build: release

本次提交新增了从DNS解析记录批量导入站点监控的完整功能：
1. 扩展Registrable类型新增icon字段支持
2. 新增DNS解析记录获取接口和基础实现
3. 为阿里云、腾讯云、Cloudflare等DNS提供商添加解析记录分页获取支持
4. 新增站点监控导入任务管理功能，支持保存、启动、删除导入任务
5. 新增中文/英文多语言支持
6. 优化暗黑模式表格样式
7. 修复ACME账户访问修复逻辑中项目ID可选的问题
8. 优化HiPM DNS提供商的域名获取逻辑

.gitignore

@@ -37,5 +37,6 @@ pnpm-lock.yaml
 .studio/
 
 # Certd 推广报告，仅本地使用
-/popularize/
+/popularize/reports/
-
+output/
+.uploads/

.trae/skills/agent.md

@@ -1,13 +0,0 @@
-你是一名资深nodejs工程师，擅长开发Certd开源系统的任务插件。
-certd是一款全自动证书申请部署管理工具，基于流水线的方式，通过里面申请证书插件申请证书，然后将证书传递给下一个部署任务插件，不同的部署任务插件将证书部署到用户的各个应用系统当中。
-
-certd插件分成以下几种类型：
-Access：存储用户的第三放应用的授权数据，比如用户名密码，accessSecret 或 accessToken等。同时它里面的方法还负责对接第三方的api接口
-Task： 部署任务插件，它继承AbstractTaskPlugin类，被流水线调用execute方法，将证书部署到对应的应用上
-DnsProvider: DNS提供商插件，它用于在ACME申请证书时给域名添加txt解析记录。
-
-注意事项：
-1、使用技能：在开始工作前，请阅读并加载.trae/skills下面的技能，根据skills进行相应的插件开发
-2、迭代技能：当开发过程用户提醒你更好的做法时，你需要总结经验，更新相应的skills，让skills越来越完善，能够在以后得新插件开发中具备指导意义。
-3、一般调用的api接口文档会比较复杂，你不知道接口是什么时，请务必询问用户，让用户提供API接口文档
-4、完成开发后无需测试，通知用户自己去测试

CHANGELOG.md

@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+### Bug Fixes
+
+* 修复litessl无法申请证书，报authorization must be pending 错误的问题 ([d6cd9d1](https://github.com/certd/certd/commit/d6cd9d136d2812b2335917305f36d6d9414507ad))
+
+### Performance Improvements
+
+* 首页夜间模式主图切换为黑色背景 ([15484bc](https://github.com/certd/certd/commit/15484bc119fef7a0ca7f3fdab01d665fde47e688))
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Bug Fixes
+
+* **cert-plugin:** 修复DNS提供商授权无法回显的bug ([016ae86](https://github.com/certd/certd/commit/016ae865b1d914fe5792e77a08e3ab5358df5f89))
+* Parse PEM chain and import certificate chain ([#747](https://github.com/certd/certd/issues/747)) ([454912d](https://github.com/certd/certd/commit/454912d31407d350cbd170953ccbd0564e74fd6c))
+
+### Performance Improvements
+
+* 添加AWS Rate Limit应对措施 ([#748](https://github.com/certd/certd/issues/748)) ([56b8c68](https://github.com/certd/certd/commit/56b8c689ec2b5cff49010a8c765483dd36803e9d))
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+* 优化 HiPM DNSMgr 插件，添加域名查询双层策略 ([#744](https://github.com/certd/certd/issues/744)) @WUHINS ([0f3f851](https://github.com/certd/certd/commit/0f3f8519e04d95cb848e28b98a3d4fcbed481fce))
+
+### Reverts
+
+* Revert "perf: 添加AWS Rate Limit应对措施 (#748)" (#749) ([5e8bdac](https://github.com/certd/certd/commit/5e8bdac00850bed4f5f2a272bee42c490730ec21)), closes [#748](https://github.com/certd/certd/issues/748) [#749](https://github.com/certd/certd/issues/749)
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 ### Performance Improvements

README.md

@@ -179,7 +179,10 @@ https://certd.handfree.work/
 2. 您的需求我们将优先实现，并且可能将作为专业版功能提供
 3. 获得专业版功能
 
-[50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product)
+
+> [50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product)  https://app.handfree.work/subject/#/app/certd/product      
+>  handfree.work是Certd官方激活码购买平台
+
 
 专业版、商业版特权对比
 

docs/guide/changelogs/CHANGELOG.md

@@ -1,9 +1,45 @@
-
 # Change Log
 
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+### Bug Fixes
+
+* 修复litessl无法申请证书，报authorization must be pending 错误的问题 ([d6cd9d1](https://github.com/certd/certd/commit/d6cd9d136d2812b2335917305f36d6d9414507ad))
+
+### Performance Improvements
+
+* 首页夜间模式主图切换为黑色背景 ([15484bc](https://github.com/certd/certd/commit/15484bc119fef7a0ca7f3fdab01d665fde47e688))
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Bug Fixes
+
+* **cert-plugin:** 修复DNS提供商授权无法回显的bug ([016ae86](https://github.com/certd/certd/commit/016ae865b1d914fe5792e77a08e3ab5358df5f89))
+* Parse PEM chain and import certificate chain ([#747](https://github.com/certd/certd/issues/747)) ([454912d](https://github.com/certd/certd/commit/454912d31407d350cbd170953ccbd0564e74fd6c))
+
+### Performance Improvements
+
+* 添加AWS Rate Limit应对措施 ([#748](https://github.com/certd/certd/issues/748)) ([56b8c68](https://github.com/certd/certd/commit/56b8c689ec2b5cff49010a8c765483dd36803e9d))
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+* 优化 HiPM DNSMgr 插件，添加域名查询双层策略 ([#744](https://github.com/certd/certd/issues/744)) @WUHINS ([0f3f851](https://github.com/certd/certd/commit/0f3f8519e04d95cb848e28b98a3d4fcbed481fce))
+
+### Reverts
+
+* Revert "perf: 添加AWS Rate Limit应对措施 (#748)" (#749) ([5e8bdac](https://github.com/certd/certd/commit/5e8bdac00850bed4f5f2a272bee42c490730ec21)), closes [#748](https://github.com/certd/certd/issues/748) [#749](https://github.com/certd/certd/issues/749)
+
+## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
+
+### Performance Improvements
+
+* 流水线、监控站点支持导出 ([99fd308](https://github.com/certd/certd/commit/99fd3083f259cdb96fd656f04858dd708d1251c7))
+* 优化列表页面请求两次的问题 ([5546af5](https://github.com/certd/certd/commit/5546af518e92c765513787ccaf8e856be789bcf9))
+* 优化邀请注册流程 ([7a71e45](https://github.com/certd/certd/commit/7a71e45799d782d0691606fb42b4236f1d3009b0))
+* **settings:** 新增NO_PROXY代理排除配置 ([c0df8be](https://github.com/certd/certd/commit/c0df8be83237e323c2c9a5bd02507430a86a00cc))
+* **volcengine-vke:** 火山VKE集群证书支持两种类型的证书保密字典 ([77b8024](https://github.com/certd/certd/commit/77b802445322d576d54d194f7c505da49e0e824c))
+
 # [1.41.0](https://github.com/certd/certd/compare/v1.40.5...v1.41.0) (2026-06-04)
 
 ### Bug Fixes

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.41.1"
+  "version": "1.41.3"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/publishlab/node-acme-client/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+### Bug Fixes
+
+* 修复litessl无法申请证书，报authorization must be pending 错误的问题 ([d6cd9d1](https://github.com/publishlab/node-acme-client/commit/d6cd9d136d2812b2335917305f36d6d9414507ad))
+
+## [1.41.2](https://github.com/publishlab/node-acme-client/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.41.1](https://github.com/publishlab/node-acme-client/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.41.1",
+    "version": "1.41.3",
     "type": "module",
     "module": "./dist/index.js",
     "main": "./dist/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.41.1",
+        "@certd/basic": "^1.41.3",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",
@@ -76,5 +76,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+    "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/core/acme-client/src/auto.test.ts

