsEntity | null> {
     const entity = await this.info(id);
     if (!entity) {
@@ -128,12 +127,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
 
   async reloadPrivateSettings() {
     const bean = await this.getPrivateSettings();
-    if (bean.httpProxy || bean.httpsProxy) {
-      setGlobalProxy({
-        httpProxy: bean.httpProxy,
-        httpsProxy: bean.httpsProxy,
-      });
-    }
+    const opts = {
+      httpProxy: bean.httpProxy,
+      httpsProxy: bean.httpsProxy,
+    };
+    setGlobalProxy(opts);
+    agents.setGlobalProxy(opts);
   }
 
   async updateByKey(key: string, setting: any) {
@@ -149,10 +148,10 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
 
   async backupSecret() {
     const settings = await this.getSettingByKey(SysSecretBackup.__key__);
+    const privateSettings = await this.getPrivateSettings();
+    const installInfo = await this.getSetting<SysInstallInfo>(SysInstallInfo);
     if (settings == null) {
       const backup = new SysSecretBackup();
-      const privateSettings = await this.getPrivateSettings();
-      const installInfo = await this.getSetting<SysInstallInfo>(SysInstallInfo);
       if (installInfo.siteId == null || privateSettings.encryptSecret == null) {
         logger.error('备份密钥失败，siteId或encryptSecret为空');
         return;
@@ -161,6 +160,14 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
       backup.encryptSecret = privateSettings.encryptSecret;
       await this.saveSetting(backup);
       logger.info('备份密钥成功');
+    } else {
+      //校验是否有变化
+      if (settings.siteId !== installInfo.siteId) {
+        throw new Error(`siteId与备份不一致，可能是数据异常，请检查：backup=${settings.siteId}, current=${installInfo.siteId}`);
+      }
+      if (settings.encryptSecret !== privateSettings.encryptSecret) {
+        throw new Error('encryptSecret与备份不一致，可能是数据异常，请检查');
+      }
     }
   }
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.26.10",
+  "version": "1.26.16",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -56,5 +56,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,42 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Bug Fixes
+
+* 修复lego No help topic for 错误 ([aaaf8d7](https://github.com/certd/certd/commit/aaaf8d7db34896cf8f2ff8f12eec1ab0cae58f0f))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+### Bug Fixes
+
+* deprecated的运行时不要报错，只报警告 ([bcbefaa](https://github.com/certd/certd/commit/bcbefaaa35cf6d0eec085b3a2c5bfc7c6a8de9e1))
+
+## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
+
+### Performance Improvements
+
+* 支持配置公共ZeroSSL授权 ([a90d1e6](https://github.com/certd/certd/commit/a90d1e68ee9cbc3705223457b8a86f071b150968))
+
+## [1.26.11](https://github.com/certd/certd/compare/v1.26.10...v1.26.11) (2024-10-23)
+
+### Performance Improvements
+
+* 申请证书启用新的反代地址 ([a705182](https://github.com/certd/certd/commit/a705182b85e51157883e48f23463263793bf3c12))
+* 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。 ([41d9c3a](https://github.com/certd/certd/commit/41d9c3ac8398def541e65351cbe920d4a927182d))
+* 优化pfx密码密码输入框，让浏览器不自动填写密码 ([ffeede3](https://github.com/certd/certd/commit/ffeede38afa70c5ff6f2015516bead23d2c4df87))
+
 ## [1.26.10](https://github.com/certd/certd/compare/v1.26.9...v1.26.10) (2024-10-20)
 
 ### Bug Fixes

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.26.10",
+  "version": "1.26.16",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -15,9 +15,9 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.26.10",
-    "@certd/basic": "^1.26.10",
-    "@certd/pipeline": "^1.26.10",
+    "@certd/acme-client": "^1.26.16",
+    "@certd/basic": "^1.26.16",
+    "@certd/pipeline": "^1.26.16",
     "@google-cloud/publicca": "^1.3.0",
     "dayjs": "^1.11.7",
     "jszip": "^3.10.1",
@@ -57,5 +57,5 @@
     "vite": "^3.1.0",
     "vue-tsc": "^0.38.9"
   },
-  "gitHead": "f36b6e382484ba8d07fa1718c438b097ad04c8da"
+  "gitHead": "06fed944c96fc6c5d4911bb7d3f45b51948f9d4b"
 }

packages/plugins/plugin-cert/src/dns-provider/base.ts

@@ -31,7 +31,7 @@ export async function createDnsProvider(opts: { dnsProviderType: string; context
   const DnsProviderClass = dnsProviderPlugin.target;
   const dnsProviderDefine = dnsProviderPlugin.define as DnsProviderDefine;
   if (dnsProviderDefine.deprecated) {
-    throw new Error(dnsProviderDefine.deprecated);
+    context.logger.warn(dnsProviderDefine.deprecated);
   }
   // @ts-ignore
   const dnsProvider: IDnsProvider = new DnsProviderClass();

