Merge branch 'v2' of https://github.com/certd/certd into v2

docs: 1
2026-04-24 12:27:25 +08:00 · 2025-11-12 09:10:43 +08:00 · 2025-11-11 16:03:40 +08:00 · 2025-11-11 16:03:19 +08:00 · 2025-11-11 13:29:38 +08:00 · 2025-11-11 11:41:36 +08:00
2018 changed files with 547222 additions and 10443 deletions
@@ -0,0 +1,11 @@
 #
 # http://editorconfig.org
 #
 root = true
 [*]
 indent_style = space
 indent_size = 2
 trim_trailing_whitespace = true
@@ -0,0 +1,5 @@
 # These are supported funding model platforms
 github: greper
 buy_me_a_coffee: greper
 custom: ['https://afdian.com/a/greper']
@@ -0,0 +1,36 @@
 ---
 name: Plugin Apply
 about: 部署插件申请支持
 title: "[Plugin] "
 labels: feature
 ---
 > > 感谢您支持certd，请按如下规范提交issue
 > 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
 # 新部署插件申请支持
 ## 1. 需求描述
 `请在此处简要描述你的需求`
 ## 2. 要部署证书应用的信息
 1. 应用名称：
 2. 应用网址/项目地址/官方网站：
 3. 管理证书界面截图（或者手动部署证书方式介绍及截图）：
 4. 是否有API接口，接口地址：
 5. 如果没有API接口，网页登录是否需要验证码：
 6. 是否可以提供测试账号？（如果可以请留下联系方式或者加作者好友）
@@ -0,0 +1,36 @@
 ---
 name: DNS Provider Apply
 about: 域名提供商申请支持
 title: "[DNS] "
 labels: feature
 ---
 > 感谢您支持certd，请按如下规范提交issue
 > 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
 # 新域名提供商支持申请
 ## 1. 基本信息
 请填写如下内容：
 1. 域名提供商名称：
 2. 管理页面地址：
 3. 是否有API接口，接口地址：
 4. 如果没有API接口，网页登录是否有验证码：
 5. 是否可以提供测试账号？（如果可以请留下联系方式或者加作者好友）
 ## 2. 截图
 `域名管理页面截图`
@@ -1,21 +1,28 @@
-> 感谢您支持certd，请按如下规范提交issue    
+---
 name: Bug Report
 about: 错误或问题报告
 title: "[BUG] "
 labels: bug
 ---
 > 感谢您支持certd，请按如下规范提交issue
 > 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
-
+# bug提交
-## 一、问题描述
+## 1、问题描述
 `请在此处简要描述你所遇到的问题，必要时请贴出相关截图辅助理解和定位`
-### 复现步骤
+### 2、复现步骤
 `请描述复现问题的详细步骤`
 `如果非示例页面的问题，最好能提供最小复现示例的代码、或者仓库链接`
-### 报错截图
+### 3.报错截图
 `请贴出报错日志截图`
-### 效果截图
+### 4、效果截图
 `请贴出效果截图`
-#### 1. 期望效果
+#### 4.1. 期望效果
 #### 2. 实际效果
 #### 4.2. 实际效果
@@ -0,0 +1,24 @@
 ---
 name: Feature Request
 about: 新需求、新特性申请支持
 title: "[Feature] "
 labels: feature
 ---
 > > 感谢您支持certd，请按如下规范提交issue
 > 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
 # 新特性申请
 >注意：这里仅供如果是要申请新的部署插件，请提交插件申请
 ## 1. 需求描述，需求背景
 `请在此处简要描述你所遇到的问题，必要时请贴出相关截图辅助理解`
 ## 2. 期望效果
 `必要时可以截图描述你的期望效果`
 ## 3. 你的解决方案
 `如果你有解决方案，请描述你的方案`
@@ -1,79 +0,0 @@
 name: build-image-for-test
 on:
  push:
    branches: ['v2-dev']
    paths:
      - "build-dev.trigger"
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
 permissions:
  contents: read
 jobs:
  build-certd-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: v2-dev
      - name: get_certd_version
        id: get_certd_version
        uses: actions/github-script@v6
        with:
          result-encoding: string
          script: |
            const fs = require('fs');
            const path = require('path');
            const pnpmWorkspace = "./pnpm-workspace.yaml";
            fs.unlinkSync(pnpmWorkspace)
            const jsonFilePath = "./packages/ui/certd-server/package.json";
            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
            const pkg = JSON.parse(jsonContent)
            console.log("certd_version:",pkg.version);
            return pkg.version
 #      - name: Use Node.js
 #        uses: actions/setup-node@v4
 #        with:
 #          node-version: 18
 #          cache: 'npm'
 #        working-directory: ./packages/ui/certd-client
      - run: |
          npm install -g pnpm@8.15.7
          pnpm install
          npm run build
        working-directory: ./packages/ui/certd-client
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to aliyun container Registry
        uses: docker/login-action@v3
        with:
          registry: registry.cn-shenzhen.aliyuncs.com
          username: ${{ secrets.aliyun_cs_username }}
          password: ${{ secrets.aliyun_cs_password }}
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.dockerhub_username }}
          password: ${{ secrets.dockerhub_password }}
      - name: Build default platforms
        uses: docker/build-push-action@v6
        with:
          platforms: linux/amd64,linux/arm64
          push: true
          context: ./packages/ui/
          tags: |
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-dev:latest
            greper/certd-dev:latest
@@ -3,13 +3,14 @@ on:
  push:
    branches: ['v2-dev']
    paths:
-      - "build.trigger"
+      - "trigger/build.trigger"
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
 permissions:
  contents: read
  packages: write
 jobs:
  build-certd-image:
@@ -43,7 +44,7 @@ jobs:
 #          cache: 'npm'
 #        working-directory: ./packages/ui/certd-client
      - run: |
-          npm install -g pnpm@8.15.7
+          npm install -g pnpm
          pnpm install
          npm run build
        working-directory: ./packages/ui/certd-client
@@ -61,6 +62,13 @@ jobs:
          username: ${{ secrets.aliyun_cs_username }}
          password: ${{ secrets.aliyun_cs_password }}
      - name: Login to GitHub Packages
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
@@ -74,31 +82,4 @@ jobs:
          push: true
          context: ./packages/ui/
          tags: |
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}
            greper/certd:latest
            greper/certd:${{steps.get_certd_version.outputs.result}}
 #      - name: Build armv7
 #        uses: docker/build-push-action@v6
 #        with:
 #          platforms: linux/arm/v7
 #          push: true
 #          context: ./packages/ui/
 #          tags: |
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-armv7
 #            greper/certd:armv7
 #            greper/certd:${{steps.get_certd_version.outputs.result}}-armv7
 #      - name: Build agent
 #        uses: docker/build-push-action@v6
 #        with:
 #          platforms: linux/amd64,linux/arm64
 #          push: true
 #          context: ./packages/ui/agent/
 #          tags: |
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:latest
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:${{steps.get_certd_version.outputs.result}}
 #            greper/certd-agent:latest
 #            greper/certd-agent:${{steps.get_certd_version.outputs.result}}
@@ -3,12 +3,13 @@ on:
  push:
    branches: ['v2-dev']
    paths:
-      - "deploy.trigger"
+      - "trigger/deploy.trigger"
  workflow_run:
    workflows: [ "build-image" ]
    types:
      - completed
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -54,14 +55,3 @@ jobs:
          retry-count: 3
          retry-delay: 5000
      - name: deploy-certd-doc
        uses: tyrrrz/action-http-request@master
        with:
          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
          method: POST
          body: |
            {}
          headers: |
            Content-Type: application/json
          retry-count: 3
          retry-delay: 5000
@@ -0,0 +1,131 @@
 name: build-image-for-release
 on:
  push:
    branches: ['v2-dev']
    paths:
      - "trigger/release.trigger"
 #  workflow_run:
 #    workflows: [ "deploy-demo" ]
 #    types:
 #      - completed
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
 permissions:
  contents: read
  packages: write
 jobs:
  build-certd-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true
      - name: get_certd_version
        id: get_certd_version
        uses: actions/github-script@v6
        with:
          result-encoding: string
          script: |
            const fs = require('fs');
            const path = require('path');
            const pnpmWorkspace = "./pnpm-workspace.yaml";
            fs.unlinkSync(pnpmWorkspace)
            const jsonFilePath = "./packages/ui/certd-server/package.json";
            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
            const pkg = JSON.parse(jsonContent)
            console.log("certd_version:",pkg.version);
            return pkg.version
 #      - name: Use Node.js
 #        uses: actions/setup-node@v4
 #        with:
 #          node-version: 18
 #          cache: 'npm'
 #        working-directory: ./packages/ui/certd-client
      - run: |
          npm install -g pnpm
          pnpm install
          npm run build
        working-directory: ./packages/ui/certd-client
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to aliyun container Registry
        uses: docker/login-action@v3
        with:
          registry: registry.cn-shenzhen.aliyuncs.com
          username: ${{ secrets.aliyun_cs_username }}
          password: ${{ secrets.aliyun_cs_password }}
      - name: Login to GitHub Packages
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.dockerhub_username }}
          password: ${{ secrets.dockerhub_password }}
      - name: Build default platforms
        uses: docker/build-push-action@v6
        with:
          platforms: linux/amd64,linux/arm64
          push: true
          context: ./packages/ui/
          tags: |
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}
            greper/certd:latest
            greper/certd:${{steps.get_certd_version.outputs.result}}
            ghcr.io/${{ github.repository }}:latest
            ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}
      - name: Build armv7
        uses: docker/build-push-action@v6
        with:
          platforms: linux/arm/v7
          push: true
          context: ./packages/ui/
          tags: |
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7
            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-armv7
            greper/certd:armv7
            greper/certd:${{steps.get_certd_version.outputs.result}}-armv7
            ghcr.io/${{ github.repository }}:armv7
            ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}-armv7
 #      - name: Build agent
 #        uses: docker/build-push-action@v6
 #        with:
 #          platforms: linux/amd64,linux/arm64
 #          push: true
 #          context: ./packages/ui/agent/
 #          tags: |
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:latest
 #            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:${{steps.get_certd_version.outputs.result}}
 #            greper/certd-agent:latest
 #            greper/certd-agent:${{steps.get_certd_version.outputs.result}}
      - name: deploy-certd-doc
        uses: tyrrrz/action-http-request@master
        with:
          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
          method: POST
          body: |
            {}
          headers: |
            Content-Type: application/json
          retry-count: 3
          retry-delay: 5000
@@ -1,6 +1,5 @@
 ./packages/core/lego
 # IntelliJ project files
 .vscode/
 node_modules/
 npm-debug.log
 yarn-error.log
@@ -17,11 +16,12 @@ gen
 /test/*.private.*
 /*.log
 nohup.out
 /packages/ui/*/.idea
 /packages/ui/*/node_modules
 /packages/*/node_modules
-/pnpm-lock.yaml
+#/pnpm-lock.yaml
 tsconfig.tsbuildinfo
@@ -29,5 +29,5 @@ test/**/*.js
 /packages/ui/certd-server/data/db.sqlite
 /packages/ui/certd-server/data/keys.yaml
 /packages/pro/
-
+test.js
-test.js
+.history
@@ -1,2 +1,6 @@
 link-workspace-packages=deep
 prefer-workspace-packages=true
 better_sqlite3_binary_host=https://registry.npmmirror.com/-/binary/better-sqlite3
 better_sqlite3_binary_host_mirror=https://registry.npmmirror.com/-/binary/better-sqlite3
 better-sqlite3_binary_host=https://registry.npmmirror.com/-/binary/better-sqlite3
 better-sqlite3_binary_host_mirror=https://registry.npmmirror.com/-/binary/better-sqlite3
@@ -0,0 +1,73 @@
 {
    // 使用 IntelliSense 了解相关属性。 
    // 悬停以查看现有属性的描述。
    // 欲了解更多信息，请访问: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        {
            "name": "client",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-client",
            "runtimeExecutable": "pnpm",
            "runtimeArgs": ["dev"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen"
        },
        {
            "name": "server",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-server",
            "runtimeExecutable": "pnpm",
            "runtimeArgs": ["dev"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen"
        },
         {
            "name": "server-mysql",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-server",
            "runtimeExecutable": "pnpm",
            "runtimeArgs": ["dev-mysql"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen"
        },
         {
            "name": "server-pg",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-server",
            "runtimeExecutable": "pnpm",
            "runtimeArgs": ["dev-pg"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen"
        },
        {
            "name": "server-common",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-server",
            "runtimeExecutable": "pnpm",
            "runtimeArgs": ["dev-commpro"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen"
        },
        {
            "name": "server-local-plus",
            "type": "node",
            "request": "launch",
            "cwd": "${workspaceFolder}/packages/ui/certd-server",
            "runtimeExecutable": "npm",
            "runtimeArgs": ["run", "dev-localplus"],
            "console": "integratedTerminal",
            "internalConsoleOptions": "neverOpen",
            "env": {
                "plus_use_prod": "false",
                "PLUS_SERVER_BASE_URL": "http://127.0.0.1:11007"
            }
        }
    ]
 }
@@ -0,0 +1,8 @@
 {
    "eslint.debug": false,
    "eslint.format.enable": true,
    "typescript.tsc.autoDetect": "watch",
    "git.scanRepositories": [
        "./packages/pro"
    ]
 }
@@ -0,0 +1,52 @@
 {
    "version": "2.0.0",
    "tasks": [
        {
            "label": "启动Client",
            "type": "shell",
            "command": "npm",
            "args": ["run", "dev"],
            "options": {
                "cwd": "${workspaceFolder}/packages/ui/certd-client"
            },
            "group": {
                "kind": "build",
                "isDefault": true
            },
            "presentation": {
                "echo": true,
                "reveal": "always",
                "focus": false,
                "panel": "shared"
            }
        },
        {
            "label": "启动Server",
            "type": "shell",
            "command": "npm",
            "args": ["run", "dev"],
            "options": {
                "cwd": "${workspaceFolder}/packages/ui/certd-server"
            },
            "group": {
                "kind": "build",
                "isDefault": true
            },
            "presentation": {
                "echo": true,
                "reveal": "always",
                "focus": false,
                "panel": "shared"
            }
        },
        {
            "label": "同时启动Client和Server",
            "dependsOn": ["启动Client", "启动Server"],
            "group": {
                "kind": "build",
                "isDefault": true
            },
            "problemMatcher": []
        }
    ]
 }
@@ -1,24 +1,47 @@
 # Certd
-Certd 是一个免费全自动申请和自动部署更新SSL证书的管理系统。       
+中文 | [English](./README_en.md)
-后缀d取自linux守护进程的命名风格，意为证书守护进程。    
+
 Certd® 是一个免费的全自动证书管理系统，让你的网站证书永不过期。   
 后缀d取自linux守护进程的命名风格，意为证书守护进程
 >首创流水线申请部署证书模式，已被多个项目“借鉴”，被抄也是一种成功。
 > 关于证书续期：
 >* 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
 >* 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 >* 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 > 流水线数量现已调整为无限制，欢迎大家使用
 **************************************************************************************************
                   🔥🔥🔥永久专业版上线，双11活动火热进行中🔥🔥🔥