@@ -0,0 +1,69 @@
+import assert from "node:assert/strict";
+import auto from "./auto.js";
+import { createCsr, createPrivateRsaKey } from "./crypto/index.js";
+
+declare const describe: any;
+declare const it: any;
+
+describe("auto challenge status polling", () => {
+    it("polls the authorization URL after completing a challenge", async () => {
+        const [, csr] = await createCsr({ commonName: "example.com" }, await createPrivateRsaKey());
+        const challenge = {
+            type: "dns-01",
+            url: "https://ca.example/chall/1",
+            token: "token",
+        };
+        const authz = {
+            status: "pending",
+            identifier: { type: "dns", value: "example.com" },
+            url: "https://ca.example/authz/1",
+            challenges: [challenge],
+        };
+        const order = {
+            status: "pending",
+            url: "https://ca.example/order/1",
+            finalize: "https://ca.example/order/1/finalize",
+            authorizations: [authz.url],
+        };
+        const polledUrls: string[] = [];
+        const originalSetTimeout = globalThis.setTimeout;
+
+        (globalThis as any).setTimeout = (fn: (...args: any[]) => void) => originalSetTimeout(fn, 0);
+
+        try {
+            const certificate = await auto(
+                {
+                    logger: { info: () => {} },
+                    sslProvider: "litessl",
+                    getAccountUrl: () => "https://ca.example/acct/1",
+                    createOrder: async () => order,
+                    getAuthorizations: async () => [authz],
+                    getChallengeKeyAuthorization: async () => "key-authorization",
+                    verifyChallenge: async () => {},
+                    completeChallenge: async () => ({ ...challenge, status: "processing" }),
+                    waitForValidStatus: async (item: { url: string }) => {
+                        polledUrls.push(item.url);
+                        return { ...item, status: "valid" };
+                    },
+                    finalizeOrder: async () => ({ ...order, status: "valid", certificate: "https://ca.example/cert/1" }),
+                    getCertificate: async () => "CERTIFICATE",
+                } as any,
+                {
+                    csr,
+                    termsOfServiceAgreed: true,
+                    waitDnsDiffuseTime: 0,
+                    challengeCreateFn: async (_authz: any, keyAuthorizationGetter: (challenge: any) => Promise<string>) => ({
+                        challenge,
+                        keyAuthorization: await keyAuthorizationGetter(challenge),
+                    }),
+                    challengeRemoveFn: async () => {},
+                }
+            );
+
+            assert.equal(certificate, "CERTIFICATE");
+            assert.deepEqual(polledUrls, [authz.url]);
+        } finally {
+            (globalThis as any).setTimeout = originalSetTimeout;
+        }
+    });
+});

packages/core/acme-client/src/auto.ts

@@ -172,7 +172,7 @@ export default async (client, userOpts) => {
                 }
                 challengeCompleted = true;
                 log(`[auto] [${d}] 等待返回valid状态`);
-                await client.waitForValidStatus(challenge,d);
+                await client.waitForValidStatus(authz,d);
             });
 
 

packages/core/acme-client/src/verify.ts

@@ -263,4 +263,4 @@ export function createChallengeFn(opts = {}) {
 
 
 
-// createChallengeFn({logger:{info:console.log}}).walkDnsChallengeRecord("handsfree.work")
+// createChallengeFn({logger:{info:console.log}}).walkDnsChallengeRecord("handfree.work")

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Performance Improvements
+
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 ### Performance Improvements

packages/core/basic/build.md

@@ -1 +1 @@
-02:33
+23:53

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -52,5 +52,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Performance Improvements
+
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -19,8 +19,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
-    "@certd/plus-core": "^1.41.1",
+    "@certd/plus-core": "^1.41.3",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -49,5 +49,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/core/pipeline/src/registry/registry.ts

@@ -7,6 +7,7 @@ export type Registrable = {
   group?: string;
   deprecated?: string;
   order?: number;
+  icon?: string;
 };
 export type TargetGetter<T> = () => Promise<T>;
 export type RegistryItem<T> = {

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -27,5 +27,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -34,5 +34,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.41.1",
+  "version": "1.41.3",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -59,5 +59,5 @@
       "fetch"
     ]
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -19,7 +19,7 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -36,5 +36,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 ### Performance Improvements

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.41.1",
+  "version": "1.41.3",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -29,11 +29,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.41.1",
+    "@certd/acme-client": "^1.41.3",
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
-    "@certd/pipeline": "^1.41.1",
+    "@certd/pipeline": "^1.41.3",
-    "@certd/plugin-lib": "^1.41.1",
+    "@certd/plugin-lib": "^1.41.3",
-    "@certd/plus-core": "^1.41.1",
+    "@certd/plus-core": "^1.41.3",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -69,5 +69,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.41.1",
+  "version": "1.41.3",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -49,5 +49,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -18,10 +18,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.41.1",
+    "@certd/acme-client": "^1.41.3",
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
-    "@certd/pipeline": "^1.41.1",
+    "@certd/pipeline": "^1.41.3",
-    "@certd/plugin-lib": "^1.41.1",
+    "@certd/plugin-lib": "^1.41.3",
     "psl": "^1.9.0",
     "punycode.js": "^2.3.1"
   },
@@ -41,5 +41,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Performance Improvements
+
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.41.1",
+  "version": "1.41.3",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -23,10 +23,10 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.11",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.41.1",
+    "@certd/acme-client": "^1.41.3",
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
-    "@certd/pipeline": "^1.41.1",
+    "@certd/pipeline": "^1.41.3",
-    "@certd/plus-core": "^1.41.1",
+    "@certd/plus-core": "^1.41.3",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -61,5 +61,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "d368f9666abf71d7f56891b6cbedeb618b82701c"
+  "gitHead": "6cbd62977731a3b72c42b5f88c49500631da0a46"
 }

packages/plugins/plugin-lib/src/cert/dns-provider/api.ts

@@ -34,6 +34,14 @@ export type DomainRecord = {
   domain: string;
 };
 
+export type DnsResolveRecord = {
+  id: string;
+  hostRecord: string;
+  fullRecord: string;
+  type: string;
+  value: string;
+};
+
 export interface IDnsProvider<T = any> {
   onInstance(): Promise<void>;
 
@@ -59,6 +67,8 @@ export interface IDnsProvider<T = any> {
   usePunyCode(): boolean;
 
   getDomainListPage(pager: PageSearch): Promise<PageRes<DomainRecord>>;
+
+  getRecordListPage?(domain: string, pager: PageSearch): Promise<PageRes<DnsResolveRecord>>;
 }
 
 export interface ISubDomainsGetter {

packages/plugins/plugin-lib/src/cert/dns-provider/base.ts

@@ -1,7 +1,7 @@
 import { HttpClient, ILogger } from "@certd/basic";
 import { IAccessService, PageRes, PageSearch } from "@certd/pipeline";
 import punycode from "punycode.js";
-import { CreateRecordOptions, DnsProviderContext, DnsProviderDefine, DomainRecord, IDnsProvider, RemoveRecordOptions } from "./api.js";
+import { CreateRecordOptions, DnsProviderContext, DnsProviderDefine, DnsResolveRecord, DomainRecord, IDnsProvider, RemoveRecordOptions } from "./api.js";
 import { dnsProviderRegistry } from "./registry.js";
 export abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
   ctx!: DnsProviderContext;
@@ -49,6 +49,10 @@ export abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
   async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
     throw new Error("Method not implemented.");
   }
+
+  async getRecordListPage(domain: string, req: PageSearch): Promise<PageRes<DnsResolveRecord>> {
+    throw new Error("Method not implemented.");
+  }
 }
 
 export async function createDnsProvider(opts: { dnsProviderType: string; context: DnsProviderContext }): Promise<IDnsProvider> {

packages/ui/certd-client/.env

@@ -4,8 +4,8 @@ VITE_APP_PM_ENABLED=true
 VITE_APP_TITLE=Certd
 VITE_APP_SLOGAN=让你的证书永不过期
 VITE_APP_COPYRIGHT_YEAR=2021-2026
-VITE_APP_COPYRIGHT_NAME=handsfree.work
+VITE_APP_COPYRIGHT_NAME=handfree.work
-VITE_APP_COPYRIGHT_URL=https://certd.handsfree.work
+VITE_APP_COPYRIGHT_URL=https://certd.handfree.work
 VITE_APP_LOGO=static/images/logo/logo.svg
 VITE_APP_LOGIN_LOGO=static/images/logo/rect-black.svg
 VITE_APP_PROJECT_PATH=https://github.com/certd/certd