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -30,6 +30,7 @@ export type CertInfo = {
   ic?: string;
   pfx?: string;
   der?: string;
+  jks?: string;
 };
 export type SSLProvider = "letsencrypt" | "google" | "zerossl";
 export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
@@ -89,12 +90,15 @@ export class AcmeService {
   }
 
   async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
+    const mappings = {};
+    if (this.sslProvider === "letsencrypt") {
+      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
+    } else if (this.sslProvider === "google") {
+      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
+    }
     const urlMapping: UrlMapping = {
       enabled: false,
-      mappings: {
-        "acme-v02.api.letsencrypt.org": this.options.reverseProxy || "letsencrypt.proxy.handsfree.work",
-        "dv.acme-v02.api.pki.goog": this.options.reverseProxy || "google.proxy.handsfree.work",
-      },
+      mappings,
     };
     const conf = await this.getAccountConfig(email, urlMapping);
     if (conf.key == null) {
@@ -119,6 +123,7 @@ export class AcmeService {
       }
     }
     const client = new acme.Client({
+      sslProvider: this.sslProvider,
       directoryUrl: directoryUrl,
       accountKey: conf.key,
       accountUrl: conf.accountUrl,
@@ -172,7 +177,7 @@ export class AcmeService {
       this.logger.info(`Would create TXT record "${fullRecord}" with value "${recordValue}"`);
 
       let domain = parseDomain(fullDomain);
-      this.logger.info("解析到域名domain=", domain);
+      this.logger.info("解析到域名domain=" + domain);
 
       if (domainsVerifyPlan) {
         //按照计划执行
@@ -384,7 +389,7 @@ export class AcmeService {
         timeout: 10000,
       });
     } catch (e) {
-      this.logger.error(`${directoryUrl}，测试访问失败`, e.stack);
+      this.logger.error(`${directoryUrl}，测试访问失败`, e.message);
       return false;
     }
     this.logger.info(`${directoryUrl}，测试访问成功`);

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -40,7 +40,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
       name: "a-input",
       vModel: "value",
     },
-    rules: [{ type: "email" }],
+    rules: [{ type: "email", message: "请输入正确的邮箱" }],
     required: true,
     order: -1,
     helper: "请输入邮箱",
@@ -50,18 +50,19 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
   @TaskInput({
     title: "PFX证书密码",
     component: {
-      name: "a-input-password",
+      name: "input-password",
       vModel: "value",
     },
     required: false,
     order: 100,
-    helper: "PFX格式证书是否需要加密",
+    // helper: "PFX、jks格式证书是否加密；jks必须设置密码，不传则默认123456",
+    helper: "PFX证书是否加密",
   })
   pfxPassword!: string;
 
   @TaskInput({
     title: "更新天数",
-    value: 20,
+    value: 35,
     component: {
       name: "a-input-number",
       vModel: "value",
@@ -157,14 +158,28 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
           cert,
           pfxPassword: this.pfxPassword,
         });
-        const pfxBuffer = fs.readFileSync(res.pfxPath);
-        cert.pfx = pfxBuffer.toString("base64");
+        if (res.pfxPath) {
+          const pfxBuffer = fs.readFileSync(res.pfxPath);
+          cert.pfx = pfxBuffer.toString("base64");
+          fs.unlinkSync(res.pfxPath);
+          isNew = true;
+        }
 