       赶快升级到最新版点击右上角金色VIP按钮，点击立即赞助，看看你的优惠券金额是多少？
 **************************************************************************************************
 关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
-* 全自动申请证书（支持所有注册商注册的域名）
+* 全自动申请证书（支持所有注册商注册的域名，支持DNS-01、HTTP-01、CNAME代理等多种域名验证方式）
-* 全自动部署更新证书（目前支持部署到主机、阿里云、腾讯云等，目前已支持40+部署插件）
+* 全自动部署更新证书（目前支持部署到主机、阿里云、腾讯云等70+部署插件）
 * 支持通配符域名/泛域名，支持多个域名打到一个证书上，支持pem、pfx、der、jks等多种证书格式
-* 邮件通知、webhook通知
+* 邮件通知、webhook通知、企微、钉钉、飞书、anpush等多种通知方式
-* 私有化部署，数据保存本地，授权信息加密存储，镜像由Github Actions构建，过程公开透明
+* 私有化部署，数据保存本地，安装简单快捷，镜像由Github Actions构建，过程公开透明
-* 支持SQLite，PostgreSQL、MySQL数据库
+* 授权加密，站点隐藏，2FA，密码防爆破等多重安全保障
 * 支持SQLite，PostgreSQL、MySQL多种数据库
 * 开放接口支持
 * 站点证书监控
 * 多用户管理
 * 多语言支持（中英双语切换）
 * 各版本向下兼容，一键无忧升级
->
+  ![](./docs/images/intro/intro.svg)
-> 流水线数量现已调整为无限制，欢迎大家使用
+
 >
 ## 二、在线体验
@@ -57,7 +80,7 @@ https://certd.handfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
-更多教程请访问文档网站 [certd.docmirror.cn](https://certd.docmirror.cn/)
+更多教程请访问官方文档 [certd.docmirror.cn](https://certd.docmirror.cn/guide/)
@@ -67,10 +90,12 @@ https://certd.handfree.work/
 您可以根据实际情况从如下方式中选择一种方式进行私有化部署：
-1. [宝塔面板方式部署](https://certd.docmirror.cn/guide/install/docker/)
+1. 【推荐】[Docker方式部署 ](https://certd.docmirror.cn/guide/install/docker/)
-2. [1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
+2. 【推荐】[宝塔面板方式部署 ](https://certd.docmirror.cn/guide/install/docker/)
-3. [Docker方式部署](https://certd.docmirror.cn/guide/install/docker/)
+3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
-4. [源码方式部署](https://certd.docmirror.cn/guide/install/source/)
+4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) ： 首充翻倍，每月仅需2.2元    
 [<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
 5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
 #### Docker镜像说明：
 * 国内镜像地址:
@@ -80,103 +105,45 @@ https://certd.handfree.work/
  * `https://hub.docker.com/r/greper/certd`
  * `greper/certd:latest`
  * `greper/certd:armv7`、`greper/certd:[version]-armv7`
 * GitHub Packages地址:
  * `ghcr.io/certd/certd:latest`
  * `ghcr.io/certd/certd:armv7`、`ghcr.io/certd/certd:[version]-armv7`
 * 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
  * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
 ![](./docs/images/action/action-build.jpg)
-
+> 注意：
-## 五、 升级
+> * 本应用存储的证书、授权信息等属于高度敏感数据，请做好安全防护
-如果使用固定版本号
+> * 请务必使用HTTPS协议访问本应用，避免被中间人攻击
-1. 修改`docker-compose.yaml`中的镜像版本号
+> * 请务必使用web应用防火墙防护本应用，防止XSS、SQL注入等攻击
-2. 运行`docker compose up -d` 即可
+> * 请务必做好服务器本身的安全防护，防止数据库泄露
-
+> * 请务必做好数据备份，避免数据丢失
-如果需要使用最新版本
+> * [更多安全生产建议点我](https://certd.docmirror.cn/guide/feature/safe/)
 ```shell
 #重新拉取镜像
 docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 # 重新启动容器
 docker compose down
 docker compose up -d
 ```
 关于自动升级(仅限尝鲜建议非生产使用)
 ```yaml
 version: '3.3'
 services:
  certd:
    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
    container_name: certd
    restart: unless-stopped
    volumes:
      - /data/certd:/app/data
    ports:
      - "7001:7001"
      - "7002:7002"
    # 如果需要修改系统配置，可以通过环境变量传递；初次运行请保持默认配置
    environment:
      - certd_system_resetAdminPasswd=false
    # 如果需要切换数据库类型，可以在此处设置为mysql或postgres
    # - certd_typeorm_dataSource_default_type=mysql
    # - certd_typeorm_dataSource_default_host=localhost
    # - certd_typeorm_dataSource_default_port=3306
    # - certd_typeorm_dataSource_default_username=root
    # - certd_typeorm_dataSource_default_password=123456
    # - certd_typeorm_dataSource_default_database=certd
    labels:
      com.centurylinklabs.watchtower.enable: "true"
  certd-updater:  # 添加 Watchtower 服务
    image: containrrr/watchtower:latest
    container_name: certd-updater
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    # 配置 自动更新
    environment:
      - WATCHTOWER_CLEANUP=true            # 自动清理旧版本容器
      - WATCHTOWER_INCLUDE_STOPPED=false   # 不更新已停止的容器
      - WATCHTOWER_LABEL_ENABLE=true       # 根据容器标签进行更新
      - WATCHTOWER_POLL_INTERVAL=300       # 每 5 分钟检查一次更新
 # 如果需要支持 IPv6，请取消以下注释
 # networks:
 #   ip6net:
 #     enable_ipv6: true
 #     ipam:
 #       config:
 #         - subnet: 2001:db8::/64
 ```
 > 数据默认存在`/data/certd`目录下，不用担心数据丢失   
-更新日志： [CHANGELOG](./CHANGELOG.md)
+## 五、生态
 ###  1.  客户端工具 SSL-Assistant
 `SSL Assistant` 是一个运行于主机上的证书部署管理助手客户端。    
 支持自动扫描主机`Nginx`配置，然后从`Certd`拉取证书并部署。     
 在不想暴露ssh主机密码情况下，该工具非常好用。
 开源地址： https://github.com/Youngxj/SSL-Assistant
-## 六、一些说明
+## 六、更多帮助
-* 本项目ssl证书提供商为letencrypt/Google/ZeroSSL
+请访问官方文档：[https://certd.docmirror.cn/](https://certd.docmirror.cn/guide/)
-* 申请过程遵循acme协议
+
-* 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
+* 升级方法：[升级方法](https://certd.docmirror.cn/guide/install/upgrade/)
-  * http-01： 在网站根目录下放置一份txt文件
+* 常见问题：[忘记密码](https://certd.docmirror.cn/guide/use/forgotpasswd/)
-  * dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式
+* 多数据库：[多数据库配置](https://certd.docmirror.cn/guide/install/database/)
-* 证书续期：
+* 站点安全：[站点安全特性](https://certd.docmirror.cn/guide/feature/safe/)
-  * 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
+* 更新日志：[CHANGELOG](./CHANGELOG.md)
  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前35天，会自动重新申请证书并部署
-## 七、不同平台的设置说明
+## 七、联系作者
 * 已迁移到新的文档网站，请到常见问题章节查看
 * [最新文档站链接 https://certd.docmirror.cn](https://certd.docmirror.cn/)
 ## 八、问题处理
 ### 7.1 忘记管理员密码   
 [重置管理员密码方法](https://certd.docmirror.cn/guide/use/forgotpasswd/)
 ## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
 | 加群 | 微信群 | QQ群 |
@@ -190,58 +157,56 @@ services:
 | 二维码 | <img height="230" src="./docs/guide/contact/images/me.png"> |
-## 十、捐赠
+## 八、捐赠
 ************************
-支持开源，为爱发电，我已入驻爱发电   
+开源为什么要做专业版收费？
-https://afdian.com/a/greper
+1. 纯靠为爱发电不可持续（比如：我的dev-sidecar项目即便是拥有20K+star,也差点凉凉，幸亏有另外大佬接手用爱发电）    
 2. 没有赞助的项目，作者不会用心倾听用户的心声，不顾用户体验（比如：下意识拒绝需求、频繁破坏性变更升级、全盘推倒重来之类的） 
 3. 没有赞助的项目，交流群的戾气有时候比较重，容易起冲突 
 发电权益：
 1. 可加入发电专属群，可以获得作者一对一技术支持
 2. 您的需求我们将优先实现，并且将作为专业版功能提供
 3. 一年期专业版激活码
 4. 赠送国外免费服务器部署方案（0成本使用Certd，可能需要翻墙，不过现在性能越来越差了）
 专业版特权对比
-| 功能   | 基础版             | 专业版               |
+| 功能      | 免费版                                   | 专业版                            |
-|------|-----------------|-------------------|
+|---------|---------------------------------------|--------------------------------|
-| 免费证书申请 | 免费无限制           | 无限制               |
+| 免费证书申请  | 免费无限制                                 | 免费无限制                          |
-| 域名数量 | 免费无限制           | 无限制               |
+| 域名数量 | 无限制                                   | 无限制                            |
-| 证书流水线条数 | 免费无限制           | 无限制               |
+| 证书流水线条数 | 无限制                                   | 无限制                            |
-| 站点证书监控 | 1条              | 无限制               |
+| 站点证书监控  | 限制1条                                  | 无限制                            |
-| 自动部署插件 | 阿里云、腾讯云、七牛云、SSH | 支持群晖、宝塔、1Panel等，持续开发中 |
+| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署、宝塔、1Panel等大部分插件 | 群晖                             |
-| 通知   | 邮件、webhook      | server酱、企微、anpush等 |
+| 通知      | 邮件通知、自定义webhook                       | 邮件免配置、企微、钉钉、飞书、anpush、server酱等 |
 ************************
 ## 十一、贡献代码
-1. 本地开发 [贡献插件](https://certd.docmirror.cn/guide/development/)
+## 九、贡献代码
 1. 本地开发请参考 [贡献插件向导](https://certd.docmirror.cn/guide/development/)
 2. 作为贡献者，代表您同意您贡献的代码如下许可：
   1. 可以调整开源协议以使其更严格或更宽松。
   2. 可以用于商业用途。
 感谢以下贡献者做出的贡献。
 <a href="https://github.com/certd/certd/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=certd/certd" />
 </a>
-## 十二、 开源许可
+## 十、 开源许可
 * 本项目遵循 GNU Affero General Public License（AGPL）开源协议。   
 * 允许个人和公司内部自由使用、复制、修改和分发本项目，未获得商业授权情况下禁止任何形式的商业用途 
 * 未获得商业授权情况下，禁止任何对logo、版权信息及授权许可相关代码的修改。
 * 如需商业授权，请联系作者。
 ## 十三、我的其他项目（求Star）
-| 项目名称                                                    | stars                                                                                                 | 项目描述                              | 
+## 十一、我的其他项目（求Star）
-|---------------------------------------------------------|-------------------------------------------------------------------------------------------------------|-----------------------------------|
+
-| [袖手AI](https://ai.handsfree.work/)                    |                                                                                                       | 袖手GPT，国内可用，无需FQ，每日免费额度            | 
+| 项目名称 | stars  | 项目描述  | 
 | --------- |--------- |----------- |
 | [fast-crud](https://gitee.com/fast-crud/fast-crud/)     | <img alt="GitHub stars" src="https://img.shields.io/github/stars/fast-crud/fast-crud?logo=github"/>   | 基于vue3的crud快速开发框架                 |  
-| [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | 直连访问github工具，无需FQ，解决github无法访问的问题 |                       
+| [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | 直连访问github工具，无需FQ，解决github无法访问的问题 |
 ## 十四、更新日志
 更新日志：[CHANGELOG](./CHANGELOG.md)
@@ -0,0 +1,185 @@
 # Certd
 [中文](./README.md) | English
 Certd® is a free, fully automated certificate management system that ensures your website certificates never expire. The suffix 'd' is inspired by the naming convention of Linux daemons, representing a certificate daemon.
 > We pioneered the pipeline-based certificate application and deployment model, which has been "referenced" by multiple projects. Being copied is also a form of success.
 > Regarding certificate renewal:
 >* In fact, it's impossible to renew or reissue a certificate without modifying the certificate file itself.
 >* What we refer to as renewal is essentially applying for a new certificate following the full process and redeploying it.
 >* Free certificates expire in 90 days, which may be shortened in the future. Therefore, automated deployment is essential.
 > The number of pipelines is now unlimited. Welcome to use it.
 ## 1. Features
 This project not only supports automated certificate application but also automated certificate deployment and updates, ensuring your certificates never expire.
 * Fully automated certificate application (supports domains registered with all registrars and multiple domain verification methods such as DNS-01, HTTP-01, and CNAME proxy).
 * Fully automated certificate deployment and updates (currently supports deployment to over 70 plugins, including hosts, Alibaba Cloud, Tencent Cloud, etc.).
 * Supports wildcard domains/pan-domains, allows multiple domains in a single certificate, and supports various certificate formats such as pem, pfx, der, and jks.
 * Multiple notification methods, including email, webhook, WeChat Work, DingTalk, Lark, and anpush.
 * On-premises deployment, local data storage, simple and quick installation. Images are built by Github Actions, with a transparent process.
 * Multiple security measures, including authorization encryption, site hiding, 2FA, and password brute-force protection.
 * Supports multiple databases such as SQLite, PostgreSQL, and MySQL.
 * Open API support.
 * Site certificate monitoring.
 * Multi-user management.
 * Multi-language support (Chinese and English switching).
 * Downward compatibility across all versions, with one-click worry-free upgrades.
  ![](./docs/images/intro/intro.svg)
 ## 2. Online Experience
 Visit the official demo site and register to experience it.
 https://certd.handfree.work/
 > Note: Data will be cleaned up irregularly, and scheduled tasks may be stopped. For production use, please deploy it yourself.
 > The content contains sensitive information. Make sure to deploy it locally for production use.
 ![Home Page](./docs/images/start/home.png)
 ## 3. Usage Tutorial
 Just 3 steps to ensure your certificates never expire.
 ### 1. Create a Certificate Pipeline
 ![Demonstration](packages/ui/certd-client/public/static/doc/images/1-add.png)
 > After successful addition, you can directly run the pipeline to apply for a certificate.
 ### 2. Add a Deployment Task
 Normally, we need to deploy certificates to applications. Certd supports a wide range of deployment plugins. You can choose based on your needs, such as deploying to Nginx, Alibaba Cloud, Tencent Cloud, K8S, CDN, Baota, 1Panel, etc.
 Here's a demonstration of deploying certificates to a host's Nginx:
 ![Demonstration](packages/ui/certd-client/public/static/doc/images/5-1-add-host.png)
 If the current deployment plugins don't meet your needs, you can also download them manually and deploy them yourself.
 ![Demonstration](packages/ui/certd-client/public/static/doc/images/13-3-download.png)
 ### 3. Run Scheduled Tasks
 ![Demonstration](packages/ui/certd-client/public/static/doc/images/12-1-log-success.png)
 ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
 -------> [Click here to view detailed usage steps](./step.md) <--------
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
 For more tutorials, please visit the official documentation [certd.docmirror.cn](https://certd.docmirror.cn/guide/).
 ## 4. On-Premises Deployment
 Since certificates, authorization information, and other data are highly sensitive, please make sure to deploy them on-premises to ensure data security.
 You can choose one of the following deployment methods based on your needs:
 1. 【Recommended】[Docker Deployment](https://certd.docmirror.cn/guide/install/docker/)
 2. 【Recommended】[BT Panel Deployment](https://certd.docmirror.cn/guide/install/docker/)
 3. 【Recommended】[1Panel Deployment](https://certd.docmirror.cn/guide/install/1panel/)
 4. 【Recommended】[Rainyun One-Click Deployment](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2_): Double your first recharge, only $2.2 per month.
 [<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2_)
 5. 【Not Recommended】[Source Code Deployment](https://certd.docmirror.cn/guide/install/source/)
 #### Docker Image Information:
 * Domestic Image Addresses:
  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`, `[version]-armv7`
 * DockerHub Addresses:
  * `https://hub.docker.com/r/greper/certd`
  * `greper/certd:latest`
  * `greper/certd:armv7`, `greper/certd:[version]-armv7`
 * GitHub Packages Addresses:
  * `ghcr.io/certd/certd:latest`
  * `ghcr.io/certd/certd:armv7`, `ghcr.io/certd/certd:[version]-armv7`
 * Images are built automatically by `Actions`, with a transparent process. Please use them with confidence.
  * [Click here to view image build logs](https://github.com/certd/certd/actions/workflows/build-image.yml)
 ![](./docs/images/action/action-build.jpg)
 > Note:
 > * The certificates, authorization information, and other data stored in this application are highly sensitive. Please take appropriate security measures.
 > * Make sure to use the HTTPS protocol to access this application to avoid man-in-the-middle attacks.
 > * Make sure to use a web application firewall to protect this application from attacks such as XSS and SQL injection.
 > * Make sure to secure the server itself to prevent database leakage.
 > * Make sure to back up your data to avoid data loss.
 > * [Click here for more production safety suggestions](https://certd.docmirror.cn/guide/feature/safe/)
 ## 5. Ecosystem
 ### 1. Client Tool: SSL-Assistant
 `SSL Assistant` is a certificate deployment and management assistant client that runs on hosts. It supports automatic scanning of the host's `Nginx` configuration and pulling certificates from `Certd` for deployment. This tool is very useful when you don't want to expose your SSH host password.
 Open-source Address: https://github.com/Youngxj/SSL-Assistant
 ## 6. More Help
 Please visit the official documentation: [https://certd.docmirror.cn/](https://certd.docmirror.cn/guide/).