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,22 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+### Performance Improvements
+
+* 首页夜间模式主图切换为黑色背景 ([15484bc](https://github.com/certd/certd/commit/15484bc119fef7a0ca7f3fdab01d665fde47e688))
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Bug Fixes
+
+* **cert-plugin:** 修复DNS提供商授权无法回显的bug ([016ae86](https://github.com/certd/certd/commit/016ae865b1d914fe5792e77a08e3ab5358df5f89))
+
+### Performance Improvements
+
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 ### Performance Improvements

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.41.1",
+  "version": "1.41.3",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.41.1",
+    "@certd/lib-iframe": "^1.41.3",
-    "@certd/pipeline": "^1.41.1",
+    "@certd/pipeline": "^1.41.3",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/components/plugins/cert/dns-provider-selector/index.vue

@@ -14,7 +14,7 @@ export default {
       default: undefined,
     },
   },
-  emits: ["update:modelValue", "selected-change"],
+  emits: ["update:modelValue", "selected-change", "change"],
   setup(props: any, ctx: any) {
     const options = ref<any[]>([]);
 
@@ -33,7 +33,8 @@ export default {
       // if (props.modelValue == null && options.value.length > 0) {
       //   ctx.emit("update:modelValue", options.value[0].value);
       // }
-      onSelectedChange(props.modelValue);
+      //这里需要一个第一次的selected-change事件，外部表单字段有情况会用到选中的option
+      onSelectedChange(props.modelValue, true);
     }
     onCreate();
 
@@ -41,9 +42,12 @@ export default {
       ctx.emit("update:modelValue", value);
       onSelectedChange(value);
     }
-    function onSelectedChange(value: any) {
+    function onSelectedChange(value: any, isFirst: boolean = false) {
       if (value) {
         const option = options.value.find(item => item.value == value);
+        if (!isFirst) {
+          ctx.emit("change", value);
+        }
         if (option) {
           ctx.emit("selected-change", option);
           return;

packages/ui/certd-client/src/locales/langs/en-US/certd/cert-domain.ts

@@ -18,6 +18,7 @@ export default {
     subdomainConfirmTitle: "Subdomain Confirmation",
     subdomainConfirmContent: "{domain} appears to be a subdomain. Only delegated subdomains and free second-level subdomains need to be maintained here. Otherwise certificate application may fail. Continue?",
     importFromProvider: "Import from Domain Provider",
+    importFromResolveRecords: "Import from DNS Records",
     syncExpirationDate: "Sync Domain Expiration Time",
     syncTaskSubmitted: "Sync task submitted",
     syncExpirationProgress: "Sync Domain Expiration Progress",

packages/ui/certd-client/src/locales/langs/en-US/certd/sys-cname.ts

@@ -4,7 +4,7 @@ export default {
     "The domain name configured here serves as a proxy for verifying other domains. When other domains apply for certificates, they map to this domain via CNAME for ownership verification. The advantage is that any domain can apply for a certificate this way without providing an AccessSecret.",
   cnameLinkText: "CNAME principle and usage instructions",
   cnameDomain: "CNAME Domain",
-  cnameDomainPlaceholder: "cname.handsfree.work",
+  cnameDomainPlaceholder: "cname.handfree.work",
   cnameDomainHelper:
     "Requires a domain registered with a DNS provider on the right (or you can transfer other domain DNS servers here).\nOnce the CNAME domain is set, it cannot be changed. It is recommended to use a first-level subdomain.",
   cnameDomainPattern: "Domain name cannot contain *",

packages/ui/certd-client/src/locales/langs/zh-CN/certd/cert-domain.ts

@@ -18,6 +18,7 @@ export default {
     subdomainConfirmTitle: "子域名确认",
     subdomainConfirmContent: "检测到{domain}为子域名，只有托管子域名和免费二级子域名才需要在此处维护，否则会导致申请证书失败，请确认是否继续？",
     importFromProvider: "从域名提供商导入",
+    importFromResolveRecords: "从解析记录导入",
     syncExpirationDate: "同步域名过期时间",
     syncTaskSubmitted: "同步任务已提交",
     syncExpirationProgress: "同步域名过期时间进度",

packages/ui/certd-client/src/locales/langs/zh-CN/certd/sys-cname.ts

@@ -3,7 +3,7 @@ export default {
   cnameDescription: "此处配置的域名作为其他域名校验的代理，当别的域名需要申请证书时，通过CNAME映射到此域名上来验证所有权。好处是任何域名都可以通过此方式申请证书，也无需填写AccessSecret。",
   cnameLinkText: "CNAME功能原理及使用说明",
   cnameDomain: "CNAME域名",
-  cnameDomainPlaceholder: "cname.handsfree.work",
+  cnameDomainPlaceholder: "cname.handfree.work",
   cnameDomainHelper: "需要一个右边DNS提供商注册的域名（也可以将其他域名的dns服务器转移到这几家来）。\nCNAME域名一旦确定不可修改，建议使用一级子域名",
   cnameDomainPattern: "域名不能使用星号",
   cnameProviderSubdomain: "托管子域名",

packages/ui/certd-client/src/style/dark.less

@@ -8,4 +8,45 @@
   .vben-normal-menu__item.is-active {
     background-color: #3b3b3b !important;
   }
+
+  .cd-table {
+    th,
+    td {
+      border-bottom: 1px solid #303030;
+      border-left: 1px solid #303030;
+    }
+
+    th {
+      background: #1f1f1f;
+      color: rgba(255, 255, 255, 0.85);
+      border-top: 1px solid #303030;
+
+      &:last-child {
+        border-right: 1px solid #303030;
+      }
+    }
+
+    td {
+      &:last-child {
+        border-right: 1px solid #303030;
+      }
+    }
+
+    td.position-sticky-right {
+      background-color: #141414;
+    }
+
+    .position-sticky-right::before {
+      background: #303030;
+    }
+
+    tr.hover-color:hover td {
+      background: #262626;
+    }
+
+    .status-active {
+      background: #1f3a23;
+      color: #81c784;
+    }
+  }
 }

packages/ui/certd-client/src/views/certd/cert/apply-template/crud.tsx

@@ -109,7 +109,7 @@ export default function ({ crudExpose }: CreateCrudOptionsProps): CreateCrudOpti
       },
       rowHandle: {
         fixed: "right",
-        width: 120,
+        width: 200,
         buttons: {
           edit: {
             click: ({ row }) => openForm(row),

packages/ui/certd-client/src/views/certd/monitor/site/api.ts

@@ -72,6 +72,36 @@ export const siteInfoApi = {
     });
   },
 
+  async ImportTaskSave(body: any) {
+    return await request({
+      url: apiPrefix + "/import/save",
+      method: "post",
+      data: body,
+    });
+  },
+  async ImportTaskStatus() {
+    return await request({
+      url: apiPrefix + "/import/status",
+      method: "post",
+    });
+  },
+  async ImportTaskDelete(key: string) {
+    return await request({
+      url: apiPrefix + "/import/delete",
+      method: "post",
+      data: { key },
+    });
+  },
+  async ImportTaskStart(key: string) {
+    return await request({
+      url: apiPrefix + "/import/start",
+      method: "post",
+      data: { key },
+    });
+  },
+
+
+
   async DisabledChange(id: number, disabled: boolean) {
     return await request({
       url: apiPrefix + "/disabledChange",

packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx

@@ -9,7 +9,7 @@ import { useSettingStore } from "/@/store/settings";
 import { mySuiteApi } from "/@/views/certd/suite/mine/api";
 import { mitter } from "/@/utils/util.mitt";
 import { useSiteIpMonitor } from "./ip/use";
-import { useSiteImport } from "/@/views/certd/monitor/site/use";
+import { useSiteImport, useSiteImportTaskManage } from "/@/views/certd/monitor/site/use";
 import { ref } from "vue";
 import GroupSelector from "../../basic/group/group-selector.vue";
 import { createGroupDictRef } from "../../basic/group/api";
@@ -53,6 +53,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
 
   const { openSiteIpMonitorDialog } = useSiteIpMonitor();
   const { openSiteImportDialog } = useSiteImport();
+  const openSiteImportTaskManageDialog = useSiteImportTaskManage();
 
   const certValidDaysRef = ref(10);
 