-        const derBuffer = fs.readFileSync(res.derPath);
-        cert.der = derBuffer.toString("base64");
+        if (res.derPath) {
+          const derBuffer = fs.readFileSync(res.derPath);
+          cert.der = derBuffer.toString("base64");
+          fs.unlinkSync(res.derPath);
+          isNew = true;
+        }
+
+        if (res.jksPath) {
+          const jksBuffer = fs.readFileSync(res.jksPath);
+          cert.jks = jksBuffer.toString("base64");
+          fs.unlinkSync(res.jksPath);
+          isNew = true;
+        }
 
         this.logger.info("转换证书格式成功");
-        isNew = true;
       } catch (e) {
         this.logger.error("转换证书格式失败", e);
       }
@@ -186,12 +201,16 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     zip.file("cert.crt", cert.crt);
     zip.file("cert.key", cert.key);
     zip.file("intermediate.crt", cert.ic);
+
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
     if (cert.der) {
       zip.file("cert.der", Buffer.from(cert.der, "base64"));
     }
+    if (cert.jks) {
+      zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
+    }
     const content = await zip.generateAsync({ type: "nodebuffer" });
     this.saveFile(filename, content);
     this.logger.info(`已保存文件:${filename}`);
@@ -212,7 +231,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
       this.logger.info("input hash 有变更，检查是否需要重新申请证书");
       //判断域名有没有变更
       /**
-       *                      "renewDays": 20,
+       *                      "renewDays": 35,
        *                     "certApplyPlugin": "CertApply",
        *                     "sslProvider": "letsencrypt",
        *                     "privateKeyType": "rsa_2048_pkcs1",
@@ -227,7 +246,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
        *                     "successNotify": true,
        *                     "pfxPassword": "123456"
        */
-      const checkInputChanges = ["domains", "sslProvider", "privateKeyType", "dnsProviderType", "dnsProviderAccess", "pfxPassword"];
+      const checkInputChanges = ["domains", "sslProvider", "privateKeyType", "dnsProviderType", "pfxPassword"];
       const oldInput = JSON.stringify(pick(this.lastStatus?.input, checkInputChanges));
       const thisInput = JSON.stringify(pick(this, checkInputChanges));
       inputChanged = oldInput !== thisInput;

packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts

@@ -13,6 +13,7 @@ export type CertReaderHandleContext = {
   tmpPfxPath?: string;
   tmpDerPath?: string;
   tmpIcPath?: string;
+  tmpJksPath?: string;
 };
 export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
 export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
@@ -72,14 +73,14 @@ export class CertReader {
     return domains;
   }
 
-  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic", filepath?: string) {
+  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic" | "jks", filepath?: string) {
     if (!this.cert[type]) {
       return;
     }
 
     if (filepath == null) {
       //写入临时目录
-      filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`);
+      filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.${type}`);
     }
 
     const dir = path.dirname(filepath);
@@ -103,6 +104,7 @@ export class CertReader {
     const tmpIcPath = this.saveToFile("ic");
     logger.info("本地文件写入成功");
     const tmpDerPath = this.saveToFile("der");
+    const tmpJksPath = this.saveToFile("jks");
     try {
       return await opts.handle({
         reader: this,
@@ -111,6 +113,7 @@ export class CertReader {
         tmpPfxPath: tmpPfxPath,
         tmpDerPath: tmpDerPath,
         tmpIcPath: tmpIcPath,
+        tmpJksPath: tmpJksPath,
       });
     } catch (err) {
       throw err;
@@ -127,6 +130,7 @@ export class CertReader {
       removeFile(tmpPfxPath);
       removeFile(tmpDerPath);
       removeFile(tmpIcPath);
+      removeFile(tmpJksPath);
     }
   }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts

@@ -17,16 +17,20 @@ export class CertConverter {
   async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
     pfxPath: string;
     derPath: string;
+    jksPath: string;
   }> {
     const certReader = new CertReader(opts.cert);
     let pfxPath: string;
     let derPath: string;
+    let jksPath: string;
     const handle = async (ctx: CertReaderHandleContext) => {
       // 调用openssl 转pfx
       pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
 
       // 转der
       derPath = await this.convertDer(ctx);
+
+      //jksPath = await this.convertJks(ctx, pfxPath, opts.pfxPassword);
     };
 
     await certReader.readCertFile({ logger: this.logger, handle });
@@ -34,10 +38,12 @@ export class CertConverter {
     return {
       pfxPath,
       derPath,
+      jksPath,
     };
   }
 
   async exec(cmd: string) {
+    process.env.LANG = "zh_CN.GBK";
     await sp.spawn({
       cmd: cmd,
       logger: this.logger,
@@ -47,7 +53,7 @@ export class CertConverter {
   private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string) {
     const { tmpCrtPath, tmpKeyPath } = opts;
 