 * Upgrade Method: [Upgrade Guide](https://certd.docmirror.cn/guide/install/upgrade/)
 * Common Issues: [Forgot Password](https://certd.docmirror.cn/guide/use/forgotpasswd/)
 * Multi-Database: [Multi-Database Configuration](https://certd.docmirror.cn/guide/install/database/)
 * Site Security: [Site Security Features](https://certd.docmirror.cn/guide/feature/safe/)
 * Changelog: [CHANGELOG](./CHANGELOG.md)
 ## 7. Contact the Author
 If you have any questions, feel free to join the group chat (please mention 'certd' in your message).
 | Join Group | WeChat Group | QQ Group |
 |---------|-------|-------|
 | QR Code | <img height="230" src="./docs/guide/contact/images/wx.png"> | <img height="230" src="./docs/guide/contact/images/qq.png"> |
 You can also add the author as a friend.
 | Add Author as Friend | WeChat QQ |
 |---------|-------|-------|
 | QR Code | <img height="230" src="./docs/guide/contact/images/me.png"> |
 ## 8. Donation
 ************************
 [![Sponsor](https://img.shields.io/badge/Sponsor-%E2%9D%A4-red)](https://github.com/sponsors/greper)
 ************************
 Support open-source projects and contribute with love. I've joined Afdian.
 https://afdian.com/a/greper
 Benefits of Contribution:
 1. Join the exclusive contributor group and get one-on-one technical support from the author.
 2. Your requests will be prioritized and implemented as professional edition features.
 3. Receive a one-year professional edition activation code.
 Comparison of Professional Edition Privileges:
 | Feature | Free Edition | Professional Edition |
 |---------|---------------------------------------|--------------------------------|
 | Free Certificate Application | Unlimited for free | Unlimited for free |
 | Number of Domains | Unlimited | Unlimited |
 | Number of Certificate Pipelines | Unlimited | Unlimited |
 | Site Certificate Monitoring | Limited to 1 | Unlimited |
 | Automatic Deployment Plugins | Most plugins such as Alibaba Cloud CDN, Tencent Cloud, QiNiu CDN, Host Deployment, Baota, 1Panel | Synology |
 | Notifications | Email, Custom Webhook | Email without configuration, WeChat Work, DingTalk, Lark, anpush, ServerChan, etc. |
 ************************
 ## 9. Contribute Code
 1. For local development, please refer to the [Plugin Contribution Guide](https://certd.docmirror.cn/guide/development/).
 2. As a contributor, you agree that your contributed code is subject to the following license:
   1. The open-source license can be adjusted to be more or less restrictive.
   2. It can be used for commercial purposes.
 Thank you to the following contributors.
 <a href="https://github.com/certd/certd/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=certd/certd" />
 </a>
 ## 10. Open-Source License
 * This project follows the GNU Affero General Public License (AGPL).
 * Individuals and companies are allowed to use, copy, modify, and distribute this project freely for internal use. Any form of commercial use is prohibited without obtaining commercial authorization.
 * Without commercial authorization, any modification of the logo, copyright information, and license-related code is prohibited.
 * For commercial authorization, please contact the author.
 ## 11. My Other Projects (Please Star)
 | Project Name | Stars | Project Description |
 |----------------|---------------|--------------|
 | [fast-crud](https://gitee.com/fast-crud/fast-crud/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/fast-crud/fast-crud?logo=github"/> | A fast CRUD development framework based on Vue3. |
 | [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | A tool to access GitHub directly without a VPN, solving the problem of inaccessible GitHub. |
@@ -1 +0,0 @@
 1
@@ -1 +0,0 @@
 01:06
@@ -1 +0,0 @@
 5
@@ -1,19 +1,26 @@
 version: '3.3' # 兼容旧版docker-compose
 services:
  certd:
-    # 镜像                                                  #  ↓↓↓↓↓ ---- 镜像版本号，建议改成固定版本号
+    # 镜像                                                  #  ↓↓↓↓↓ ---- 镜像版本号，建议改成固定版本号,例如：certd:1.29.0
    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
    # image: ghcr.io/certd/certd:latest                    #   --------- 如果 报镜像not found，可以尝试其他镜像源
    # image: greper/certd:latest
    container_name: certd # 容器名
    restart: unless-stopped # 自动重启
    volumes:
      #   ↓↓↓↓↓ -------------------------------------------------------- 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下，【您需要定时备份此目录，以保障数据容灾】
      #                                                                  只要修改冒号前面的，冒号后面的/app/data不要动
      - /data/certd:/app/data
      #- /volume1/docker/certd:/app/data:delegated  #群晖使用这个配置
      #   ↓↓↓↓↓ -------------------------------------------------------- 如果走时不准，考虑挂载localtime文件
      #- /etc/localtime:/etc/localtime
      #- /etc/timezone:/etc/timezone
    ports: # 端口映射
-      #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号
+      #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号，第二个7001不要动
      - "7001:7001"
      #  ↓↓↓↓ ---------------------------------------------------------- https端口，可以根据实际情况，是否暴露该端口
      - "7002:7002"
-    #↓↓↓↓ -------------------------------------------------------------- 如果出现getaddrinfo ENOTFOUND错误，可以尝试设置dns
+    #↓↓↓↓ -------------------------------------------------------------- 如果出现getaddrinfo EAI_AGAIN 或 getaddrinfo ENOTFOUND 错误，可以尝试设置dns
 #    dns:
 #      - 223.5.5.5      # 阿里云公共dns
 #      - 223.6.6.6
@@ -25,14 +32,25 @@ services:
 #      - 8.8.4.4
 #    extra_hosts:
 #        # ↓↓↓↓ -------------------------------------------------------- 这里可以配置自定义hosts，外网域名可以指向本地局域网ip地址
-#      - "localdomain.comm:192.168.1.3"
+#      - "localdomain.com:192.168.1.3"
-
+#        #         ↓↓↓↓ ------------------------------------------------ 直接使用主机的网络，如果网络问题实在找不到原因，可以尝试打开此参数
 #    network_mode: host
    labels:
      com.centurylinklabs.watchtower.enable: "true"
 #    ↓↓↓↓ -------------------------------------------------------------- 启用ipv6网络，还需要把下面networks的注释放开
 #    networks:
 #      - ip6net
    environment:
 #             ↓↓↓↓ ----------------------------------------------------- 使用上海东八时区
      - TZ=Asia/Shanghai
 #     设置环境变量即可自定义certd配置
 #     配置项见： packages/ui/certd-server/src/config/config.default.ts
 #     配置规则： certd_ + 配置项, 点号用_代替
-#                                    #↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
+#                                    #↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，docker compose up -d 重建容器之后，管理员密码将改成123456，然后请及时修改回false
      - certd_system_resetAdminPasswd=false
                        # ↓↓↓ 要使用ipv6，将此配置修改为::
      - certd_koa_hostname=0.0.0.0
 #     默认使用sqlite文件数据库，如果需要使用其他数据库，请设置以下环境变量
 #     注意： 选定使用一种数据库之后，不支持更换数据库。
 #     数据库迁移方法：1、使用新数据库重新部署一套，然后将旧数据同步过去，注意flyway_history表的数据不要同步
@@ -54,13 +72,22 @@ services:
 #      - certd_typeorm_dataSource_default_password=yourpasswd            # 密码
 #      - certd_typeorm_dataSource_default_database=certd                 # 数据库名
 #         ↓↓↓↓ ---------------------------------------------------------  自动升级，上面certd的版本号要保持为latest
 #  certd-updater:  # 添加 Watchtower 服务
 #    image: containrrr/watchtower:latest
 #    container_name: certd-updater
 #    restart: unless-stopped
 #    volumes:
 #      - /var/run/docker.sock:/var/run/docker.sock
 #    # 配置 自动更新
 #    environment:
 #      - WATCHTOWER_CLEANUP=true            # 自动清理旧版本容器
 #      - WATCHTOWER_INCLUDE_STOPPED=false   # 不更新已停止的容器
 #      - WATCHTOWER_LABEL_ENABLE=true       # 根据容器标签进行更新
 #      - WATCHTOWER_POLL_INTERVAL=600       # 每 10 分钟检查一次更新
-
+#    ↓↓↓↓ -------------------------------------------------------------- 启用ipv6网络，还需要把上面networks的注释放开
 #    #↓↓↓↓ ------------------------------------------------------------- 启用ipv6网络
 #    networks:
 #      - ip6net
 #networks:
 #  ip6net:
 #    enable_ipv6: true
@@ -1,129 +1,156 @@
-import { defineConfig } from "vitepress";
+import {defineConfig} from "vitepress";
 // Import lightbox plugin
 import lightbox from "vitepress-plugin-lightbox";
 // https://vitepress.dev/reference/site-config
 export default defineConfig({
-  title: "Certd",
+    title: "Certd",
-  description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；证书自动化申请部署流水线；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
+    titleTemplate: "开源SSL证书管理工具，证书自动化申请部署，让你的网站证书永不过期",
-  markdown: {
+    description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；证书自动化申请部署流水线；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
-    config: (md) => {
+    markdown: {
-      // Use lightbox plugin
+        config: (md) => {
-      md.use(lightbox, {});
+            // Use lightbox plugin
-    }
+            md.use(lightbox, {});
-  },
+        }
-  head: [
+    },
-    // [
+    sitemap: {
-    //     'meta',
+        hostname: 'https://certd.docmirror.cn'
-    //     {
+    },
-    //         name: 'viewport',
+    head: [
-    //         content:
+        // [
-    //           'width=device-width,initial-scale=1,minimfast-cum-scale=1.0,maximum-scale=1.0,user-scalable=no',
+        //     'meta',
-    //     },
+        //     {
-    // ],
+        //         name: 'viewport',
-    ["meta", {
+        //         content:
-      name: "keywords",
+        //           'width=device-width,initial-scale=1,minimfast-cum-scale=1.0,maximum-scale=1.0,user-scalable=no',
-      content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署,SSL平台，证书管理平台，证书流水线"
+        //     },
-    }],
+        // ],
-    ["meta", { name: "google-site-verification",content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"}],
+        ["meta", {
-      //<meta name="baidu-site-verification" content="codeva-MiWN8Y07Ua" />
+            name: "keywords",
-    ["meta", {name: "baidu-site-verification",content: "codeva-MiWN8Y07Ua"}],
+            content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署,SSL平台，证书管理平台，证书流水线"
-    ["link", { rel: "icon", href: "/static/logo/logo.svg" }]
+        }],
-  ],
+        // ["meta", { name: "google-site-verification",content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"}],
-  themeConfig: {
+        //<meta name="baidu-site-verification" content="codeva-MiWN8Y07Ua" />
-    logo: "/static/logo/logo.svg",
+        // ["meta", {name: "baidu-site-verification",content: "codeva-MiWN8Y07Ua"}],
-    search: {
+        ["link", {rel: "icon", href: "/static/logo/logo.svg"}]
-      provider: "local",
+    ],
-      options: {
+    themeConfig: {
-        detailedView: true,
+        logo: "/static/logo/logo.svg",
-        translations: {
+        search: {
-          button: {
+            provider: "local",
-            buttonText: "搜索文档",
+            options: {
-            buttonAriaLabel: "搜索文档"
+                detailedView: true,
-          },
+                translations: {
-          modal: {
+                    button: {
-            noResultsText: "无法找到相关结果",
+                        buttonText: "搜索文档",
-            resetButtonTitle: "清除查询条件",
+                        buttonAriaLabel: "搜索文档"
-            footer: {
+                    },
-              selectText: "选择",
+                    modal: {
-              closeText: "关闭",
+                        noResultsText: "无法找到相关结果",
-              navigateText: "切换"
+                        resetButtonTitle: "清除查询条件",
                        footer: {
                            selectText: "选择",
                            closeText: "关闭",
                            navigateText: "切换"
                        }
                    }
                }
            }
          }
        }
      }
    },
    // https://vitepress.dev/reference/default-theme-config
    nav: [
      { text: "首页", link: "/" },
      { text: "指南", link: "/guide/" },
      { text: "Demo体验", link: "https://certd.handfree.work" }
    ],
    sidebar: {
      "/guide/": [
        {
          text: "入门",
          items: [
            { text: "简介", link: "/guide/" },
            { text: "快速开始", link: "/guide/start.md" },
            {
              text: "私有化部署",
              items: [
                { text: "docker部署", link: "/guide/install/docker/" },
                { text: "宝塔面板部署", link: "/guide/install/baota/" },
                { text: "1Panel部署", link: "/guide/install/1panel/" },
                { text: "群晖部署", link: "/guide/use/synology/" },
                { text: "源码部署", link: "/guide/install/source/" }
              ]
            },
            { text: "演示教程", link: "/guide/tutorial.md" },
            { text: "版本升级", link: "/guide/install/upgrade.md" }
          ]
        },
-        {
+        // https://vitepress.dev/reference/default-theme-config
-          text: "特性",
+        nav: [
-          items: [
+            {text: "首页", link: "/"},
-            { text: "CNAME代理校验", link: "/guide/feature/cname/index.md" },
+            {text: "指南", link: "/guide/"},
-            { text: "插件列表", link: "/guide/plugins.md" }
+            {text: "Demo体验", link: "https://certd.handfree.work"}
-          ]
+        ],
        sidebar: {
            "/guide/": [
                {
                    text: "入门",
                    items: [
                        {text: "简介", link: "/guide/"},
                        {text: "快速开始", link: "/guide/start.md"},
                        {
                            text: "私有化部署",
                            items: [
                                {text: "docker部署", link: "/guide/install/docker/"},
                                {text: "宝塔面板部署", link: "/guide/install/baota/"},
                                {text: "1Panel部署", link: "/guide/install/1panel/"},
                                {text: "群晖部署", link: "/guide/use/synology/"},
                                {text: "源码部署", link: "/guide/install/source/"}
                            ]
                        },
                        {text: "演示教程", link: "/guide/tutorial.md"},
                        {text: "版本升级", link: "/guide/install/upgrade.md"}
                    ]
                },
                {
                    text: "特性",
                    items: [
                        {text: "CNAME代理校验", link: "/guide/feature/cname/index.md"},
                        {text: "多数据库支持", link: "/guide/install/database.md"},
                        {text: "开放接口", link: "/guide/open/index.md"},
                        {
                            text: "站点安全",  link: "/guide/feature/safe/"
                        },
                        {
                            text: "插件列表", items: [
                                {text: "DNS提供商", link: "/guide/plugins/dns-provider.md"},
                                {text: "任务插件", link: "/guide/plugins/deploy.md"},
                                {text: "通知插件", link: "/guide/plugins/notification.md"},
                                {text: "授权提供商", link: "/guide/plugins/access.md"},
                            ]
                        },
                    ]
                },
                {
                    text: "常见问题",
                    items: [
                        {text: "QA", link: "/guide/qa/use.md"},
                        {text: "群晖证书部署", link: "/guide/use/synology/"},
                        {text: "腾讯云密钥获取", link: "/guide/use/tencent/"},
                        {text: "连接windows主机", link: "/guide/use/host/windows.md"},
                        {text: "Google EAB获取", link: "/guide/use/google/"},
                        {text: "阿里云相关", link: "/guide/use/aliyun/"},
                        {text: "忘记密码", link: "/guide/use/forgotpasswd/"},
                        {text: "数据备份", link: "/guide/use/backup/"},
                        {text: "Certd本身的证书更新", link: "/guide/use/https/index.md"},
                        {text: "js脚本插件使用", link: "/guide/use/custom-script/index.md"},