@@ -200,6 +201,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
       actionbar: {
         buttons: {
           add: {
+            icon: "ion:add-circle-outline",
             async click() {
               if (!settingsStore.isPlus) {
                 // 非plus
@@ -236,6 +238,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             show: hasActionPermission("write"),
             text: t("monitor.bulkImport"),
             type: "primary",
+            icon: "ion:cloud-upload-outline",
             async click() {
               const defaultGroupId = getDefaultGroupId();
               openSiteImportDialog({
@@ -246,10 +249,27 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
               });
             },
           },
+          importFromProvider: {
+            show: hasActionPermission("write"),
+            title: t("certd.domain.importFromResolveRecords"),
+            text: t("certd.domain.importFromResolveRecords"),
+            type: "primary",
+            needPlus: true,
+            color: "gold",
+            icon: "mingcute:vip-1-line",
+            click: async () => {
+              await openSiteImportTaskManageDialog({
+                afterSubmit: () => {
+                  crudExpose.doRefresh();
+                },
+              });
+            },
+          },
           checkAll: {
             show: true,
             text: t("monitor.checkAll"),
             type: "primary",
+            icon: "ion:play-circle-outline",
             click() {
               checkAll();
             },

packages/ui/certd-client/src/views/certd/monitor/site/import.vue

@@ -0,0 +1,139 @@
+<template>
+  <div class="site-info-import-task-status min-h-[300px]">
+    <div class="action mb-5">
+      <fs-button type="primary" icon="mingcute:vip-1-line" @click="addTask">{{ t("certd.domain.addImportTask") }}</fs-button>
+      <fs-button type="primary" icon="ion:refresh-outline" class="ml-2" @click="loadImportTaskStatus">{{ t("certd.domain.refresh") }}</fs-button>
+    </div>
+    <div class="table-container overflow-auto mb-10">
+      <table class="cd-table border-gray-300 w-full">
+        <thead>
+          <tr>
+            <th class="w-[220px]">{{ t("certd.sourcee") }}</th>
+            <th class="">{{ t("certd.domain.progress") }}</th>
+            <th class="w-[220px]">{{ t("certd.domain.operation") }}</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr v-for="item in list" :key="item.key">
+            <td class="ellipsis">
+              <span class="flex items-center pointer" @click="editTask(item)">
+                <span class="flex-1 ellipsis flex items-center">
+                  <fs-icon :icon="item.icon" class="mr-2"></fs-icon>
+                  {{ item.title }}
+                </span>
+                <fs-icon icon="ant-design:edit-outlined" class="ml-2" />
+              </span>
+            </td>
+            <td>
+              <div v-if="item.task">
+                <div>
+                  <a-tag color="blue">{{ t("certd.domain.total") }}：{{ item.task?.total }}</a-tag>
+                  <a-tag color="success" class="ml-2">{{ t("certd.success") }}：{{ item.task?.successCount }}</a-tag>
+                  <a-tag type="info" class="ml-2">{{ t("certd.domain.skipped") }}：{{ item.task?.skipCount }}</a-tag>
+                  <a-tooltip v-if="item.task?.errors.length > 0">
+                    <template #title>
+                      <div v-for="error in item.task?.errors" :key="error">{{ error }}</div>
+                    </template>
+                    <a-tag color="red" class="ml-2">{{ t("certd.domain.failed") }}：{{ item.task?.errors.length }}</a-tag>
+                  </a-tooltip>
+                </div>
+                <a-progress :percent="item.task?.progress" size="small" status="active" />
+              </div>
+              <div v-else>{{ t("certd.domain.notExecuted") }}</div>
+            </td>
+            <td>
+              <fs-button type="primary" icon="ion:play-outline" :disabled="item.task?.status === 'running'" @click="startTask(item)">{{ t("certd.domain.execute") }}</fs-button>
+              <fs-button type="primary" class="ml-2" danger icon="ion:trash-outline" @click="deleteTask(item)">{{ t("certd.domain.delete") }}</fs-button>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { Modal } from "ant-design-vue";
+import { onMounted, onUnmounted, ref } from "vue";
+import * as api from "./api";
+import { useSiteImportTask } from "./use";
+import { useSettingStore } from "/@/store/settings";
+import { useI18n } from "/@/locales";
+defineOptions({
+  name: "SiteInfoImportTaskStatus",
+});
+
+const list = ref([]);
+const { t } = useI18n();
+
+async function loadImportTaskStatus() {
+  const res = await api.siteInfoApi.ImportTaskStatus();
+  list.value = res || [];
+}
+
+async function startTask(item: any) {
+  settingStore.checkPlus();
+  await api.siteInfoApi.ImportTaskStart(item.key);
+  await loadImportTaskStatus();
+}
+
+async function deleteTask(item: any) {
+  Modal.confirm({
+    title: t("certd.domain.confirmDelete"),
+    okText: t("common.confirm"),
+    okType: "danger",
+    onOk: async () => {
+      await api.siteInfoApi.ImportTaskDelete(item.key);
+      await loadImportTaskStatus();
+    },
+  });
+}
+
+const openSiteImportTaskDialog = useSiteImportTask();
+const settingStore = useSettingStore();
+async function addTask() {
+  settingStore.checkPlus();
+  await openSiteImportTaskDialog({
+    afterSubmit: async (res?: any) => {
+      if (res) {
+        await api.siteInfoApi.ImportTaskStart(res.key);
+      }
+      await loadImportTaskStatus();
+    },
+  });
+}
+
+async function editTask(item: any) {
+  settingStore.checkPlus();
+  await openSiteImportTaskDialog({
+    afterSubmit: async () => {
+      await loadImportTaskStatus();
+    },
+    form: item,
+  });
+}
+
+const checkIntervalRef = ref();
+onMounted(async () => {
+  await loadImportTaskStatus();
+  checkIntervalRef.value = setInterval(async () => {
+    await loadImportTaskStatus();
+  }, 3000);
+});
+
+onUnmounted(() => {
+  clearInterval(checkIntervalRef.value);
+});
+</script>
+
+<style lang="less">
+.site-info-import-task-status {
+  .table-container {
+    height: 50vh;
+  }
+
+  .ant-progress {
+    margin-bottom: 0px;
+  }
+}
+</style>

packages/ui/certd-client/src/views/certd/monitor/site/use.tsx

@@ -1,7 +1,11 @@
-import { useFormWrapper } from "@fast-crud/fast-crud";
+import { useFormWrapper, compute } from "@fast-crud/fast-crud";
 import { siteInfoApi } from "./api";
-import { useI18n } from "/src/locales";
+import { useI18n } from "/@/locales";
+import { useSettingStore } from "/@/store/settings";
+import { useFormDialog } from "/@/use/use-dialog";
 import GroupSelector from "../../basic/group/group-selector.vue";
+import SiteInfoImportTaskStatus from "./import.vue";
+
 export function useSiteImport() {
   const { t } = useI18n();
   const { openCrudFormDialog } = useFormWrapper();
@@ -13,7 +17,7 @@ export function useSiteImport() {
         columns: {
           text: {
             type: "textarea",
-            title: t("certd.domainList.title"), // 域名列表
+            title: t("certd.domainList.title"),
             form: {
               helper: t("certd.domainList.helper"),
               rules: [{ required: true, message: t("certd.domainList.required") }],
@@ -21,9 +25,7 @@ export function useSiteImport() {
                 placeholder: t("certd.domainList.placeholder"),
                 rows: 8,
               },
-              col: {
+              col: { span: 24 },
-                span: 24,
-              },
             },
           },
           groupId: {
@@ -36,13 +38,10 @@ export function useSiteImport() {
                 vModel: "modelValue",
                 type: "site",
               },
-              col: {
+              col: { span: 24 },
-                span: 24,
-              },
             },
           },
         },
-
         form: {
           async doSubmit({ form }) {
             return siteInfoApi.Import(form);
@@ -53,7 +52,99 @@ export function useSiteImport() {
     });
   }
 