-    const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
+    const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
 
     const dir = path.dirname(pfxPath);
     if (!fs.existsSync(dir)) {
@@ -70,7 +76,7 @@ export class CertConverter {
 
   private async convertDer(opts: CertReaderHandleContext) {
     const { tmpCrtPath } = opts;
-    const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
+    const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.der`);
 
     const dir = path.dirname(derPath);
     if (!fs.existsSync(dir)) {
@@ -88,4 +94,32 @@ export class CertConverter {
     // const filename = reader.buildCertFileName("der", applyTime);
     // this.saveFile(filename, fileBuffer);
   }
+
+  async convertJks(opts: CertReaderHandleContext, pfxPath: string, pfxPassword = "") {
+    const jksPassword = pfxPassword || "123456";
+    try {
+      const randomStr = Math.floor(Math.random() * 1000000) + "";
+
+      // const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
+      // const { tmpCrtPath, tmpKeyPath } = opts;
+      // let passwordArg = "-passout pass:";
+      // if (pfxPassword) {
+      //   passwordArg = `-password pass:${pfxPassword}`;
+      // }
+      // await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
+
+      const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
+      const dir = path.dirname(jksPath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+      }
+      await this.exec(
+        `keytool -importkeystore -srckeystore ${pfxPath} -srcstoretype PKCS12 -srcstorepass "${pfxPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `
+      );
+      return jksPath;
+    } catch (e) {
+      this.logger.error("转换jks失败", e);
+      return;
+    }
+  }
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -33,7 +33,7 @@ export type DomainsVerifyPlanInput = {
   desc: "免费通配符域名证书申请，支持多个域名打到同一个证书上",
   default: {
     input: {
-      renewDays: 20,
+      renewDays: 35,
       forceUpdate: false,
     },
     strategy: {
@@ -55,12 +55,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     },
     required: true,
     helper:
-      "DNS直接验证：适合域名是在阿里云、腾讯云、华为云、Cloudflare、西数注册的，需要提供Access授权信息。\nCNAME代理验证：支持任何注册商注册的域名，并且不需要提供Access授权信息，但第一次需要手动添加CNAME记录",
+      "DNS直接验证：域名是在阿里云、腾讯云、华为云、Cloudflare、西数注册的，选它。\nCNAME代理验证：支持任何注册商注册的域名，但第一次需要手动添加CNAME记录",
   })
   challengeType!: string;
 
   @TaskInput({
-    title: "DNS提供商",
+    title: "DNS解析服务商",
     component: {
       name: "dns-provider-selector",
     },
@@ -72,7 +72,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     }
     `,
     required: true,
-    helper: "请选择dns解析提供商，您的域名是在哪里注册的，或者域名的dns解析服务器属于哪个平台\n如果这里没有您需要的dns解析提供商，请选择CNAME代理验证校验方式",
+    helper: "您的域名注册商，或者域名的dns服务器属于哪个平台\n如果这里没有，请选择CNAME代理验证校验方式",
   })
   dnsProviderType!: string;
 
@@ -82,7 +82,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       name: "access-selector",
     },
     required: true,
-    helper: "请选择dns解析提供商授权",
+    helper: "请选择dns解析服务商授权",
     mergeScript: `return {
       component:{
         type: ctx.compute(({form})=>{
@@ -134,7 +134,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "zerossl", label: "ZeroSSL" },
       ],
     },
-    helper: "Let's Encrypt最简单，如果使用ZeroSSL、Google证书，需要提供EAB授权",
+    helper: "Let's Encrypt：申请最简单\nGoogle：大厂光环，兼容性好，需要翻墙获取EAB授权\nZeroSSL：有数量限制，获取EAB授权无需翻墙",
     required: true,
   })
   sslProvider!: SSLProvider;
@@ -162,7 +162,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     maybeNeed: true,
     required: false,
     helper:
-      "需要提供EAB授权\nZeroSSL：请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://gitee.com/certd/certd/blob/v2/doc/google/google.md)，用过一次后会绑定邮箱，后续复用EAB要用同一个邮箱",
+      "需要提供EAB授权\nZeroSSL：请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)，用过一次后会绑定邮箱，后续复用EAB要用同一个邮箱",
     mergeScript: `
     return {
         show: ctx.compute(({form})=>{
@@ -182,7 +182,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     maybeNeed: true,
     required: false,
     helper:
-      "google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://gitee.com/certd/certd/blob/v2/doc/google/google.md)\n服务账号授权需要配置代理或者服务器本身在海外",
+      "google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)\n服务账号授权需要配置代理或者服务器本身在海外",
     mergeScript: `
     return {
         show: ctx.compute(({form})=>{