                        {text: "邮箱配置", link: "/guide/use/email/index.md"},
                        {text: "IPv6支持", link: "/guide/use/setting/ipv6.md"},
                        {text: "ESXi", link: "/guide/use/ESXi/index.md"},
                        {text: "宝塔动态IP白名单", link: "/guide/use/baota/white_list.md"},
                        {text: "子域名托管", link: "/guide/use/cert/subdomain.md"},
                    ]
                },
                {
                    text: "商业版配置", link: "/guide/use/comm/", items: [
                        {text: "支付宝配置", link: "/guide/use/comm/payments/alipay.md"},
                        {text: "微信支付配置", link: "/guide/use/comm/payments/wxpay.md"},
                        {text: "彩虹易支付配置", link: "/guide/use/comm/payments/yizhifu.md"},
                    ]
                },
                {
                    text: "其他",
                    items: [
                        {text: "贡献代码", link: "/guide/development/index.md"},
                        {text: "更新日志", link: "/guide/changelogs/CHANGELOG.md"},
                        {text: "镜像说明", link: "/guide/image.md"},
                        {text: "联系我们", link: "/guide/contact/"},
                        {text: "捐赠", link: "/guide/donate/"},
                        {text: "开源协议", link: "/guide/license/"},
                        {text: "我的其他开源项目", link: "/guide/link/"},
                    ]
                }
            ],
        },
        {
          text: "常见问题",
          items: [
            { text: "群晖证书部署", link: "/guide/use/synology/" },
            { text: "腾讯云密钥获取", link: "/guide/use/tencent/" },
            { text: "连接windows主机", link: "/guide/use/host/windows.md" },
            { text: "Google EAB获取", link: "/guide/use/google/" },
            { text: "阿里云相关", link: "/guide/use/aliyun/" },
            { text: "忘记密码", link: "/guide/use/forgotpasswd/" },
            { text: "数据备份", link: "/guide/use/backup/" },
            { text: "Certd本身的证书更新", link: "/guide/use/https/index.md" },
            { text: "js脚本插件使用", link: "/guide/use/custom-script/index.md" },
            { text: "邮箱配置", link: "/guide/use/email/index.md" },
            { text: "IPv6支持", link: "/guide/use/setting/ipv6.md" },
            { text: "如何贡献代码", link: "/guide/development/index.md" },
          ]
        },
        {
          text: "其他",
          items: [
            { text: "更新日志", link: "/guide/changelogs/CHANGELOG.md" },
            { text: "镜像说明", link: "/guide/image.md" },
            { text: "联系我们", link: "/guide/contact/" },
            { text: "捐赠", link: "/guide/donate/" },
            { text: "开源协议", link: "/guide/license/" },
            { text: "我的其他开源项目", link: "/guide/link/" },
-          ]
+        socialLinks: [
            {icon: "github", link: "https://github.com/certd/certd"}
        ],
        footer: {
            message: "Certd帮助文档 |  <a href='https://beian.miit.gov.cn/' target='_blank'>粤ICP备14088435号</a> ",
            copyright: "Copyright © 2021-present <a href='https://handfree.work/' target='_blank'>handfree.work</a> "
        }
      ]
    },
    socialLinks: [
      { icon: "github", link: "https://github.com/certd/certd" }
    ],
    footer: {
      message: "Certd帮助文档 |  <a href='https://beian.miit.gov.cn/' target='_blank'>粤ICP备14088435号</a> ",
      copyright: "Copyright © 2021-present <a href='https://handfree.work/' target='_blank'>handfree.work</a> "
    }
  }
 });
@@ -0,0 +1,88 @@
 # 授权插件Demo
 ```ts
 import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
 import { isDev } from '../../utils/env.js';
 /**
 * 这个注解将注册一个授权配置
 * 在certd的后台管理系统中，用户可以选择添加此类型的授权
 */
@IsAccess({
  name: 'demo',
  title: '授权插件示例',
  icon: 'clarity:plugin-line',
  desc: '',
 })
 export class DemoAccess extends BaseAccess {
  /**
   * 授权属性配置
   */
  @AccessInput({
    title: '密钥Id',
    component: {
      placeholder: 'demoKeyId',
    },
    required: true,
  })
  demoKeyId = '';
  /**
   * 授权属性配置
   */
  @AccessInput({
    //标题
    title: '密钥串',
    component: {
      //input组件的placeholder
      placeholder: 'demoKeySecret',
    },
    //是否必填
    required: true,
    //改属性是否需要加密
    encrypt: true,
  })
  //属性名称
  demoKeySecret = '';
 }
 new DemoAccess();
 ```
 # 阿里云授权
 ```ts
 import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
@IsAccess({
  name: "aliyun",
  title: "阿里云授权",
  desc: "",
  icon: "ant-design:aliyun-outlined",
  order: 0,
 })
 export class AliyunAccess extends BaseAccess {
  @AccessInput({
    title: "accessKeyId",
    component: {
      placeholder: "accessKeyId",
    },
    helper: "登录阿里云控制台->AccessKey管理页面获取。",
    required: true,
  })
  accessKeyId = "";
  @AccessInput({
    title: "accessKeySecret",
    component: {
      placeholder: "accessKeySecret",
    },
    required: true,
    encrypt: true,
    helper: "注意：证书申请需要dns解析权限；其他阿里云插件，需要对应的权限，比如证书上传需要证书管理权限；嫌麻烦就用主账号的全量权限的accessKey",
  })
  accessKeySecret = "";
 }
 new AliyunAccess();
 ```
@@ -28,7 +28,7 @@ packages:
 ### 安装依赖和初始化:
 ```shell
 # 安装pnpm，如果提示npm命令不存在，就需要先安装nodejs
-npm install -g pnpm@8.15.7 --registry=https://registry.npmmirror.com
+npm install -g pnpm--registry=https://registry.npmmirror.com
 # 使用国内镜像源，如果有代理，就不需要
 pnpm config set registry https://registry.npmmirror.com
@@ -36,19 +36,19 @@ pnpm config set registry https://registry.npmmirror.com
 pnpm install
 # 初始化构建
-npm run init
+pnpm init
 ```
 ### 启动 server:
 ```shell
 cd packages/ui/certd-server
-npm run dev
+pnpm dev
 ```
 ### 启动 client:
 ```shell
 cd packages/ui/certd-client
-npm run dev
+pnpm dev
 # 会自动打开浏览器，确认正常运行
@@ -7,16 +7,22 @@ https://afdian.com/a/greper
 1. 可加入发电专属群，可以获得作者一对一技术支持
 2. 您的需求我们将优先实现，并且将作为专业版功能提供
 3. 一年期专业版激活码
 4. 赠送国外免费服务器部署方案（0成本使用Certd，可能需要翻墙，不过现在性能越来越差了）
 ## 专业版特权对比
-| 功能      | 免费版                    | 专业版                   |
+| 功能      | 免费版                    | 专业版                         |
-|---------|------------------------|-----------------------|
+|---------|------------------------|-----------------------------|
-| 免费证书申请  | 免费无限制                  | 免费无限制                 |
+| 免费证书申请  | 免费无限制                  | 免费无限制                       |
-| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中 |
+| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中       |
-| 发邮件功能   | 需要配置                   | 免配置                   |
+| 证书流水线条数 | 无限制                    | 无限制                         |
-| 证书流水线条数 | 10条                    | 无限制                   |
+| 站点证书监控  | 限制1条                   | 无限制                         |
 | 通知      | 邮件通知、自定义webhook        | 邮件免配置、企微、飞书、anpush、server酱等 |
 ## 专业版激活方式
 ![](./images/plus.png)
 发电后，在私信中获取激活码
 ************************
@@ -0,0 +1,27 @@
 # 站点隐藏
 * 一般来说Certd设置好之后，很少需要访问。
 * 所以我们`平时`可以把`站点访问关闭`，需要的时候再打开，减少站点被攻击的风险    
 ## 1、开启站点隐藏
 `系统管理->系统设置->安全设置->站点隐藏 `  
 ![](./images/hidden1.png)
 :::warning  
 注意保存好`解除地址`和`解除密码`   
 ::: 
 ## 2、临时关闭站点隐藏
 访问上面的`解除地址`，输入`解除密码`，`临时解除`站点隐藏
 ![](./images/hidden2.png)
 ## 3、忘记解除地址和解除密码怎么办
 登录服务器，在数据库平级的目录下创建`.unhidden`命名的空白文件，即可临时解除站点隐藏       
 临时解除后会自动删除`.unhidden`文件，请尽快设置好新的`解除地址`和`解除密码`，并记住    
@@ -0,0 +1,49 @@
 # 安全特性
 Certd 存储了证书以及授权等敏感数据，所以需要严格保障安全。      
 我们提供了以下安全特性，以及安全生产建议（请遵照建议进行生产部署以保障数据安全）
 ## 一、站点安全特性
 ### 1、 授权数据加密存储【默认开启】
 * 所有的授权敏感字段会加密后存储
 * 每个用户独立维护授权数据，连管理员都无权查看
 ![星号部分为加密数据](./images/access.png)
 星号部分为加密数据
 ### 2、 密码防爆破【默认开启】
 * 登录失败次数过多，账号将被锁定，最高24小时(重启服务可解除锁定)
 * 用户登录密码加密hash后存储，无法计算出密码明文
  ![](./images/login.png)
 ### 3、站点隐藏【建议开启】
 * 一般来说Certd设置好之后，后续很少需要访问修改。
 * 所以我们平时可以把站点访问关闭，需要的时候再打开，减少站点被攻击的风险    
 * 请前往 `系统管理->系统设置->安全设置->开启站点隐藏`
  ![](./images/hidden.png)
 点击查看 [站点隐藏功能详细使用说明](./hidden/)
 ### 4、登录双重验证
 支持2FA双重认证
 ![](./images/2fa.png)
 ### 5、数据库自动备份【建议开启】
 * [自动备份设置说明](../../use/backup/)
 ## 二、安全生产建议
 尽管`Cert`本身实现了很多安全特性，但`外部环境的安全`仍需要您来确保。    
 请`务必`遵循如下建议做好安全防护
 * 请`务必`使用`HTTPS协议`访问本应用，避免被中间人攻击
 * 请`务必`使用`web应用防火墙`防护本应用，防止XSS、SQL注入等攻击
 * 请`务必`做好`服务器本身`的安全防护，防止数据库泄露
 * 请`务必`做好[`数据备份`](../../use/backup/)，避免数据丢失
 * 请`务必`修改管理员账号用户名，且建议将admin注册为普通用户，且设置为禁用。
 * 建议开启[`站点隐藏`](./hidden/)功能
@@ -9,6 +9,10 @@
 * `greper/certd:latest`
 * `greper/certd:armv7`、`greper/certd:[version]-armv7`
 ## GitHub Packages地址:
 * `ghcr.io/certd/certd:latest`
 * `ghcr.io/certd/certd:armv7`、`ghcr.io/certd/certd:[version]-armv7`
 * 
 ## 镜像构建公开
 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用   
 * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml)
@@ -6,29 +6,30 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
 关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具
-## 一、特性
+![首页](../images/start/home.png)
 ## 1、关于证书续期
 >* 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
 >* 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 >* 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 ## 2、项目特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。
-* 全自动申请证书（支持所有注册商注册的域名）
+* 全自动申请证书（支持所有注册商注册的域名，支持DNS-01、HTTP-01、CNAME代理等多种域名验证方式）
-* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等，目前已支持30+部署插件）
+* 全自动部署更新证书（目前支持部署到主机、阿里云、腾讯云等100+部署插件）
-* 支持通配符域名/泛域名，支持多个域名打到一个证书上
+* 支持通配符域名/泛域名，支持多个域名打到一个证书上，支持pem、pfx、der、jks等多种证书格式
-* 邮件通知
+* 邮件通知、webhook通知、企微、钉钉、飞书、anpush等多种通知方式
-* 私有化部署，保障数据安全
+* 私有化部署，数据保存本地，安装升级非常简单快捷
-* 支持SQLite、Postgresql、MySQL数据库
+* 镜像由Github Actions构建，过程公开透明
 * 授权加密，站点隐藏，2FA，密码防爆破等多重安全保障
 * 支持SQLite，PostgreSQL、MySQL多种数据库
 * 开放接口支持
 * 站点证书监控
 * 多用户管理
-## 二、一些说明
+  ![](../images/intro/intro.svg)
-* 本项目申请证书过程遵循acme协议
+
 * 需要验证域名所有权，一般有两种方式
    * http-01： 在网站根目录下放置一份txt文件
    * dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式（本项目仅支持dns-01）
 * 证书续期：
    * 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
    * 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前35天，会自动重新申请证书并部署
 ## 三、证书颁发机构对比
 * Let's Encrypt：申请最简单。
 * Google: 大厂光环，兼容性好，首次需要翻墙获取EAB。
 * ZeroSSL： 需要EAB，获取EAB无需翻墙。
@@ -19,7 +19,8 @@ https://1panel.cn/docs/installation/online_installation/
 3. 点击确定，启动容器   
   ![](./images/2.png)
-> 默认数据保存在`/data/certd`目录下，可以手动备份
+> 默认使用sqlite数据库，数据保存在`/data/certd`目录下，您可以手动备份该目录   
 > certd还支持`mysql`和`postgresql`数据库，[点我了解如何切换其他数据库](../database)
 3. 访问测试
@@ -10,42 +10,49 @@
 * 登录宝塔面板，在菜单栏中点击 Docker，首次进入会提示安装Docker服务，点击立即安装，按提示完成安装
 ### 2、部署certd
 以下两种方式任选一种：
-#### 2.1 应用商店一键部署【推荐】
+#### 2.1 应用商店方式一键部署【推荐】
-* 在应用商店中找到`certd`（要先点右上角更新应用）
+* 在宝塔Docker应用商店中找到`certd`（要先点右上角更新应用）
 * 点击安装，配置域名等基本信息即可完成安装
 > 需要宝塔9.2.0及以上版本才支持
-#### 2.2 容器编排部署
+#### 2.2 容器编排方式部署
-1. 打开`docker-compose.yaml`,整个内容复制下来    
+1. 打开`docker-compose.yaml`,整个内容复制下来
   https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
-然后到宝塔里面进到docker->容器编排->添加容器编排   
+然后到宝塔里面进到docker->容器编排->添加容器编排
-![](./images/1.png)   
+![](./images/1.png)
-点击确定，等待启动完成   
+点击确定，等待启动完成
 ![](./images/2.png)
 > certd默认使用sqlite数据库，另外支持`mysql`和`postgresql`数据库，[点我了解如何切换其他数据库](../database)
 ## 二、访问应用
-http://ip:7001    
+http://ip:7001
-https://ip:7002     
+https://ip:7002
-默认账号密码    
+默认账号密码
-admin/123456   
+admin/123456
 登录后请及时修改密码
 ## 三、如何升级
 宝塔升级certd非常简单
-`docker`->`容器编排`->`左侧选择Certd`->`更新镜像`
+打开容器页面： `docker`->`容器编排`->`左侧选择Certd`->`更新镜像`
 ![img.png](./images/upgrade.png)
 ## 四、数据备份
 部署方式不同，数据保存位置不同
 ### 4.1 应用商店部署方式
 点击进入安装路径，数据保存在`./data`目录下，可以手动备份
@@ -66,3 +73,15 @@ admin/123456
 ## 五、备份恢复
 将备份的`db.sqlite`及同目录下的其他文件一起覆盖到原来的位置，重启certd即可
 ## 六、宝塔部署相关问题排查
 ### 1. 无法访问Certd
 1. 确认服务器的安全规则，是否放开了对应端口
 2. 确认宝塔防火墙是否放开对应端口
 3. 尝试将Certd容器加入宝塔的`bridge`网络
 ![](./images/network.png)
 ### 2. 动态IP无法加白名单问题
 [Nginx代理解决方案](../../use/baota/white_list.md)
@@ -0,0 +1,73 @@
 # 切换数据库
 certd支持如下几种数据库：
 1. sqlite3 (默认)
 2. mysql 
 3. postgresql
 您可以按如下两种方式切换数据库
 ## 一、全新安装
 ::: tip   
 以下按照`docker-compose`安装方式介绍如何使用mysql或postgresql数据库    
 如果您使用其他方式部署，请自行修改对应的环境变量即可。   
 :::
 ### 1.1、使用mysql数据库
 1. 安装mysql，创建数据库 `(注意：charset=utf8mb4, collation=utf8mb4_bin)`
 2. 下载最新的docker-compose.yaml
 3. 修改环境变量配置
 ```yaml
 services:
  certd:
    environment:
      # 使用mysql数据库，需要提前创建数据库 charset=utf8mb4, collation=utf8mb4_bin
      - certd_flyway_scriptDir=./db/migration-mysql                     # 升级脚本目录 【照抄】
      - certd_typeorm_dataSource_default_type=mysql                     # 数据库类型， 或者 mariadb 
      - certd_typeorm_dataSource_default_host=localhost                 # 数据库地址
      - certd_typeorm_dataSource_default_port=3306                      # 数据库端口
      - certd_typeorm_dataSource_default_username=root                  # 用户名
      - certd_typeorm_dataSource_default_password=yourpasswd            # 密码
      - certd_typeorm_dataSource_default_database=certd                 # 数据库名
 ```
 4. 启动certd
 ```shell
 docker-compose up -d
 ```
 ### 1.2、使用Postgresql数据库
 1. 安装postgresql，创建数据库
 2. 下载最新的docker-compose.yaml
 3. 修改环境变量配置
 ```yaml
 services:
  certd:
    environment:
      # 使用postgresql数据库，需要提前创建数据库
      - certd_flyway_scriptDir=./db/migration-pg                        # 升级脚本目录 【照抄】
      - certd_typeorm_dataSource_default_type=postgres                  # 数据库类型 【照抄】
      - certd_typeorm_dataSource_default_host=localhost                 # 数据库地址
      - certd_typeorm_dataSource_default_port=5433                      # 数据库端口
      - certd_typeorm_dataSource_default_username=postgres              # 用户名
      - certd_typeorm_dataSource_default_password=yourpasswd            # 密码
      - certd_typeorm_dataSource_default_database=certd                 # 数据库名
 ```
 4. 启动certd
 ```shell
 docker-compose up -d
 ```
 ## 二、从旧版的sqlite切换数据库
 1. 先将`旧certd`升级到最新版 （`建议：备份sqlite数据库` ）
 2. 按照上面全新安装方式部署一套`新的certd` （`注意：新旧版本的certd要一致`）
 3. 使用数据库工具将数据从sqlite导入到mysql或postgresql （`注意：flyway_history数据表不要导入`）
 4. 重启新certd
 5. 确认没有问题之后，删除旧版certd
@@ -42,6 +42,8 @@ docker compose up -d
 > 如果提示 没有docker compose命令,请安装docker-compose   
 > https://docs.docker.com/compose/install/linux/   
 > certd默认使用sqlite数据库，另外还支持`mysql`和`postgresql`数据库，[点我了解如何切换其他数据库](../database)
 ### 3. 访问测试
@@ -53,6 +55,11 @@ https://your_server_ip:7002
 ## 二、升级
 ::: warning   
 如果您是第一次升级certd版本，切记切记先备份一下数据    
 :::
 ### 如果使用固定版本号
 1. 修改`docker-compose.yaml`中的镜像版本号
 2. 运行`docker compose up -d` 即可
@@ -1,17 +1,21 @@
 # 源码部署
-不推荐
+如果没有开发基础、没有运维基础、没有`git`和`nodejs`基础，强烈不推荐此方式
 ## 一、源码安装
 ### 环境要求
- nodejs 20 及以上
+- nodejs 22 及以上
 ### 源码启动
 ```shell
 # 克隆代码
-git clone https://github.com/certd/certd
+git clone https://github.com/certd/certd --depth=1
 # git checkout v1.x.x  # 当v2主干分支代码无法正常启动时，可以尝试此命令，1.x.x换成最新版本号
 cd certd
 # 启动服务
-./start.sh  
+./start.sh
 ```
 >如果是windows，请先安装`git for windows` ，然后右键，选择`open git bash here`打开终端，再执行`./start.sh`命令
@@ -20,9 +24,9 @@ cd certd
 ### 访问测试
-http://your_server_ip:7001  
+http://your_server_ip:7001
-https://your_server_ip:7002   
+https://your_server_ip:7002
-默认账号密码：admin/123456    
+默认账号密码：admin/123456
 记得修改密码
@@ -36,19 +40,39 @@ cp -rf ./packages/ui/certd-server/data ../certd-data-backup
 git pull
 # 如果提示pull失败，可以尝试强制更新
-# git checkout v2 -f && git pull 
+# git checkout v2 -f && git pull
 # 先停止旧的服务,7001是certd的默认端口
 kill -9 $(lsof -t -i:7001)
 # 重新编译启动
 ./start.sh
 ```
 ::: warning
 升级certd版本前，切记切记先备份一下数据
 :::
 ## 三、数据备份
-> 数据默认保存在 `./packages/ui/certd-server/data` 目录下    
+> 数据默认保存在 `./packages/ui/certd-server/data` 目录下
 > 建议配置一条[数据库备份流水线](../../use/backup/)  自动备份
 ## 四、备份恢复
 将备份的`db.sqlite`及同目录下的其他文件覆盖到原来的位置，重启certd即可
 ## 六、常见问题
 ### 1. npm install better-sqlite3 时，提示node-gyp需要vscode环境编译
 1. 首先确保node版本为22以上
 2. 将下面两行加到  ~/.npmrc 里面
 3. 重新install
 > better_sqlite3_binary_host=https://registry.npmmirror.com/-/binary/better-sqlite3
 > better_sqlite3_binary_host_mirror=https://registry.npmmirror.com/-/binary/better-sqlite3
@@ -8,5 +8,59 @@
 3. [1Panel面板方式部署升级](./1panel/#三、升级)
 4. [源码方式部署](./source/#二、升级)
 ::: warning   
 如果您是第一次升级certd版本，切记切记先备份一下数据    
 :::
 ## 升级日志
 可以查看最新版本号，以及所有版本的更新日志     
 [CHANGELOG](../changelogs/CHANGELOG.md)
 ## 自动升级配置
 ### 1. 方法一：使用watchtower监控
 修改docker-compose.yaml文件增加如下配置， 使用watchtower监控自动升级
 ```yaml
 services:
  certd:
    ...