-  return {
+  return { openSiteImportDialog };
-    openSiteImportDialog,
+}
+
+export function useSiteImportTask() {
+  const { openFormDialog } = useFormDialog();
+  const { t } = useI18n();
+
+  const columns = {
+    dnsProviderType: {
+      title: t("certd.domain.domainProvider"),
+      type: "text",
+      form: {
+        component: {
+          name: "dns-provider-selector",
+          on: {
+            selectedChange: ({ form, $event }: any) => {
+              form.dnsProviderAccessType = $event.accessType;
+            },
+          },
+        },
+        valueChange({ form }: any) {
+          form.dnsProviderAccessId = null;
+        },
+      },
+    },
+    dnsProviderAccessType: {
+      title: t("certd.domain.domainProviderAccessType"),
+      type: "text",
+      form: { show: false },
+    },
+    dnsProviderAccessId: {
+      title: t("certd.domain.domainProviderAccess"),
+      type: "text",
+      form: {
+        component: {
+          name: "access-selector",
+          vModel: "modelValue",
+          type: compute(({ form }: any) => form.dnsProviderAccessType || form.dnsProviderType),
+        },
+      },
+    },
+    groupId: {
+      title: t("certd.fields.group"),
+      type: "text",
+      form: {
+        component: {
+          name: GroupSelector,
+          vModel: "modelValue",
+          type: "site",
+        },
+      },
+    },
+  };
+
+  return function openSiteImportTaskDialog(req: { afterSubmit?: (res?: any) => void; form?: any }) {
+    openFormDialog({
+      title: t("certd.domain.importFromProvider"),
+      columns,
+      initialForm: { ...req.form },
+      onSubmit: async (form: any) => {
+        const res = await siteInfoApi.ImportTaskSave({
+          key: form.key,
+          dnsProviderType: form.dnsProviderType,
+          dnsProviderAccessId: form.dnsProviderAccessId,
+          groupId: form.groupId,
+        });
+        if (req.afterSubmit) {
+          req.afterSubmit(res);
+        }
+      },
+    });
+  };
+}
+
+export function useSiteImportTaskManage() {
+  const { openFormDialog } = useFormDialog();
+  const { t } = useI18n();
+  const settingStore = useSettingStore();
+  return async function openSiteImportTaskManageDialog(req: {
+    afterSubmit?: (res?: any) => void;
+    form?: any;
+    zIndex?: number;
+  }) {
+    settingStore.checkPlus();
+    await openFormDialog({
+      title: t("certd.domain.importFromProvider"),
+      body: () => <SiteInfoImportTaskStatus />,
+      zIndex: req.zIndex,
+      onSubmit: async (form: any) => {
+        if (req.afterSubmit) {
+          req.afterSubmit(form);
+        }
+      },
+    });
   };
 }

packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/step-form/index.vue

@@ -172,9 +172,9 @@ function useStepForm() {
 
   const stepTypeSelected = (item: any) => {
     if (item.needPlus && !settingStore.isPlus) {
-      message.warn("此插件需要开通专业版才能使用");
+      message.warn("此插件需要开通Certd专业版才能使用");
       mitter.emit("openVipModal");
-      throw new Error("此插件需要开通专业版才能使用");
+      throw new Error("此插件需要开通Certd专业版才能使用");
     }
     currentStep.value.type = item.name;
     currentStep.value.title = item.title;

packages/ui/certd-client/src/views/framework/landing/index.vue

@@ -41,7 +41,7 @@
           </div>
         </div>
         <div class="hero-image-wrapper">
-          <img src="/static/images/certd-intro.png" alt="Certd Intro" class="hero-image" />
+          <img :src="isDark ? '/static/images/certd-intro-dark.png' : '/static/images/certd-intro.png'" alt="Certd Intro" class="hero-image" />
         </div>
       </div>
     </section>
@@ -121,7 +121,8 @@ import { useAccessStore } from "/@/vben/stores";
 import { SiteInfo, SysPublicSetting } from "/@/store/settings/api.basic";
 import ThemeToggle from "/@/vben/layouts/widgets/theme-toggle/theme-toggle.vue";
 import { useRouter } from "vue-router";
-
+import { usePreferences } from "/@/vben/preferences";
+const { isDark } = usePreferences();
 const envRef = ref(env);
 const settingStore = useSettingStore();
 const userStore = useUserStore();
@@ -381,7 +382,7 @@ onMounted(() => {
   padding: 0 24px;
   display: grid;
   grid-template-columns: 1.1fr 0.9fr;
-  gap: 60px;
+  gap: 10px;
   align-items: center;
 }
 
@@ -440,7 +441,7 @@ onMounted(() => {
 .hero-image {
   width: 100%;
   height: auto;
-  max-width: 550px;
+  max-width: 600px;
 }
 
 .section-header {

packages/ui/certd-client/src/views/sys/authority/role/index.vue

@@ -11,14 +11,15 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, onActivated, onMounted, ref } from "vue";
 import { useFs } from "@fast-crud/fast-crud";
-import createCrudOptions from "./crud";
-import * as permissionApi from "../permission/api";
-import * as api from "./api";
 import { message } from "ant-design-vue";
+import { defineComponent, ref } from "vue";
+import * as permissionApi from "../permission/api";
 import FsPermissionTree from "../permission/fs-permission-tree.vue";
+import * as api from "./api";
+import createCrudOptions from "./crud";
 import { UseCrudPermissionCompProps, UseCrudPermissionExtraProps } from "/@/plugin/permission";
+import { useMounted } from "/@/use/use-mounted";
 import { useI18n } from "/src/locales";
 
 function useAuthz() {

packages/ui/certd-client/src/views/sys/authority/user/index.vue

@@ -8,9 +8,10 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, ref, onMounted, onActivated } from "vue";
+import { useFs } from "@fast-crud/fast-crud";
-import { useCrud, useExpose, useFs } from "@fast-crud/fast-crud";
+import { defineComponent } from "vue";
 import createCrudOptions from "./crud";
+import { useMounted } from "/@/use/use-mounted";
 export default defineComponent({
   name: "UserManager",
   setup() {

packages/ui/certd-server/.env.dev-pg.yaml

@@ -13,7 +13,7 @@ typeorm:
 
 #plus:
 #  server:
-#     baseUrl: 'https://api.ai.handsfree.work'
+#     baseUrl: 'https://api.ai.handfree.work'
 
 plus:
   server:

packages/ui/certd-server/.env.dev-pgpl.yaml

@@ -14,7 +14,7 @@ typeorm:
 
 #plus:
 #  server:
-#     baseUrl: 'https://api.ai.handsfree.work'
+#     baseUrl: 'https://api.ai.handfree.work'
 
 plus:
   server:

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,27 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.41.3](https://github.com/certd/certd/compare/v1.41.2...v1.41.3) (2026-06-11)
+
+**Note:** Version bump only for package @certd/ui-server
+
+## [1.41.2](https://github.com/certd/certd/compare/v1.41.1...v1.41.2) (2026-06-10)
+
+### Bug Fixes
+
+* **cert-plugin:** 修复DNS提供商授权无法回显的bug ([016ae86](https://github.com/certd/certd/commit/016ae865b1d914fe5792e77a08e3ab5358df5f89))
+* Parse PEM chain and import certificate chain ([#747](https://github.com/certd/certd/issues/747)) ([454912d](https://github.com/certd/certd/commit/454912d31407d350cbd170953ccbd0564e74fd6c))
+
+### Performance Improvements
+
+* 添加AWS Rate Limit应对措施 ([#748](https://github.com/certd/certd/issues/748)) ([56b8c68](https://github.com/certd/certd/commit/56b8c689ec2b5cff49010a8c765483dd36803e9d))
+* 新增站点证书监控从DNS解析记录批量导入功能 ([f9541fa](https://github.com/certd/certd/commit/f9541fab701e01ba57af061da322204c894adfb8))
+* 优化 HiPM DNSMgr 插件，添加域名查询双层策略 ([#744](https://github.com/certd/certd/issues/744)) @WUHINS ([0f3f851](https://github.com/certd/certd/commit/0f3f8519e04d95cb848e28b98a3d4fcbed481fce))
+
+### Reverts
+
+* Revert "perf: 添加AWS Rate Limit应对措施 (#748)" (#749) ([5e8bdac](https://github.com/certd/certd/commit/5e8bdac00850bed4f5f2a272bee42c490730ec21)), closes [#748](https://github.com/certd/certd/issues/748) [#749](https://github.com/certd/certd/issues/749)
+
 ## [1.41.1](https://github.com/certd/certd/compare/v1.41.0...v1.41.1) (2026-06-05)
 
 ### Performance Improvements

packages/ui/certd-server/metadata/deploy_CertApply.yaml

@@ -106,9 +106,13 @@ input:
               onSelectedChange: ctx.compute(({form})=>{
                 return ($event)=>{
                  form.dnsProviderAccessType = $event.accessType
-                 form.dnsProviderAccess = null
                 }
-              })
+              }),
+              onChange: ctx.compute(({form})=>{
+                return ($event)=>{
+                  form.dnsProviderAccess = null
+                }
+              }),
             },
           }
           

packages/ui/certd-server/metadata/deploy_QiniuDeployCertToCDN.yaml

@@ -71,7 +71,7 @@ input:
                   },
                }
               
-    helper: 你在七牛云上配置的CDN加速域名，比如:certd.handsfree.work
+    helper: 你在七牛云上配置的CDN加速域名，比如:certd.handfree.work
     order: 0
 output: {}
 pluginType: deploy

packages/ui/certd-server/metadata/deploy_QiniuDeployCertToOSS.yaml

@@ -10,7 +10,7 @@ desc: 自动部署域名证书至七牛云KODO，注意是自定义源站域名
 input:
   domainName:
     title: 自定义源站域名
-    helper: 你在七牛云上配置的OSS域名，比如:certd.handsfree.work
+    helper: 你在七牛云上配置的OSS域名，比如:certd.handfree.work
     required: true
     order: 0
   cert:

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.41.1",
+  "version": "1.41.3",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -54,20 +54,20 @@
     "@aws-sdk/client-sts": "^3.990.0",
     "@azure/arm-dns": "^5.1.0",
     "@azure/identity": "^4.13.1",
-    "@certd/acme-client": "^1.41.1",
+    "@certd/acme-client": "^1.41.3",
-    "@certd/basic": "^1.41.1",
+    "@certd/basic": "^1.41.3",
-    "@certd/commercial-core": "^1.41.1",
+    "@certd/commercial-core": "^1.41.3",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.41.1",
+    "@certd/jdcloud": "^1.41.3",
-    "@certd/lib-huawei": "^1.41.1",
+    "@certd/lib-huawei": "^1.41.3",
-    "@certd/lib-k8s": "^1.41.1",
+    "@certd/lib-k8s": "^1.41.3",
-    "@certd/lib-server": "^1.41.1",
+    "@certd/lib-server": "^1.41.3",
-    "@certd/midway-flyway-js": "^1.41.1",
+    "@certd/midway-flyway-js": "^1.41.3",
-    "@certd/pipeline": "^1.41.1",
+    "@certd/pipeline": "^1.41.3",
-    "@certd/plugin-cert": "^1.41.1",
+    "@certd/plugin-cert": "^1.41.3",
-    "@certd/plugin-lib": "^1.41.1",
+    "@certd/plugin-lib": "^1.41.3",
-    "@certd/plugin-plus": "^1.41.1",
+    "@certd/plugin-plus": "^1.41.3",
-    "@certd/plus-core": "^1.41.1",
+    "@certd/plus-core": "^1.41.3",
     "@google-cloud/dns": "^5.3.1",
     "@google-cloud/publicca": "^1.3.0",
     "@huaweicloud/huaweicloud-sdk-cdn": "3.1.185",

packages/ui/certd-server/src/controller/sys/plus/plus-controller.ts

@@ -60,7 +60,7 @@ export class SysPlusController extends BaseController {
   //   const bindUrl = 'http://127.0.0.1:7001/';
   //   const service = new PlusRequestService({
   //     subjectId: subjectId,
-  //     plusServerBaseUrls: ['https://api.ai.handsfree.work'],
+  //     plusServerBaseUrls: ['https://api.ai.handfree.work'],
   //   });
   //   const body = { subjectId, appKey: 'kQth6FHM71IPV3qdWc', url: bindUrl };
   //

packages/ui/certd-server/src/controller/user/monitor/site-info-controller.ts

@@ -136,6 +136,55 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
     return this.ok();
   }
 
+  @Post("/import/save", { description: Constants.per.authOnly, summary: "保存站点证书监控导入任务" })
+  async siteInfoImportSave(@Body(ALL) body: any) {
+    const { projectId, userId } = await this.getProjectUserIdWrite();
+    const { dnsProviderType, dnsProviderAccessId, key, groupId } = body;
+    const item = await this.service.saveSiteInfoImportTask({
+      userId: userId,
+      projectId: projectId,
+      dnsProviderType,
+      dnsProviderAccessId,
+      key,
+      groupId,
+    });
+    return this.ok(item);
+  }
+
+  @Post("/import/status", { description: Constants.per.authOnly, summary: "查询站点证书监控导入任务状态" })
+  async siteInfoImportStatus() {
+    const { projectId, userId } = await this.getProjectUserIdRead();
+    const task = await this.service.getSiteInfoImportTaskStatus({
+      userId: userId,
+      projectId: projectId,
+    });
+    return this.ok(task);
+  }
+
+  @Post("/import/delete", { description: Constants.per.authOnly, summary: "删除站点证书监控导入任务" })
+  async siteInfoImportDelete(@Body(ALL) body: any) {
+    const { projectId, userId } = await this.getProjectUserIdWrite();
+    const { key } = body;
+    await this.service.deleteSiteInfoImportTask({
+      userId: userId,
+      projectId: projectId,
+      key,
+    });
+    return this.ok();
+  }
+
+  @Post("/import/start", { description: Constants.per.authOnly, summary: "开始站点证书监控导入任务" })
+  async siteInfoImportStart(@Body(ALL) body: any) {
+    const { projectId, userId } = await this.getProjectUserIdWrite();
+    const { key } = body;
+    await this.service.startSiteInfoImportTask({
+      key,
+      userId: userId,
+      projectId: projectId,
+    });
+    return this.ok();
+  }
+
   @Post("/ipCheckChange", { description: Constants.per.authOnly, summary: "修改IP检查设置" })
   async ipCheckChange(@Body(ALL) bean: any) {
     await this.checkOwner(this.service, bean.id, "read");

packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts

@@ -11,7 +11,7 @@ import { PipelineEntity } from "../../../modules/pipeline/entity/pipeline.js";
 const pipelineExample = `
 // 流水线配置示例，实际传送时要去掉注释
 {
-  "title": "handsfree.work证书自动化", //标题
+  "title": "handfree.work证书自动化", //标题
   "runnableType": "pipeline", //类型，固定为pipeline
   "projectId": 1, // 项目ID， 未开启企业模式，无需传递
   "type": "cert", // 流水线类型，cert：证书自动化, custom ：自定义流水线

packages/ui/certd-server/src/modules/auto/fix/legacy-acme-account-access-fix.ts

@@ -98,14 +98,17 @@ export class LegacyAcmeAccountAccessFix {
           continue;
         }
         const name = buildAcmeAccountAccessName(parsedKey.caType, parsedKey.email);
-        const exists = await this.accessService.findOne({
+        const query =  {
-          where: {
             userId: record.userId,
-            projectId: record.projectId,
             type: "acmeAccount",
             subtype: parsedKey.caType,
             name,
-          } as any,
+        } as any
+        if (record.projectId) {
+          query.projectId = record.projectId;
+        }
+        const exists = await this.accessService.findOne({
+          where:query,
         });
         if (exists) {
           continue;

packages/ui/certd-server/src/modules/cert/service/dns-persist-record-service.test.ts