    labels:
      com.centurylinklabs.watchtower.enable: "true"
 #         ↓↓↓↓ ---------------------------------------------------------  自动升级，上面certd的版本号要保持为latest
  certd-updater:  # 添加 Watchtower 服务
    image: containrrr/watchtower:latest
    container_name: certd-updater
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    # 配置 自动更新
    environment:
      - WATCHTOWER_CLEANUP=true            # 自动清理旧版本容器
      - WATCHTOWER_INCLUDE_STOPPED=false   # 不更新已停止的容器
      - WATCHTOWER_LABEL_ENABLE=true       # 根据容器标签进行更新
      - WATCHTOWER_POLL_INTERVAL=600       # 每 10 分钟检查一次更新
 ```
 ### 2. 方法二：使用Certd版本监控功能
 选择Github-检查Release版本插件
 ![](./images/github-release.png)
 按如下图填写配置
 ![](./images/github-release-2.png)
 检测到新版本后执行宿主机升级命令：
 ```shell
 # 拉取最新镜像
 docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 # 升级容器命令， 替换成你自己的certd更新命令
 export RESTART_CERT='sleep 10; cd ~/deploy/certd/ ; docker compose down; docker compose up -d'
 # 构造一个脚本10s后在后台执行，避免容器销毁时执行太快，导致流水线任务无法结束
 nohup sh -c '$RESTART_CERT' >/dev/null  2>&1 & echo '10秒后重启' && exit
 ```
@@ -0,0 +1,37 @@
 # 开放接口
 被动方式对第三方提供证书， 支持根据域名或证书id获取证书。
 ## 获取keyId和KeySecret
 ![](./images/1.png)
 ## 接口文档
 https://apifox.com/apidoc/shared-2e76f8c4-7c58-413b-a32d-a1316529af44/254949529e0
 ## Token生成方法
 header中传入x-certd-token即可调用开放接口   
 1、首先从OpenKey页面生成keyId，keySecret；    
 2、准备一个content( json字符串)： content={"keyId":keyId, t:时间戳秒数, encrypt:false, signType:"md5"} `// encrypt返回结果是否加密`   
 3、将content加上keySecret进行签名： sign = md5(content + keySecret)   
 4、然后将content和sign分别base64后用.号连接： x-certd-token = base64(content) +"."+base64(sign)   
 ## 补充说明
 1.证书申请接口支持证书id和域名两种方式获取证书。
 2.autoApply=true将在没有证书时自动触发申请，申请过程中会提示`正在申请中`，可轮循获取状态，直到证书申请成功。
 ## SDK
 待开发
 ## 客户端工具
 ### SSL-Assistant
 `SSL Assistant` 是一个基于 Go 语言开发的跨平台证书部署管理助手。    
 支持自动扫描主机`Nginx`配置，然后从Certd拉取证书并部署。     
 在不想暴露ssh主机密码情况下，该工具非常好用。
 开源地址： https://github.com/Youngxj/SSL-Assistant
@@ -1,5 +0,0 @@
 # 插件列表
 ![img_1.png](../images/plugins/list.png)
@@ -0,0 +1,77 @@
 # 授权列表
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **主机登录授权** |  | 
 | 2.| **阿里云授权** |  | 
 | 3.| **阿里云ESA授权** |  | 
 | 4.| **腾讯云** |  | 
 | 5.| **华为云授权** |  | 
 | 6.| **火山引擎** |  | 
 | 7.| **京东云** |  | 
 | 8.| **七牛云授权** |  | 
 | 9.| **天翼云授权** |  | 
 | 10.| **baota授权** |  | 
 | 11.| **百度云授权** |  | 
 | 12.| **EAB授权** | ZeroSSL证书申请需要EAB授权 | 
 | 13.| **google cloud** | 谷歌云授权 | 
 | 14.| **SFTP授权** |  | 
 | 15.| **阿里云OSS授权** | 包含地域和Bucket | 
 | 16.| **FTP授权** |  | 
 | 17.| **腾讯云COS授权** | 腾讯云对象存储授权，包含地域和存储桶 | 
 | 18.| **七牛OSS授权** |  | 
 | 19.| **s3/minio授权** | S3/minio oss授权 | 
 | 20.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | 
 | 21.| **易盾DCDN授权** | https://user.yiduncdn.com | 
 | 22.| **易盾rcdn授权** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
 | 23.| **易发云短信** | sms.yfyidc.cn/ | 
 | 24.| **cdnfly授权** |  | 
 | 25.| **群晖登录授权** |  | 
 | 26.| **k8s授权** |  | 
 | 27.| **1panel授权** | 账号和密码 | 
 | 28.| **LeCDN授权** |  | 
 | 29.| **白山云授权** |  | 
 | 30.| **plesk授权** |  | 
 | 31.| **易支付** |  | 
 | 32.| **支付宝** |  | 
 | 33.| **微信支付** |  | 
 | 34.| **长亭雷池授权** |  | 
 | 35.| **lucky** |  | 
 | 36.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
 | 37.| **uniCloud** | unicloud授权 | 
 | 38.| **猫云授权** |  | 
 | 39.| **西部数码授权** |  | 
 | 40.| **多吉云** |  | 
 | 41.| **我爱云授权** | 我爱云CDN | 
 | 42.| **CacheFly** | CacheFly | 
 | 43.| **Gcore** | Gcore | 
 | 44.| **亚马逊云aws授权** |  | 
 | 45.| **亚马逊云科技（国区）授权** |  | 
 | 46.| **dns.la授权** |  | 
 | 47.| **又拍云** |  | 
 | 48.| **51dns授权** |  | 
 | 49.| **FlexCDN授权** |  | 
 | 50.| **farcdn授权** |  | 
 | 51.| **cloudflare授权** |  | 
 | 52.| **Github授权** |  | 
 | 53.| **namesilo授权** |  | 
 | 54.| **proxmox** |  | 
 | 55.| **网宿授权** |  | 
 | 56.| **金山云授权** |  | 
 | 57.| **APISIX授权** |  | 
 | 58.| **Dokploy授权** |  | 
 | 59.| **godaddy授权** |  | 
 | 60.| **新网授权** |  | 
 | 61.| **新网授权（代理方式）** |  | 
 | 62.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
 | 63.| **雨云授权** | https://app.rainyun.com/ | 
 <style module>
 table th:first-of-type {
        width: 65px;
    }
 table th:nth-of-type(2) {
        width: 240px;
    }
 </style>
@@ -0,0 +1,174 @@
 # 任务插件
 共 `102` 款任务插件    
 ## 1. 证书申请
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **证书申请（JS版）** | 免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 | 2.| **证书申请（Lego）** | 支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 | 3.| **商用证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
 ## 2. 主机
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **FTP-上传证书到FTP** | 将证书上传到FTP服务器 | 
 | 2.| **IIS-部署到IIS站点** |  | 
 | 3.| **主机-执行远程主机脚本命令** | 可以执行重启nginx等操作让证书生效 | 
 | 4.| **主机-部署证书到SSH主机** | SFTP上传证书到主机，然后SSH执行部署脚本命令 | 
 | 5.| **主机-复制到本机** | 【仅管理员使用】实际上是复制证书到docker容器内的某个路径，需要做目录映射到宿主机 | 
 | 6.| **上传证书到对象存储OSS** | 支持阿里云OSS、腾讯云COS、七牛云KODO、S3、MinIO、FTP、SFTP | 
 ## 3. CDN
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **易盾-部署到易盾DCDN** | 主要是防御，http://user.yiduncdn.com/ | 
 | 2.| **易盾-部署到易盾RCDN** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
 | 3.| **cdnfly-部署证书到cdnfly** | cdnfly | 
 | 4.| **LeCDN-更新证书** |  | 
 | 5.| **LeCDN-更新证书V2** | 支持新版本LeCDN | 
 | 6.| **白山云-更新证书** |  | 
 | 7.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 | 
 | 8.| **括彩云-部署到括彩云CDN** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
 | 9.| **多吉云-部署到多吉云CDN** |  | 
 | 10.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN | 
 | 11.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly | 
 | 12.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn | 
 | 13.| **Gcore-刷新Gcore证书** | 刷新现有的证书 | 
 | 14.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN，又拍云云存储USS | 
 | 15.| **FlexCDN-更新证书** |  | 
 | 16.| **farcdn-更新证书** | www.farcdn.net | 
 | 17.| **雨云-更新证书** | app.rainyun.com | 
 | 18.| **网宿-更新证书** | 网宿证书自动更新 | 
 | 19.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 | 
 | 20.| **APISIX-更新证书** | 自动更新APISIX证书 | 
 ## 4. 面板
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 | 
 | 2.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书，目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 | 
 | 3.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF | 
 | 4.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 | 
 | 5.| **宝塔-删除过期证书** | 删除证书夹中过期证书 | 
 | 6.| **群晖-部署证书到群晖面板** | Synology，支持6.x以上版本 | 
 | 7.| **K8S-部署证书到Secret** | 部署证书到k8s的secret | 
 | 8.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress | 
 | 9.| **1Panel-部署证书到1Panel** | 更新1Panel的证书 | 
 | 10.| **Plesk-部署Plesk网站证书** |  | 
 | 11.| **雷池-更新证书** | 更新长亭雷池WAF的证书 | 
 | 12.| **lucky-更新Lucky证书** |  | 
 | 13.| **uniCloud-部署到服务空间** | 部署到服务空间 | 
 | 14.| **威联通-部署证书到威联通** | 部署证书到qnap | 
 | 15.| **飞牛NAS-部署证书** |  | 
 | 16.| **Proxmox-上传证书到Proxmox** |  | 
 | 17.| **Dokploy-更新证书** | 自动更新Dokploy证书 | 
 ## 5. 阿里云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **阿里云-部署到Ack** | 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用 | 
 | 2.| **阿里云-部署至任意云资源** | 【不建议使用】需要消耗阿里云自动部署次数，支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品 | 
 | 3.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
 | 4.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
 | 5.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
 | 6.| **阿里云-上传证书到阿里云CAS** | 上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
 | 7.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
 | 8.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
 | 9.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
 | 10.| **阿里云-部署至CLB(传统负载均衡)** | 部署证书到阿里云CLB(传统负载均衡) | 
 | 11.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算（FC3.0） | 
 | 12.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速)，自动删除过期证书 | 
 | 13.| **阿里云-部署至VOD** | 部署证书到阿里云视频点播（vod） | 
 | 14.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关（APIGateway） | 
 | 15.| **阿里云-部署至云原生API网关/AI网关** | 自动部署域名证书至云原生API网关、AI网关 | 
 ## 6. 华为云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **华为云-部署证书至CDN** |  | 
 | 2.| **华为云-上传证书至CCM** | 上传证书到华为云云证书管理（CCM） | 
 | 3.| **华为云-部署证书至OBS** |  | 
 ## 7. 腾讯云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **腾讯云-部署证书到任意云资源** | 支持负载均衡、CDN、DDoS、直播、点播、Web应用防火墙、API网关、TEO、容器服务、对象存储、轻应用服务器、云原生微服务、云开发 | 
 | 2.| **腾讯云-部署到CLB** | 暂时只支持单向认证证书，暂时只支持通用负载均衡 | 
 | 3.| **腾讯云-部署到CDN（废弃）** | 已废弃，请使用v2版 | 
 | 4.| **腾讯云-部署到CDN-v2** | 推荐使用 | 
 | 5.| **腾讯云-上传证书到腾讯云** | 上传成功后输出：tencentCertId | 
 | 6.| **腾讯云-部署证书到COS** | 部署到腾讯云COS源站域名证书【注意：很不稳定，需要重试很多次偶尔才能成功一次】 | 
 | 7.| **腾讯云-部署到腾讯云EO** | 腾讯云边缘安全加速平台EdgeOne(EO)，必须配置上传证书到腾讯云任务 | 
 | 8.| **腾讯云-删除即将过期证书** | 仅删除未使用的证书 | 
 | 9.| **腾讯云-部署到TKE** | 修改TKE集群密钥配置，支持Opaque和TLS证书类型。注意：
 1. serverless集群请使用K8S部署插件；
 2. Opaque类型需要【上传到腾讯云】作为前置任务；
 3. ApiServer需要开通公网访问（或者certd可访问），实际上底层仍然是通过KubeClient进行部署 | 
 | 10.| **腾讯云-部署到腾讯云直播** | https://console.cloud.tencent.com/live/ | 
 | 11.| **腾讯云-实例开关机** | 腾讯云实例开关机 | 
 | 12.| **腾讯云-更新证书(Id不变)** | 根据证书id一键更新腾讯云证书并自动部署（Id不变），注意该接口为腾讯云白名单功能，非白名单用户无法使用该功能 | 
 ## 8. 火山引擎
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **火山引擎-部署证书至CDN** | 支持网页，文件下载，音视频点播 | 
 | 2.| **火山引擎-部署证书至CLB** | 部署至火山引擎负载均衡 | 
 | 3.| **火山引擎-上传证书至证书中心** | 上传证书至火山引擎证书中心 | 
 | 4.| **火山引擎-部署证书至ALB** | 部署至火山引擎应用负载均衡 | 
 | 5.| **火山引擎-部署证书至Live** | 部署至火山引擎视频直播 | 
 | 6.| **火山引擎-部署证书至DCDN** | 部署至火山引擎全站加速 | 
 | 7.| **火山引擎-部署证书至VOD** | 部署至火山引擎视频点播(暂不可用) | 
 ## 9. 京东云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **京东云-部署证书至CDN** | 京东云内容分发网络 | 
 | 2.| **京东云-更新已有证书** | 更新SSL数字证书中的证书 | 
 | 3.| **京东云-上传新证书** | 上传证书到SSL数字证书中心 | 
 ## 10. 百度云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **百度云-部署证书到CDN** | 部署到百度云CDN | 
 | 2.| **百度云-部署证书到负载均衡** | 部署到百度云负载均衡，包括BLB、APPBLB | 
 | 3.| **百度云-上传到证书托管** | 上传证书到百度云证书托管中心 | 
 ## 11. 七牛云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **七牛云-部署证书至OSS** | 自动部署域名证书至七牛云KODO，注意是自定义源站域名，不是CDN域名 | 
 | 2.| **七牛云-部署证书至CDN/DCDN** | 自动部署域名证书至七牛云CDN、DCDN | 
 | 3.| **七牛云-上传证书到七牛云** | 上传到七牛云 | 
 ## 12. 亚马逊云
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **AWS-部署证书到CloudFront** | 部署证书到 AWS CloudFront | 
 | 2.| **AWS-上传证书到ACM** | 上传证书 AWS ACM | 
 | 3.| **AWS(国区)-部署证书到CloudFront** | 部署证书到 AWS CloudFront | 
 ## 13. 其他
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **Demo-测试插件** |  | 
 | 2.| **等待** | 等待一段时间 | 
 | 3.| **邮件发送证书** | 通过邮件发送证书 | 
 | 4.| **webhook方式部署证书** | 调用webhook部署证书 | 
 | 5.| **Github-检查Release版本** | 检查最新Release版本并推送消息 | 
 ## 14. 管理
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **重启 Certd** | 【仅管理员可用】 重启 certd的https服务，用于更新 Certd 的 ssl 证书 | 
 | 2.| **自定义js脚本** | 【仅管理员】运行自定义js脚本执行 | 
 | 3.| **数据库备份** | 【仅管理员可用】仅支持备份SQLite数据库 | 
 <style module>
 table th:first-of-type {
        width: 65px;
    }
 table th:nth-of-type(2) {
        width: 240px;
    }
 </style>
@@ -0,0 +1,30 @@
 # DNS提供商
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **阿里云** | 阿里云DNS解析提供商 | 
 | 2.| **阿里ESA** | 阿里ESA DNS解析 | 
 | 3.| **火山引擎** | 火山引擎DNS解析提供商 | 
 | 4.| **京东云** | 京东云DNS解析提供商 | 
 | 5.| **新网** | 新网域名解析 | 
 | 6.| **新网(代理方式)** | 新网域名解析(代理方式) | 
 | 7.| **腾讯云** | 腾讯云域名DNS解析提供者 | 
 | 8.| **华为云** | 华为云DNS解析提供商 | 
 | 9.| **西部数码** | west dns provider | 
 | 10.| **dns.la** | dns.la | 
 | 11.| **雨云** | 雨云DNS解析提供商 | 
 | 12.| **cloudflare** | cloudflare dns provider | 
 | 13.| **namesilo** | namesilo dns provider | 
 | 14.| **godaddy** | GoDaddy | 
 | 15.| **51dns** | 51DNS | 
 | 16.| **新网互联** | 新网互联 | 
 <style module>
 table th:first-of-type {
        width: 65px;
    }
 table th:nth-of-type(2) {
        width: 240px;
    }
 </style>
@@ -0,0 +1,30 @@
 # 通知插件
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **电子邮件** | 电子邮件通知 | 
 | 2.| **自定义webhook** | 根据模版自定义http请求 | 
 | 3.| **企业微信通知** | 企业微信群聊机器人通知 | 
 | 4.| **爱语飞飞微信通知(iyuu)** | https://iyuu.cn/ | 
 | 5.| **Server酱ᵀ** | https://sct.ftqq.com/ | 
 | 6.| **Server酱³** | https://doc.sc3.ft07.com/serverchan3 | 
 | 7.| **AnPush** | https://anpush.com | 
 | 8.| **Telegram通知** | Telegram Bot推送通知 | 
 | 9.| **Discord 通知** | Discord 机器人通知 | 
 | 10.| **Slack通知** | Slack消息推送通知 | 
 | 11.| **Bark 通知** | Bark 推送通知插件 | 
 | 12.| **飞书通知** | 飞书群聊webhook通知 | 
 | 13.| **钉钉通知** | 钉钉群聊通知 | 
 | 14.| **VoceChat通知** | https://voce.chat | 
 | 15.| **OneBot V11 通知** | 通过动态拼接URL发送 OneBot V11 协议消息 | 
 | 16.| **MeoW通知** | https://api.chuckfang.com/ | 
 <style module>
 table th:first-of-type {
        width: 65px;
    }
 table th:nth-of-type(2) {
        width: 240px;
    }
 </style>
@@ -0,0 +1,46 @@
 # 常见问题
 ## 1. 是否支持IP证书
 因为ACME协议不支持IP证书，所以certd目前也不支持IP证书
 ## 2. 建议设置多长时间运行一次流水线
 建议每天运行一次，检查证书过期时间
 当证书没过期时，自动跳过部署
 当证书到期前35天（创建流水线时可以修改），将会自动重新申请证书，自动部署
 ## 3. too many certificates 错误
 当出现如下报错时，说明相同的域名短时间内申请超过5次
 解决方案：可以加多一个子域名，重新执行就可以规避次错误
 ```
 "detail": too many certificates (5) already issued for this exact set of idantifiers in the last 168hm0s
 ```
 ## 4. ssl.com报错  CAA record does not include ssl.com which is required to issue the certificate
 ssl.com申请证书要求必须设置CAA记录，表示允许ssl.com为该域名颁发证书
 请按如下格式添加CAA记录
 | 示例    | 类型  | 域名前缀 | flag      | tag    | 值                    |
 |-------|-----| -- |-----------|--------|----------------------|
 | 顶级域名  | CAA | @ | 0         | issue  |  "ssl.com"  （注意有双引号） |
 | 一级泛域名 | CAA | * | 0         | issue/issuewild | "ssl.com" |
 | 固定子域名 | CAA | sub |  0         | issue  |"ssl.com" |
 ## 5. address family not supported
 启动时出现此错误，是由于您的服务器不支持绑定ipv6地址
 请配置环境变量 certd_koa_hostname=0.0.0.0
 在docker-compose.yml中添加如下配置
 ```yaml
 service:
  certd:
    environment:
      certd_koa_hostname: 0.0.0.0
 ```
@@ -7,10 +7,16 @@
 https://certd.handsfree.work/
-> 注意数据将不定期清理，不定期停止定时任务，生产使用请自行部署    
+注册 -> 创建证书流水线 -> 添加部署任务 -> 测试运行
 > 注意demo的数据将不定期清理，生产使用请自行部署    
 > 包含敏感信息，务必自己本地部署进行生产使用
 ![首页](../images/start/home-2.png)
 ## 二、私有化部署
 由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
@@ -0,0 +1,17 @@
 # 部署证书到ESXi
 使用`部署证书到主机插件`即可
 ## 开启ssh
 登陆ESXi Web后台，点击 主机 -> 操作 -> 服务 -> 启用 Secure Shell（SSH）打开SSH