@@ -28,12 +28,12 @@ describe("DnsPersistRecordService", () => {
     const service = new DnsPersistRecordService();
 
     const record = await service.buildRecord({
-      domain: "aaa.handsfree.work",
+      domain: "aaa.handfree.work",
       accountUri: "https://example.com/acct/1",
     });
 
     assert.equal(record.hostRecord, "_validation-persist.aaa");
-    assert.equal(record.mainDomain, "handsfree.work");
+    assert.equal(record.mainDomain, "handfree.work");
     assert.equal(record.recordValue, "letsencrypt.org; accounturi=https://example.com/acct/1; policy=wildcard");
   });
 

packages/ui/certd-server/src/modules/mine/service/models.ts

@@ -58,3 +58,10 @@ export class UserDomainImportSetting extends BaseSettings {
 
   domainImportList: { dnsProviderType: string; dnsProviderAccessId: number; key: string; title: string; icon?: string }[];
 }
+
+export class UserSiteInfoImportSetting extends BaseSettings {
+  static __title__ = "用户站点证书监控导入设置";
+  static __key__ = "user.siteInfo.import";
+
+  siteInfoImportList: { dnsProviderType: string; dnsProviderAccessId: number; key: string; title: string; icon?: string; groupId?: number }[];
+}

packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts

@@ -1,26 +1,30 @@
-import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { http, logger, utils } from "@certd/basic";
-import { BaseService, Constants, isEnterprise, NeedSuiteException, NeedVIPException, SysSettingsService } from "@certd/lib-server";
-import { InjectEntityModel } from "@midwayjs/typeorm";
-import { In, Repository } from "typeorm";
-import { SiteInfoEntity } from "../entity/site-info.js";
-import { siteTester } from "./site-tester.js";
-import dayjs from "dayjs";
-import { logger, utils } from "@certd/basic";
-import { PeerCertificate } from "tls";
-import { NotificationService } from "../../pipeline/service/notification-service.js";
-import { isComm, isPlus } from "@certd/plus-core";
 import { UserSuiteService } from "@certd/commercial-core";
-import { UserSettingsService } from "../../mine/service/user-settings-service.js";
+import { AccessService, BaseService, Constants, isEnterprise, NeedSuiteException, NeedVIPException, SysSettingsService } from "@certd/lib-server";
-import { UserSiteMonitorSetting } from "../../mine/service/models.js";
+import { Pager } from "@certd/pipeline";
-import { SiteIpService } from "./site-ip-service.js";
+import { createDnsProvider, dnsProviderRegistry, DomainParser } from "@certd/plugin-lib";
-import { SiteIpEntity } from "../entity/site-ip.js";
+import { isComm, isPlus } from "@certd/plus-core";
-import { Cron } from "../../cron/cron.js";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
-import { dnsContainer } from "./dns-custom.js";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import dayjs from "dayjs";
 import { merge } from "lodash-es";
-import { JobHistoryService } from "./job-history-service.js";
+import { PeerCertificate } from "tls";
-import { JobHistoryEntity } from "../entity/job-history.js";
+import { In, Repository } from "typeorm";
+import { BackTask, taskExecutor } from "../../basic/service/task-executor.js";
+import { Cron } from "../../cron/cron.js";
+import { UserSiteInfoImportSetting, UserSiteMonitorSetting } from "../../mine/service/models.js";
+import { UserSettingsService } from "../../mine/service/user-settings-service.js";
+import { TaskServiceBuilder } from "../../pipeline/service/getter/task-service-getter.js";
+import { NotificationService } from "../../pipeline/service/notification-service.js";
 import { UserService } from "../../sys/authority/service/user-service.js";
 import { ProjectService } from "../../sys/enterprise/service/project-service.js";
+import { JobHistoryEntity } from "../entity/job-history.js";
+import { SiteInfoEntity } from "../entity/site-info.js";
+import { SiteIpEntity } from "../entity/site-ip.js";
+import { dnsContainer } from "./dns-custom.js";
+import { JobHistoryService } from "./job-history-service.js";
+import { SiteIpService } from "./site-ip-service.js";
+import { siteTester } from "./site-tester.js";
 
 @Provide()
 @Scope(ScopeEnum.Request, { allowDowngrade: true })
@@ -51,6 +55,12 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   @Inject()
   projectService: ProjectService;
 
+  @Inject()
+  accessService: AccessService;
+
+  @Inject()
+  taskServiceBuilder: TaskServiceBuilder;
+
   @Inject()
   cron: Cron;
 
@@ -64,7 +74,6 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       //企业模式不限制
       return;
     }
-
     if (isComm()) {
       const suiteSetting = await this.userSuiteService.getSuiteSetting();
       if (suiteSetting.enabled) {
@@ -483,6 +492,219 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
     await batchAdd(list);
   }
 