 ## 添加部署到主机任务
 ![img.png](./images/ssh.png)
 ## 配置重启脚本
 ```bash
 /etc/init.d/hostd restart
 /etc/init.d/vpxa restart
 ```
@@ -1,5 +1,6 @@
-# 数据库自动备份
+# 数据库备份
-
+* 两种备份方法：  1、手动备份  2、自动备份
 * 本文仅限sqlite数据库。
 ## 一、手动备份
 数据库文件根据不同的部署方式保存的位置不一样，您可以手动复制出来进行备份
@@ -0,0 +1,98 @@
 # 宝塔IP白名单与动态IP问题
 调用宝塔接口需要添加IP白名单，但当certd部署在动态IP环境下时，IP白名单就不好添加
 本章节提供两种解决方案：
 1. 小范围网段放开（简单）
 2. nginx代理
 ## 一、放开小范围网段
 家庭网络IP虽然会变动，但是只会在小范围变的。
 你可以分析规律，将变动的部分，设置成网段即可
 > 比如出现过： 100.25.1.5 ， 100.25.1.8
 >
 > 那么你可以配置 100.25.1.1-100.25.1.255
 > 如果出现过： 100.25.1.5 ， 100.25.4.8
 >
 > 可以尝试配置 100.25.*.5
 ## 二、nginx代理方案
 通过在宝塔中配置一个nginx反向代理，代理宝塔自己的地址
 然后在nginx中配置放开certd需要的接口，缩小影响范围
 让nginx来充当防火墙
 架构图如下：
 ```
                    只要将127.0.0.1加入白名单即可
                                ↓
 certd --------> nginx -------> 宝塔
                  ↑
         拦截除更新证书之外的地址
 ```
 ### 1. 添加nginx反向代理
 ![](./images/white-1.png)
 ### 2. 域名和代理目标
 ![](./images/white-2.png)
 ### 3. 设置放开哪些接口
 ![](./images/white-3.png)
 ![img.png](images/white-4.png)
 将如下脚本填入上方文本域中，保存
 ```nginx configuration
 set $allow_access false;
    # 检查请求的URI是否在白名单中
   if ($request_uri ~* "^/(site\?action=get_site_types)") {
        # 允许测试
        set $allow_access true;
    }
    if ($request_uri ~* "^/(config\?action=SavePanelSSL)") {
        # 允许部署到宝塔面板本身证书
        set $allow_access true;
    }
    if ($request_uri ~* "^/(mod/docker/com/set_ssl|site\?action=SetSSL|ssl\?action=GetSiteDomain|mod/docker/com/get_site_list)") {
        # 允许部署宝塔网站证书
        set $allow_access true;
    }
    if ($request_uri ~* "^/(ssl?action=remove_cloud_cert|ssl\?action=get_cert_list)") {
        # 允许删除宝塔过期证书
        set $allow_access true;
    }
    if ($request_uri ~* "^/(datalist/get_data_list|site/set_site_ssl)") {
        set $allow_access true;
    }
    # 如果不在白名单，返回403禁止访问
    if ($allow_access = false) {
        return 405;
    }
 ```
 ### 4. 接口IP白名单添加127.0.0.1
   ![img.png](images/white-5.png)
 ### 5. certd中宝塔授权配置改成新的这个域名地址
 ![img.png](images/white-6.png)
 点击测试检查是否ok ，到这里就可以正常部署证书了
 ### 6. 安全加强（将请求地址改成https）
 在宝塔中配置证书部署任务，选择刚才新建的这个网站，给他部署证书
 勾选强制https
 ![img.png](images/white-safe-1.png)
 更换443端口【可选】
 ![img.png](images/white-safe-2.png)
 禁止http访问
@@ -0,0 +1,10 @@
 # 二级子域名托管
 如果你的域名是免费的二级域名（比如：sub.handsfree.work），托管在CF或者阿里云上
 在使用DNS方式校验时需要设置子域名托管
 [阿里云子域名托管说明](https://help.aliyun.com/zh/dns/pubz-subdomain-management)
 ![img.png](./images/subdomain1.png)
 ![img_1.png](./images/subdomain2.png)
@@ -0,0 +1,9 @@
 # 商业版文档
 ![](./images/index.png)
 ## 支付方式配置
 * [支付宝支付配置](./payments/alipay.md)
 * [微信支付配置](./payments/wxpay.md)
 * [彩虹易支付配置](./payments/yizhifu.md)
@@ -0,0 +1,26 @@
 # 支付宝配置
 ## 配置步骤
 1. 注册支付宝商家账号
   * 开通电脑网站支付产品(需营业执照)： https://b.alipay.com/page/product-workspace/all-product
 2. 开放平台，创建应用，获取APPID
   * 登录支付宝开放平台，进入开发者中心，创建网页应用，获取应用的AppId（左上角复制）
   * 开发者中心：https://open.alipay.com/develop/manage
 3. 进入应用详情，选择开发设置，配置接口加签方式 （选择密钥类型）
   * 参考文档：https://opendocs.alipay.com/common/02kdnc?pathHash=fb0c752a
   * 此步骤完成后，可以获取应用的私钥、支付宝公钥。     
   * 注意：支付宝不会保存应用的私钥，你需要自己保管好私钥。
 4. 在Certd后台配置支付宝 
   * 进入“系统”->"设置"->“支付设置”
   * 启用支付宝，选择“支付宝配置”，点击添加
   * 填写支付宝AppId、应用私钥、支付宝公钥等信息即可。
@@ -0,0 +1,27 @@
 # 微信支付配置
 ## 配置步骤
 1. 开通Native支付
   * 登录微信支付平台
   * 进入产品中心： https://pay.weixin.qq.com/index.php/extend/product/lists?tid=3
   * 选择开通Native支付
 2. 申请证书
   * 进入“账户中心”->“API安全”->“商户API证书”->“管理证书”
   * 根据指引生成证书
   * 得到私钥和公钥
 3. 填写APIv3密钥
   * 进入“账户中心”->“API安全”->“解密回调”
   * 填写APIv3密钥 
   * 参考文档 https://kf.qq.com/faq/180830E36vyQ180830AZFZvu.html
 4. 在Certd后台配置微信支付
   * 进入“系统”->"设置"->“支付设置”
   * 启用微信支付，选择“微信支付配置”，点击添加
   * 填写微信支付商户号、证书私钥、证书公钥、APIv3密钥即可。
@@ -0,0 +1,19 @@
 # 彩虹易支付配置
 彩虹易支付是一款非常流行的php聚合支付系统。
 ## 配置步骤
 1. 获取商户ID、商户密钥
   * 登录彩虹易支付平台
   * 进入用户中心：https://xxxxxx.com/user/userinfo.php?mod=api
   * 点击API信息
   * 可以复制：接口地址、商户ID、商户密钥（key）
   * 点击查看文档，了解支持的签名类型，一般为MD5
 2. 进入Certd后台配置彩虹易支付
   * 进入“系统”->"设置"->“支付设置”
   * 启用彩虹易支付，选择“彩虹易支付配置”，点击添加
   * 填写接口地址、商户ID、商户密钥、签名方式等信息即可。
@@ -6,6 +6,10 @@
 ## 2. 使用示例
 ```js
 // 如果需要引用第三方库，必须使用import语法
 // const thirdSdk = await import("third-sdk-name")
 const certPem = ctx.self.cert.crt
 const certKey = ctx.self.cert.key
@@ -17,7 +17,9 @@ CERTD_HTTPS_port=7002
 参考Certd顶部的创建证书流水线教程
 ### 2、配置复制到本机任务
-将证书复制到certd的证书安装位置
+将证书复制到certd的证书安装位置   
 证书路径：`ssl/cert.crt`   
 私钥路径：`ssl/cert.key` 
 ![](./images/1.png)
 ![](./images/2.png)
@@ -0,0 +1,13 @@
 # 带输出的前置任务
 前置任务输出可以在后续任务中使用
 比如上传证书到阿里云，会返回阿里云的CertId，之后其他阿里云的部署任务可以选择复用这个证书
 ## 复用证书
 ![img.png](images/pretask1.png)
 在后续任务中可以选择前置任务的输出
 ![img.png](images/pretask2.png)
@@ -18,6 +18,12 @@
 ### 3. 配置Certd项目
 ![](./images/3.png)
 建议加上 `:delegated` 提升性能
 ```yaml
  volumes:
                                          ↓↓↓↓------加上这个提升性能
    - /volume1/docker/certd:/app/data:delegated
 ```
 ### 4. 外网访问设置
@@ -8,8 +8,11 @@
 ![](./tencent-access.png)
 ## 如何避免收到腾讯云证书过期邮件
 > 新版本已经自动将证书设置为免提醒，certd上传的证书后续都不会再提醒了。
 腾讯云在证书有效期还剩28天时会发送过期通知邮件    
 您可以通过配置“腾讯云过期证书删除”任务来避免收到此类邮件。
@@ -18,4 +21,17 @@
 注意点：
 > 1. 选择腾讯云授权，需授权`服务角色SSL_QCSLinkedRoleInReplaceLoadCertificate`权限
 > 2. `1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数修改为35天，保证删除之前就已经替换掉即将过期证书
-![](./images/delete2.png)
+![](./images/delete2.png)
 ## TKE service 的 TCP_SSL Opaque类型证书授权
 部署证书到腾讯云TKE，如果报以下错误：     
 `is forbidden: User "xxxxxx-xxxxx" cannot get resource "secrets" in API group "" in the namespace "default"'`     
 则需要单独从授权管理侧再授权子用户的权限
 ![](./images/tcpssl.png)
 ![](./images/opaque.png)
@@ -24,13 +24,13 @@ features:
  - title: 全自动申请证书
    details: 支持所有注册商注册的域名
  - title: 全自动部署证书
-    details: 支持部署到主机、阿里云、腾讯云等，目前已支持30+部署插件
+    details: 支持部署到主机、阿里云、腾讯云等，目前已支持100+部署插件
  - title: 多域名、泛域名打到一个证书上
    details: 支持通配符域名/泛域名，支持多个域名打到一个证书上
  - title: 多证书格式支持
    details: 支持pem、pfx、der、jks等多种证书格式，支持Google、Letsencrypt、ZeroSSL证书颁发机构
-  - title: 支持私有化部署
+  - title: 私有化部署，数据安全
-    details: 授权数据加密存储，保障数据安全
+    details: 授权数据加密存储，保障数据安全，支持SQLite、Postgresql、MySQL多种数据库
-  - title: 多数据库支持
+  - title: 无痛升级
-    details: 支持SQLite、Postgresql、MySQL数据库
+    details: 有手就行，向下兼容，无需担心数据作废
 ---
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.29.1"
+  "version": "1.37.6"
 }
@@ -9,18 +9,20 @@
    "@lerna-lite/run": "^3.9.3",
    "@lerna-lite/version": "^3.9.3",
    "medium-zoom": "^1.1.0",
-    "vitepress": "^1.4.1",
+    "vitepress": "^2.0.0-alpha.4",
    "vitepress-plugin-lightbox": "^1.0.2"
  },
  "scripts": {
    "start": "lerna bootstrap --hoist",
    "start:server": "cd ./packages/ui/certd-server && npm start",
    "devb": "lerna run dev-build",
    "i-all": "lerna link && lerna exec npm install  ",
    "publish": "npm run prepublishOnly2  && lerna publish --force-publish=pro/plus-core --conventional-commits --create-release github && npm run afterpublishOnly && npm run commitAll",
-    "afterpublishOnly": "npm run copylogs && time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
+    "afterpublishOnly": "npm run plugin-doc-gen && npm run copylogs && time /t >trigger/build.trigger && git add ./trigger/build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
    "transform-sql": "cd ./packages/ui/certd-server/db/ && node --experimental-json-modules transform.js",
    "plugin-doc-gen": "cd ./packages/ui/certd-server/ && npm run export-md",
    "commitAll": "git add . && git commit -m \"build: publish\" && git push && npm run commitPro",
-    "commitPro": "cd ./packages/core/ && git add . && git commit -m \"build: publish\" && git push",
+    "commitPro": "cd ./packages/pro/ && git add . && git commit -m \"build: publish\" && git push",
    "copylogs": "copyfiles \"CHANGELOG.md\"  ./docs/guide/changelogs/",
    "prepublishOnly1": "npm run check && lerna run build ",
    "prepublishOnly2": "npm run check && npm run before-build && lerna run build ",
@@ -28,9 +30,13 @@
    "deploy1": "node --experimental-json-modules deploy.js ",
    "check": "node --experimental-json-modules publish-check.js",
    "init": "lerna run build",
    "init:dev": "lerna run build",
    "docs:dev": "vitepress dev docs",
-    "docs:build": "vitepress build docs",
+    "docs:build": "npm run copylogs && vitepress build docs",
-    "docs:preview": "vitepress preview docs"
+    "docs:preview": "vitepress preview docs",
    "pub": "echo 1",
    "dev": "pnpm run -r --parallel  compile ",
    "release": "time /t >trigger/release.trigger && git add trigger/release.trigger && git commit -m \"build: release\" && git push"
  },
  "license": "AGPL-3.0",
  "dependencies": {
@@ -41,5 +47,8 @@
  },
  "workspaces": [
    "packages/**"
-  ]
+  ],
  "pnpm": {
    "neverBuiltDependencies": []
  }
 }
@@ -6,7 +6,7 @@ root = true
 [*]
 indent_style = space
-indent_size = 4
+indent_size = 2
 trim_trailing_whitespace = true
 [{*.yml,*.yaml}]
@@ -0,0 +1,7 @@
 {
  "printWidth": 220,
  "bracketSpacing": true,
  "singleQuote": false,
  "trailingComma": "es5",
  "arrowParens": "avoid"
 }
@@ -3,6 +3,385 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.6](https://github.com/publishlab/node-acme-client/compare/v1.37.5...v1.37.6) (2025-11-10)
 ### Performance Improvements
 * 支持letencrypt测试环境，支持IP证书？ ([1462cdd](https://github.com/publishlab/node-acme-client/commit/1462cddd1eb347b7ff238286b5c977b29a0591ec))
 ## [1.37.5](https://github.com/publishlab/node-acme-client/compare/v1.37.4...v1.37.5) (2025-11-08)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.37.4](https://github.com/publishlab/node-acme-client/compare/v1.37.3...v1.37.4) (2025-10-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.37.3](https://github.com/publishlab/node-acme-client/compare/v1.37.2...v1.37.3) (2025-10-24)
 ### Bug Fixes
 * 修复并发情况下证书申请日志混乱的bug ([bb2714f](https://github.com/publishlab/node-acme-client/commit/bb2714ff241f9db4a71d805b23a1b0f9f2f6413a))
 ## [1.37.2](https://github.com/publishlab/node-acme-client/compare/v1.37.1...v1.37.2) (2025-10-14)
 ### Bug Fixes
 * aliyunoss 选择证书接入点选择新加坡无法上传的bug ([e00733a](https://github.com/publishlab/node-acme-client/commit/e00733a34644c23ffe926486b15dc96bf2fa4b57))
 ## [1.37.1](https://github.com/publishlab/node-acme-client/compare/v1.37.0...v1.37.1) (2025-09-29)
 **Note:** Version bump only for package @certd/acme-client
 # [1.37.0](https://github.com/publishlab/node-acme-client/compare/v1.36.25...v1.37.0) (2025-09-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.25](https://github.com/publishlab/node-acme-client/compare/v1.36.24...v1.36.25) (2025-09-27)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.24](https://github.com/publishlab/node-acme-client/compare/v1.36.23...v1.36.24) (2025-09-27)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.23](https://github.com/publishlab/node-acme-client/compare/v1.36.22...v1.36.23) (2025-09-26)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.22](https://github.com/publishlab/node-acme-client/compare/v1.36.21...v1.36.22) (2025-09-23)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.21](https://github.com/publishlab/node-acme-client/compare/v1.36.20...v1.36.21) (2025-09-15)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.20](https://github.com/publishlab/node-acme-client/compare/v1.36.19...v1.36.20) (2025-09-13)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.19](https://github.com/publishlab/node-acme-client/compare/v1.36.18...v1.36.19) (2025-09-05)
 ### Performance Improvements
 * 支持ssl.com证书颁发机构 ([27b6dfa](https://github.com/publishlab/node-acme-client/commit/27b6dfa4d2ab3bddd284c3a34511a72e1a513a4c))
 ## [1.36.18](https://github.com/publishlab/node-acme-client/compare/v1.36.17...v1.36.18) (2025-08-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.17](https://github.com/publishlab/node-acme-client/compare/v1.36.16...v1.36.17) (2025-08-17)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.16](https://github.com/publishlab/node-acme-client/compare/v1.36.15...v1.36.16) (2025-08-16)
 ### Performance Improvements
 * 部署到百度cdn支持自动获取域名列表选择 ([4e432ed](https://github.com/publishlab/node-acme-client/commit/4e432ed03f4fb564e85a2f284ee26b58400b82f5))
 ## [1.36.15](https://github.com/publishlab/node-acme-client/compare/v1.36.14...v1.36.15) (2025-08-07)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.14](https://github.com/publishlab/node-acme-client/compare/v1.36.13...v1.36.14) (2025-07-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.13](https://github.com/publishlab/node-acme-client/compare/v1.36.12...v1.36.13) (2025-07-23)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.12](https://github.com/publishlab/node-acme-client/compare/v1.36.11...v1.36.12) (2025-07-22)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.11](https://github.com/publishlab/node-acme-client/compare/v1.36.10...v1.36.11) (2025-07-22)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.10](https://github.com/publishlab/node-acme-client/compare/v1.36.9...v1.36.10) (2025-07-18)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.9](https://github.com/publishlab/node-acme-client/compare/v1.36.7...v1.36.9) (2025-07-15)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.7](https://github.com/publishlab/node-acme-client/compare/v1.36.6...v1.36.7) (2025-07-15)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.6](https://github.com/publishlab/node-acme-client/compare/v1.36.5...v1.36.6) (2025-07-14)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.5](https://github.com/publishlab/node-acme-client/compare/v1.36.4...v1.36.5) (2025-07-11)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.4](https://github.com/publishlab/node-acme-client/compare/v1.36.3...v1.36.4) (2025-07-10)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.3](https://github.com/publishlab/node-acme-client/compare/v1.36.2...v1.36.3) (2025-07-07)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.2](https://github.com/publishlab/node-acme-client/compare/v1.36.1...v1.36.2) (2025-07-06)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.36.1](https://github.com/publishlab/node-acme-client/compare/v1.36.0...v1.36.1) (2025-07-02)
 **Note:** Version bump only for package @certd/acme-client
 # [1.36.0](https://github.com/publishlab/node-acme-client/compare/v1.35.5...v1.36.0) (2025-07-01)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.35.5](https://github.com/publishlab/node-acme-client/compare/v1.35.4...v1.35.5) (2025-06-20)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.35.4](https://github.com/publishlab/node-acme-client/compare/v1.35.3...v1.35.4) (2025-06-13)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.35.3](https://github.com/publishlab/node-acme-client/compare/v1.35.2...v1.35.3) (2025-06-12)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.35.2](https://github.com/publishlab/node-acme-client/compare/v1.35.1...v1.35.2) (2025-06-09)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.35.1](https://github.com/publishlab/node-acme-client/compare/v1.35.0...v1.35.1) (2025-06-07)
 ### Performance Improvements
 * 证书申请支持letencrypt profile选项 ([2eb0e54](https://github.com/publishlab/node-acme-client/commit/2eb0e54909d8ad36708e07c12fd598998159bc43))
 # [1.35.0](https://github.com/publishlab/node-acme-client/compare/v1.34.11...v1.35.0) (2025-06-05)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.11](https://github.com/publishlab/node-acme-client/compare/v1.34.10...v1.34.11) (2025-06-05)
 ### Bug Fixes
 * 修复中文域名使用cname方式校验无法通过的问题 ([f7d5baa](https://github.com/publishlab/node-acme-client/commit/f7d5baa6d04cb83c572b06e62f885890cfa0143a))
 ### Performance Improvements
 * 优化cname检查，当有冲突的cname记录时，给出提示 ([e639a8f](https://github.com/publishlab/node-acme-client/commit/e639a8f9f12640ffcca69f1a6a0324459924afbd))
 ## [1.34.10](https://github.com/publishlab/node-acme-client/compare/v1.34.9...v1.34.10) (2025-06-03)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.9](https://github.com/publishlab/node-acme-client/compare/v1.34.8...v1.34.9) (2025-05-30)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.8](https://github.com/publishlab/node-acme-client/compare/v1.34.7...v1.34.8) (2025-05-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.7](https://github.com/publishlab/node-acme-client/compare/v1.34.6...v1.34.7) (2025-05-26)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.6](https://github.com/publishlab/node-acme-client/compare/v1.34.5...v1.34.6) (2025-05-25)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.5](https://github.com/publishlab/node-acme-client/compare/v1.34.4...v1.34.5) (2025-05-19)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.4](https://github.com/publishlab/node-acme-client/compare/v1.34.3...v1.34.4) (2025-05-16)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.3](https://github.com/publishlab/node-acme-client/compare/v1.34.2...v1.34.3) (2025-05-15)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.34.2](https://github.com/publishlab/node-acme-client/compare/v1.34.1...v1.34.2) (2025-05-11)
 ### Performance Improvements
 * http方式支持校验443端口 ([d75fcb7](https://github.com/publishlab/node-acme-client/commit/d75fcb7fec421a9a638eaa27fe9378c84b5e0f19))
 ## [1.34.1](https://github.com/publishlab/node-acme-client/compare/v1.34.0...v1.34.1) (2025-05-05)
 ### Bug Fixes
 * 根据SOA记录判断子域名托管有缺陷，改回手动配置子域名托管记录的方式 ([1b280a2](https://github.com/publishlab/node-acme-client/commit/1b280a2940f9e2d919b0bf23b89cc185be1fa498))
 # [1.34.0](https://github.com/publishlab/node-acme-client/compare/v1.33.8...v1.34.0) (2025-04-28)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.8](https://github.com/publishlab/node-acme-client/compare/v1.33.7...v1.33.8) (2025-04-26)
 ### Bug Fixes
 * 修复http上传方式无法清除记录文件的bug ([72a7b51](https://github.com/publishlab/node-acme-client/commit/72a7b51d479602b2c54c6c3ac8d8a0dcb9664e73))
 ### Performance Improvements
 * 从域名的soa获取主域名，子域名托管无需额外配置 ([a586a92](https://github.com/publishlab/node-acme-client/commit/a586a92d5e32ea846ac37be52a7ad8c328d89966))
 * 七牛oss支持删除过期备份 ([b7113bd](https://github.com/publishlab/node-acme-client/commit/b7113bda2378116d6c116dc583f563cce7cf9f00))
 ## [1.33.7](https://github.com/publishlab/node-acme-client/compare/v1.33.6...v1.33.7) (2025-04-22)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.6](https://github.com/publishlab/node-acme-client/compare/v1.33.5...v1.33.6) (2025-04-20)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.5](https://github.com/publishlab/node-acme-client/compare/v1.33.4...v1.33.5) (2025-04-17)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.4](https://github.com/publishlab/node-acme-client/compare/v1.33.3...v1.33.4) (2025-04-15)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.3](https://github.com/publishlab/node-acme-client/compare/v1.33.2...v1.33.3) (2025-04-14)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.2](https://github.com/publishlab/node-acme-client/compare/v1.33.1...v1.33.2) (2025-04-12)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.33.1](https://github.com/publishlab/node-acme-client/compare/v1.33.0...v1.33.1) (2025-04-12)
 **Note:** Version bump only for package @certd/acme-client
 # [1.33.0](https://github.com/publishlab/node-acme-client/compare/v1.32.0...v1.33.0) (2025-04-11)
 **Note:** Version bump only for package @certd/acme-client
 # [1.32.0](https://github.com/publishlab/node-acme-client/compare/v1.31.11...v1.32.0) (2025-04-04)
 ### Bug Fixes
 * 修复从本地dns获取记录报错的bug ([c39b1bf](https://github.com/publishlab/node-acme-client/commit/c39b1bf823ddc6216bed2049e4c87e6107def08a))
 ### Features
 * 优化证书申请速度，修复某些情况下letsencrypt 校验失败的问题 ([857589b](https://github.com/publishlab/node-acme-client/commit/857589b365c6f709e0ae67914d2f50ce182e6dd6))
 ### Performance Improvements
 * 优化华为dns解析记录创建和删除问题 ([0948c5b](https://github.com/publishlab/node-acme-client/commit/0948c5bc691d2ee6eb47c72a85da1b7453361878))
 ## [1.31.11](https://github.com/publishlab/node-acme-client/compare/v1.31.10...v1.31.11) (2025-04-02)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.10](https://github.com/publishlab/node-acme-client/compare/v1.31.9...v1.31.10) (2025-03-29)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.9](https://github.com/publishlab/node-acme-client/compare/v1.31.8...v1.31.9) (2025-03-28)
 ### Performance Improvements
 * dns支持火山引擎 ([99ff879](https://github.com/publishlab/node-acme-client/commit/99ff879d93658c29ea493a4bde7e9e3f85996d64))
 ## [1.31.8](https://github.com/publishlab/node-acme-client/compare/v1.31.7...v1.31.8) (2025-03-26)
 ### Performance Improvements
 * 优化txt本地校验效率 ([fd507f2](https://github.com/publishlab/node-acme-client/commit/fd507f269253607e68c5c099c99e0de11636f229))
 ## [1.31.7](https://github.com/publishlab/node-acme-client/compare/v1.31.6...v1.31.7) (2025-03-24)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.6](https://github.com/publishlab/node-acme-client/compare/v1.31.5...v1.31.6) (2025-03-24)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.5](https://github.com/publishlab/node-acme-client/compare/v1.31.4...v1.31.5) (2025-03-22)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.4](https://github.com/publishlab/node-acme-client/compare/v1.31.3...v1.31.4) (2025-03-21)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.3](https://github.com/publishlab/node-acme-client/compare/v1.31.2...v1.31.3) (2025-03-13)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.2](https://github.com/publishlab/node-acme-client/compare/v1.31.1...v1.31.2) (2025-03-12)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.31.1](https://github.com/publishlab/node-acme-client/compare/v1.31.0...v1.31.1) (2025-03-11)
 **Note:** Version bump only for package @certd/acme-client
 # [1.31.0](https://github.com/publishlab/node-acme-client/compare/v1.30.6...v1.31.0) (2025-03-10)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.6](https://github.com/publishlab/node-acme-client/compare/v1.30.5...v1.30.6) (2025-02-24)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.5](https://github.com/publishlab/node-acme-client/compare/v1.30.4...v1.30.5) (2025-02-14)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.4](https://github.com/publishlab/node-acme-client/compare/v1.30.3...v1.30.4) (2025-02-14)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.3](https://github.com/publishlab/node-acme-client/compare/v1.30.2...v1.30.3) (2025-02-13)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.2](https://github.com/publishlab/node-acme-client/compare/v1.30.1...v1.30.2) (2025-02-09)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.30.1](https://github.com/publishlab/node-acme-client/compare/v1.30.0...v1.30.1) (2025-01-20)
 **Note:** Version bump only for package @certd/acme-client
 # [1.30.0](https://github.com/publishlab/node-acme-client/compare/v1.29.5...v1.30.0) (2025-01-19)
 ### Bug Fixes
 * 修复查看任务日志偶发性无法自动滚动底部的bug ([7e482f7](https://github.com/publishlab/node-acme-client/commit/7e482f798c0142bce1866f84676cb40210f9638a))
 ## [1.29.5](https://github.com/publishlab/node-acme-client/compare/v1.29.4...v1.29.5) (2025-01-07)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.29.4](https://github.com/publishlab/node-acme-client/compare/v1.29.3...v1.29.4) (2025-01-06)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.29.3](https://github.com/publishlab/node-acme-client/compare/v1.29.2...v1.29.3) (2025-01-04)
 ### Performance Improvements
 * 优化acme sdk ([54db744](https://github.com/publishlab/node-acme-client/commit/54db74428259de64d12230c2ab7353ae11197bbc))
 ## [1.29.2](https://github.com/publishlab/node-acme-client/compare/v1.29.1...v1.29.2) (2024-12-25)
 **Note:** Version bump only for package @certd/acme-client
 ## [1.29.1](https://github.com/publishlab/node-acme-client/compare/v1.29.0...v1.29.1) (2024-12-25)
 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.29.1",
+    "version": "1.37.6",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.29.1",
+        "@certd/basic": "^1.37.6",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.7.2",
@@ -26,10 +26,13 @@
        "http-proxy-agent": "^7.0.2",
        "https-proxy-agent": "^7.0.5",
        "lodash-es": "^4.17.21",
-        "node-forge": "^1.3.1"
+        "node-forge": "^1.3.1",
        "punycode.js": "^2.3.1"
    },
    "devDependencies": {
        "@types/node": "^20.14.10",
        "@typescript-eslint/eslint-plugin": "^8.26.1",
        "@typescript-eslint/parser": "^8.26.1",
        "chai": "^4.4.1",
        "chai-as-promised": "^7.1.2",
        "eslint": "^8.57.0",
@@ -48,7 +51,9 @@
        "lint": "eslint .",
        "lint-types": "tsd",
        "prepublishOnly": "npm run build-docs",
-        "test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\""
+        "test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
        "pub": "npm publish",
        "compile": "tsc --skipLibCheck --watch"
    },
    "repository": {
        "type": "git",
@@ -65,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "36993cb6f8244f4a183d64fcdf5194282140d888"
+    "gitHead": "9fcdeca6920fc7d465e2443dab4f246d279f108b"
 }
@@ -28,7 +28,6 @@ class AcmeApi {
                }
            }
        }
        console.log(locationUrl, mapping);
        return locationUrl;
    }
@@ -1,10 +1,9 @@
 /**
 * ACME auto helper
 */
-import { readCsrDomains } from './crypto/index.js';
+import { readCsrDomains } from "./crypto/index.js";
-import { log } from './logger.js';
+import { wait } from "./wait.js";
-import { wait } from './wait.js';
+import { CancelError } from "./error.js";
 import { CancelError } from './error.js';
 const defaultOpts = {
@@ -13,13 +12,13 @@ const defaultOpts = {
    preferredChain: null,
    termsOfServiceAgreed: false,
    skipChallengeVerification: false,
-    challengePriority: ['http-01', 'dns-01'],
+    challengePriority: ["http-01", "dns-01"],
    challengeCreateFn: async () => {
-        throw new Error('Missing challengeCreateFn()');
+        throw new Error("Missing challengeCreateFn()");
    },
    challengeRemoveFn: async () => {
-        throw new Error('Missing challengeRemoveFn()');
+        throw new Error("Missing challengeRemoveFn()");
-    },
+    }
 };
 /**
@@ -30,7 +29,7 @@ const defaultOpts = {
 * @returns {Promise<buffer>} Certificate
 */
-export default  async (client, userOpts) => {
+export default async (client, userOpts) => {
    const opts = { ...defaultOpts, ...userOpts };
    const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };
@@ -45,18 +44,20 @@ export default  async (client, userOpts) => {
        accountPayload.externalAccountBinding = opts.externalAccountBinding;
    }
    const log = (...args)=>{
        return client.logger.info(...args);
    }
    /**
     * Register account
     */
-    log('[auto] Checking account');
+    log("[auto] Checking account");
    try {
        client.getAccountUrl();
-        log('[auto] Account URL already exists, skipping account registration');
+        log("[auto] Account URL already exists, skipping account registration（ 证书申请账户已存在，跳过注册 ）");
-    }
+    } catch (e) {
-    catch (e) {
+        log("[auto] Registering account （注册证书申请账户）");
        log('[auto] Registering account');
        await client.createAccount(accountPayload);
    }
@@ -64,7 +65,7 @@ export default  async (client, userOpts) => {
     * Parse domains from CSR
     */
-    log('[auto] Parsing domains from Certificate Signing Request');
+    log("[auto] Parsing domains from Certificate Signing Request ");
    const { commonName, altNames } = readCsrDomains(opts.csr);
    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
@@ -74,8 +75,11 @@ export default  async (client, userOpts) => {
     * Place order
     */
-    log('[auto] Placing new certificate order with ACME provider');
+    log("[auto] Placing new certificate order with ACME provider");
-    const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: 'dns', value: d })) };
+    const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: "dns", value: d })) };
    if (opts.profile && client.sslProvider === 'letsencrypt' ){
        orderPayload.profile = opts.profile;
    }
    const order = await client.createOrder(orderPayload);
    const authorizations = await client.getAuthorizations(order);
@@ -85,99 +89,81 @@ export default  async (client, userOpts) => {
     * Resolve and satisfy challenges
     */
-    log('[auto] Resolving and satisfying authorization challenges');
+    log("[auto] Resolving and satisfying authorization challenges");
    const clearTasks = [];
    const localVerifyTasks = [];
    const completeChallengeTasks = [];
    const challengeFunc = async (authz) => {
        const d = authz.identifier.value;
        let challengeCompleted = false;
        /* Skip authz that already has valid status */
-        if (authz.status === 'valid') {
+        if (authz.status === "valid") {
            log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
            return;
        }
-        try {
+        const keyAuthorizationGetter = async (challenge) => {
-            /* Select challenge based on priority */
+            return await client.getChallengeKeyAuthorization(challenge);
-            const challenge = authz.challenges.sort((a, b) => {
+        };
                const aidx = opts.challengePriority.indexOf(a.type);
                const bidx = opts.challengePriority.indexOf(b.type);
                if (aidx === -1) return 1;
                if (bidx === -1) return -1;
                return aidx - bidx;
            }).slice(0, 1)[0];
            if (!challenge) {
                throw new Error(`Unable to select challenge for ${d}, no challenge found`);
            }
            log(`[auto] [${d}] Found ${authz.challenges.length} challenges, selected type: ${challenge.type}`);
            /* Trigger challengeCreateFn() */
            log(`[auto] [${d}] Trigger challengeCreateFn()`);
            const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
        async function deactivateAuth(e) {
            log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
            try {
-                const { recordReq, recordRes, dnsProvider } = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
+                log(`[auto] [${d}] Deactivating failed authorization`);
-                log(`[auto] [${d}] challengeCreateFn success`);
+                await client.deactivateAuthorization(authz);
-                log(`[auto] [${d}] add challengeRemoveFn()`);
+            } catch (f) {
-                clearTasks.push(async () => {
+                /* Suppress deactivateAuthorization() errors */
-                    /* Trigger challengeRemoveFn(), suppress errors */
+                log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
                    log(`[auto] [${d}] Trigger challengeRemoveFn()`);
                    try {
                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
                    }
                    catch (e) {
                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
                    }
                });
                // throw new Error('测试异常');
                /* Challenge verification */
                if (opts.skipChallengeVerification === true) {
                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true，wait 60s`);
                    await wait(60 * 1000);
                }
                else {
                    log(`[auto] [${d}] Running challenge verification`);
                    try {
                        await client.verifyChallenge(authz, challenge);
                    }
                    catch (e) {
                        log(`[auto] [${d}] challenge verification threw error: ${e.message}`);
                    }
                }
                /* Complete challenge and wait for valid status */
                log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`);
                await client.completeChallenge(challenge);
                challengeCompleted = true;
                await client.waitForValidStatus(challenge);
            }
            catch (e) {
                log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
                throw e;
            }
        }
        catch (e) {
            /* Deactivate pending authz when unable to complete challenge */
            if (!challengeCompleted) {
                log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
        log(`[auto] [${d}] Trigger challengeCreateFn()`);
        try {
            const { recordReq, recordRes, dnsProvider, challenge, keyAuthorization ,httpUploader} = await opts.challengeCreateFn(authz, keyAuthorizationGetter);
            clearTasks.push(async () => {
                /* Trigger challengeRemoveFn(), suppress errors */
                log(`[auto] [${d}] Trigger challengeRemoveFn()`);
                try {
-                    log(`[auto] [${d}] Deactivating failed authorization`);
+                    await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider,httpUploader);
-                    await client.deactivateAuthorization(authz);
+                } catch (e) {
                    log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
                }
-                catch (f) {
+            });
                    /* Suppress deactivateAuthorization() errors */
                    log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
                }
            }
            localVerifyTasks.push(async () => {
                /* Challenge verification */
                log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
                try {
                    await client.verifyChallenge(authz, challenge);
                } catch (e) {
                    log(`[auto] [${d}] 本地验证失败，尝试请求ACME提供商获取状态: ${e.message}`);
                }
            });
            completeChallengeTasks.push(async () => {
                /* Complete challenge and wait for valid status */
                log(`[auto] [${d}] 请求ACME提供商完成验证`);
                try{
                    await client.completeChallenge(challenge);
                }catch (e) {
                    await deactivateAuth(e);
                    throw e;
                }
                challengeCompleted = true;
                log(`[auto] [${d}] 等待返回valid状态`);
                await client.waitForValidStatus(challenge,d);
            });
        } catch (e) {
            log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
            await deactivateAuth(e);
            throw e;
        }
    };
    const domainSets = [];
@@ -185,7 +171,7 @@ export default  async (client, userOpts) => {
        const d = authz.identifier.value;
        log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`);
-        if (authz.status === 'valid') {
+        if (authz.status === "valid") {
            log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
            return;
        }
@@ -209,8 +195,9 @@ export default  async (client, userOpts) => {
    const allChallengePromises = [];
    // eslint-disable-next-line no-restricted-syntax
    const challengePromises = [];
    allChallengePromises.push(challengePromises);
    for (const domainSet of domainSets) {
        const challengePromises = [];
        // eslint-disable-next-line guard-for-in,no-restricted-syntax
        for (const domain in domainSet) {
            const authz = domainSet[domain];
@@ -219,12 +206,11 @@ export default  async (client, userOpts) => {
                await challengeFunc(authz);
            });
        }
        allChallengePromises.push(challengePromises);
    }
    log(`[auto] challengeGroups:${allChallengePromises.length}`);
-    function runAllPromise(tasks) {
+    async function runAllPromise(tasks) {
        let promise = Promise.resolve();
        tasks.forEach((task) => {
            promise = promise.then(task);
@@ -232,73 +218,66 @@ export default  async (client, userOpts) => {
        return promise;
    }
-    async function runPromisePa(tasks) {
+    async function runPromisePa(tasks, waitTime = 8000) {
        const results = [];
        let j = 0
        // eslint-disable-next-line no-await-in-loop,no-restricted-syntax
        for (const task of tasks) {
            j++
            log(`开始第${j}个任务`);
            results.push(task());
            // eslint-disable-next-line no-await-in-loop
-            await wait(10000);
+            log(`wait ${Math.floor(waitTime/1000)}s`)
            await wait(waitTime);
        }
        return Promise.all(results);
    }
-    try {
+    log(`开始challenge，共${allChallengePromises.length}组`);
-        log(`开始challenge，共${allChallengePromises.length}组`);
+    let i = 0;
-        let i = 0;
+    // eslint-disable-next-line no-restricted-syntax
-        // eslint-disable-next-line no-restricted-syntax
+    for (const challengePromises of allChallengePromises) {
-        for (const challengePromises of allChallengePromises) {
+        i += 1;
-            i += 1;
+        log(`开始第${i}组`);
-            log(`开始第${i}组`);
+        if (opts.signal && opts.signal.aborted) {
-            if (opts.signal && opts.signal.aborted) {
+            throw new CancelError("用户取消");
-                throw new CancelError('用户取消');
+        }
        const waitDnsDiffuseTime = opts.waitDnsDiffuseTime || 30;
        try {
            // eslint-disable-next-line no-await-in-loop
            await runPromisePa(challengePromises);
            if (opts.skipChallengeVerification === true) {
                log(`跳过本地验证（skipChallengeVerification=true），等待 60s`);
                await wait(60 * 1000);
            } else {
                log("开始本地校验")
                await runPromisePa(localVerifyTasks, 1000);
                log(`本地校验完成，等待${waitDnsDiffuseTime}s`)
                await wait(waitDnsDiffuseTime * 1000)
            }
-            try {
+            log("开始向提供商请求检查验证");
-                // eslint-disable-next-line no-await-in-loop
+            await runPromisePa(completeChallengeTasks, 1000);
-                await runPromisePa(challengePromises);
+        } catch (e) {
-            }
+            log(`证书申请失败${e.message}`);
-            catch (e) {
+            throw e;
-                log(`证书申请失败${e.message}`);
+        } finally {
-                throw e;
+            // letsencrypt 如果同时检出两个TXT记录，会以第一个为准，就会校验失败，所以需要提前删除
-            }
+            // zerossl 此方式测试无问题
            finally {
                if (client.opts.sslProvider !== 'google') {
                    // letsencrypt 如果同时检出两个TXT记录，会以第一个为准，就会校验失败，所以需要提前删除
                    // zerossl 此方式测试无问题
                    log(`清理challenge痕迹，length:${clearTasks.length}`);
                    try {
                        // eslint-disable-next-line no-await-in-loop
                        await runAllPromise(clearTasks);
                    }
                    catch (e) {
                        log('清理challenge失败');
                        log(e);
                    }
                }
            }
        }
    }
    finally {
        if (client.opts.sslProvider === 'google') {
            // google 相同的域名txt记录是一样的，不能提前删除，否则校验失败，报错如下
            //  Error: The TXT record retrieved from _acme-challenge.bbc.handsfree.work.
            //  at the time the challenge was validated did not contain JshHVu7dt_DT6uYILWhokHefFVad2Q6Mw1L-fNZFcq8
            //  (the base64url-encoded SHA-256 digest of RlJZNBR0LWnxNK_xd2zqtYVvCiNJOKJ3J1NmCjU_9BjaUJgL3k-qSpIhQ-uF4FBS.NRyqT8fRiq6THzzrvkgzgR5Xai2LsA2SyGLAq_wT3qc).
            //  See https://tools.ietf.org/html/rfc8555#section-8.4 for more information.
            log(`清理challenge痕迹，length:${clearTasks.length}`);
            try {
-            // eslint-disable-next-line no-await-in-loop
+                // eslint-disable-next-line no-await-in-loop
                await runAllPromise(clearTasks);
-            }
+            } catch (e) {
-            catch (e) {
+                log("清理challenge失败");
                log('清理challenge失败');
                log(e);
            }
        }
    }
-    log('challenge结束');
+
    log("challenge结束");
    // log('[auto] Waiting for challenge valid status');
    // await Promise.all(challengePromises);
@@ -306,7 +285,7 @@ export default  async (client, userOpts) => {
     * Finalize order and download certificate
     */
-    log('[auto] Finalizing order and downloading certificate');
+    log("[auto] Finalizing order and downloading certificate");
    const finalized = await client.finalizeOrder(order, opts.csr);
    const res = await client.getCertificate(finalized, opts.preferredChain);
    return res;
@@ -3,9 +3,9 @@
 */
 import axios from 'axios';
 import { parseRetryAfterHeader } from './util.js';
 import { log } from './logger.js';
 const { AxiosError } = axios;
 import {getGlobalAgents, HttpError} from '@certd/basic'
 import { log } from './logger.js';
 /**
 * Defaults
 */
@@ -126,6 +126,7 @@ instance.interceptors.response.use(null, async (error) => {
            /* Wait and retry the request */
            await new Promise((resolve) => { setTimeout(resolve, (retryAfter * 1000)); });
            log(`Retrying request to URL ${config.url}`);
            return instance(config);
        }
    }
--- a/Show More
+++ b/Show More
		`@@ -1,5 +0,0 @@`
			`# 插件列表`

			`![img_1.png](../images/plugins/list.png)`