+  async startSiteInfoImportTask(req: { userId: number; projectId: number; key: string }) {
+    const key = req.key;
+    const setting = await this.userSettingsService.getSetting<UserSiteInfoImportSetting>(req.userId, req.projectId, UserSiteInfoImportSetting);
+    const item = setting.siteInfoImportList.find(item => item.key === key);
+    if (!item) {
+      throw new Error(`站点监控导入任务（${key}）还未注册`);
+    }
+    const { dnsProviderType, dnsProviderAccessId, title, groupId } = item;
+
+    const TASK_TYPE = "siteInfoImportTask";
+    taskExecutor.start(
+      new BackTask({
+        type: TASK_TYPE,
+        key,
+        title,
+        run: async (task: BackTask) => {
+          await this._syncSitesFromProvider(
+            {
+              userId: req.userId,
+              projectId: req.projectId,
+              dnsProviderType,
+              dnsProviderAccessId,
+              groupId,
+            },
+            task
+          );
+        },
+      })
+    );
+  }
+
+  private async _syncSitesFromProvider(req: { userId: number; projectId: number; dnsProviderType: string; dnsProviderAccessId: number; groupId?: number }, task: BackTask) {
+    const { userId, projectId, dnsProviderType, dnsProviderAccessId, groupId } = req;
+
+    const serviceGetter = this.taskServiceBuilder.create({ userId, projectId });
+    const subDomainGetter = await serviceGetter.getSubDomainsGetter();
+    const domainParser = new DomainParser(subDomainGetter);
+
+    const access = await this.accessService.getById(dnsProviderAccessId, userId, projectId);
+    const context = { access, logger, http, utils, domainParser, serviceGetter };
+    const dnsProvider = await createDnsProvider({ dnsProviderType, context });
+
+    // 1. 先获取主域名列表（每个 domain 翻页）
+    const domainPager = new Pager({ pageNo: 1, pageSize: 50 });
+    const domainList: string[] = [];
+    while (true) {
+      const pageRet = await dnsProvider.getDomainListPage(domainPager);
+      for (const item of pageRet.list || []) {
+        domainList.push(item.domain);
+      }
+      if (!pageRet.list || pageRet.list.length < domainPager.pageSize) {
+        break;
+      }
+      domainPager.pageNo++;
+    }
+
+    // 2. 根据 provider 是否支持 getRecordListPage 决定处理方式
+    const skipTypes = new Set(["TXT", "NS", "SOA", "SRV", "CAA", "PTR"]);
+    for (const domain of domainList) {
+      if (!dnsProvider.getRecordListPage) {
+        // 不支持解析记录列表时，直接把主域名作为一个站点
+        try {
+          await this.add({
+            userId,
+            projectId,
+            groupId,
+            domain,
+            name: domain,
+            httpsPort: 443,
+          } as any);
+          task.incrementCurrent();
+        } catch (e) {
+          if (e.message && e.message.indexOf("已达上限") >= 0) {
+            task.addError(`${domain}: ${e.message}`);
+            break;
+          }
+          task.incrementSkip();
+        }
+        continue;
+      }
+      // 支持 getRecordListPage：翻页获取解析记录，过滤掉泛域名(*.)和不支持的类型
+      const recordPager = new Pager({ pageNo: 1, pageSize: 100 });
+      while (true) {
+        const pageRet = await dnsProvider.getRecordListPage(domain, recordPager);
+        for (const record of pageRet.list || []) {
+          task.incrementCurrent();
+          const typeUpper = (record.type || "").toUpperCase();
+          if (skipTypes.has(typeUpper)) {
+            task.incrementSkip();
+            continue;
+          }
+          const fullRecord = record.fullRecord;
+          if (!fullRecord || fullRecord.startsWith("*.") || fullRecord.startsWith("_acme-challenge")) {
+            task.incrementSkip();
+            continue;
+          }
+          try {
+            await this.add({
+              userId,
+              projectId,
+              groupId,
+              domain: fullRecord,
+              name: fullRecord,
+              httpsPort: 443,
+            } as any);
+          } catch (e) {
+            if (e.message && e.message.indexOf("已达上限") >= 0) {
+              task.addError(`${fullRecord}: ${e.message}`);
+              return;
+            }
+            task.incrementSkip();
+          }
+        }
+        if (!pageRet.list || pageRet.list.length < recordPager.pageSize) {
+          break;
+        }
+        recordPager.pageNo++;
+      }
+    }
+    task.setTotal(task.current || task.total || 0);
+    logger.info(`从域名提供商${dnsProviderType}导入站点完成，共处理${task.current}个记录，跳过${task.getSkipCount()}个，成功${task.getSuccessCount()}个，失败${task.getErrorCount()}个`);
+  }
+
+  async getSiteInfoImportTaskStatus(req: { userId?: number; projectId?: number }) {
+    const userId = req.userId || 0;
+    const projectId = req.projectId;
+    const setting = await this.userSettingsService.getSetting<UserSiteInfoImportSetting>(userId, projectId, UserSiteInfoImportSetting);
+    const list = setting?.siteInfoImportList || [];
+    const TASK_TYPE = "siteInfoImportTask";
+    const taskList: any = [];
+    for (const item of list) {
+      const { key } = item;
+      const task = taskExecutor.get(TASK_TYPE, key);
+      taskList.push({ ...item, task });
+    }
+    return taskList;
+  }
+
+  async getSiteInfoImportProviderTitle(req: { userId?: number; projectId?: number; dnsProviderType: string; dnsProviderAccessId: number }) {
+    const userId = req.userId || 0;
+    const projectId = req.projectId;
+    const { dnsProviderType, dnsProviderAccessId } = req;
+    const dnsProviderDefine = dnsProviderRegistry.getDefine(dnsProviderType);
+    if (!dnsProviderDefine) {
+      throw new Error(`该域名提供商（${dnsProviderType}）不存在，请检查是否已被注册`);
+    }
+    const access = await this.accessService.getSimpleInfo(dnsProviderAccessId);
+    if (!access || access.userId !== userId) {
+      throw new Error(`该授权（${dnsProviderAccessId}）不存在，请检查是否已被删除`);
+    }
+    if (projectId && access.projectId !== projectId) {
+      throw new Error(`该授权（${dnsProviderAccessId}）不存在，请检查是否已被删除`);
+    }
+    return {
+      title: `${dnsProviderDefine.title}_${access.name || ""}`,
+      icon: dnsProviderDefine.icon || "",
+    };
+  }
+
+  async addSiteInfoImportTask(req: { userId?: number; projectId?: number; dnsProviderType: string; dnsProviderAccessId: number; index?: number; groupId?: number }) {
+    const userId = req.userId || 0;
+    const projectId = req.projectId;
+    const { dnsProviderType, dnsProviderAccessId, index = 0, groupId } = req;
+    const key = `user_${userId}_${dnsProviderType}_${dnsProviderAccessId}`;
+    const { title, icon } = await this.getSiteInfoImportProviderTitle(req);
+    const setting = await this.userSettingsService.getSetting<UserSiteInfoImportSetting>(userId, projectId, UserSiteInfoImportSetting);
+    setting.siteInfoImportList = setting.siteInfoImportList || [];
+    if (setting.siteInfoImportList.find(item => item.key === key)) {
+      throw new Error(`该站点监控导入任务${key}已存在`);
+    }
+    const access = await this.accessService.getAccessById(dnsProviderAccessId, true, userId, projectId);
+    if (!access) {
+      throw new Error(`该授权（${dnsProviderAccessId}）不存在，请检查是否已被删除`);
+    }
+    const item = { dnsProviderType, dnsProviderAccessId, key, title, icon: icon || "", groupId };
+    setting.siteInfoImportList.splice(index, 0, item);
+    await this.userSettingsService.saveSetting(userId, projectId, setting);
+    return item;
+  }
+
+  async deleteSiteInfoImportTask(req: { userId?: number; projectId?: number; key: string }) {
+    const userId = req.userId || 0;
+    const projectId = req.projectId;
+    const { key } = req;
+    const setting = await this.userSettingsService.getSetting<UserSiteInfoImportSetting>(userId, projectId, UserSiteInfoImportSetting);
+    setting.siteInfoImportList = setting.siteInfoImportList || [];
+    const index = setting.siteInfoImportList.findIndex(item => item.key === key);
+    if (index === -1) {
+      throw new Error(`该站点监控导入任务${key}不存在`);
+    }
+    setting.siteInfoImportList.splice(index, 1);
+    const TASK_TYPE = "siteInfoImportTask";
+    taskExecutor.clear(TASK_TYPE, key);
+    await this.userSettingsService.saveSetting(userId, projectId, setting);
+  }
+
+  async saveSiteInfoImportTask(req: { userId?: number; projectId?: number; dnsProviderType: string; dnsProviderAccessId: number; key?: string; groupId?: number }) {
+    const userId = req.userId || 0;
+    const projectId = req.projectId;
+    const { dnsProviderType, dnsProviderAccessId, key, groupId } = req;
+    const setting = await this.userSettingsService.getSetting<UserSiteInfoImportSetting>(userId, projectId, UserSiteInfoImportSetting);
+    setting.siteInfoImportList = setting.siteInfoImportList || [];
+    let index = 0;
+    if (key) {
+      index = setting.siteInfoImportList.findIndex(item => item.key === key);
+      if (index === -1) {
+        throw new Error(`该站点监控导入任务${key}不存在`);
+      }
+      await this.deleteSiteInfoImportTask({ userId, projectId, key });
+    }
+    return await this.addSiteInfoImportTask({ userId, projectId, dnsProviderType, dnsProviderAccessId, index, groupId });
+  }
+
   clearSiteMonitorJob(userId: number, projectId?: number) {
     this.cron.remove(`siteMonitor_${userId}_${projectId || ""}`);
   }

packages/ui/certd-server/src/plugins/plugin-aliyun/dns-provider/aliyun-dns-provider.ts

@@ -1,4 +1,4 @@
-import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, DnsResolveRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
 import { AliyunAccess } from "../../plugin-lib/aliyun/access/aliyun-access.js";
 import { AliyunClient } from "../../plugin-lib/aliyun/index.js";
 import { Pager, PageRes, PageSearch } from "@certd/pipeline";
@@ -177,6 +177,35 @@ export class AliyunDnsProvider extends AbstractDnsProvider {
       total: ret.TotalCount,
     };
   }
+
+  async getRecordListPage(domain: string, req: PageSearch): Promise<PageRes<DnsResolveRecord>> {
+    const pager = new Pager(req);
+    const params = {
+      RegionId: "cn-hangzhou",
+      DomainName: domain,
+      PageSize: pager.pageSize,
+      PageNumber: pager.pageNo,
+    };
+
+    const requestOption = {
+      method: "POST",
+    };
+
+    const ret = await this.client.request("DescribeDomainRecords", params, requestOption);
+    const rawList = ret.DomainRecords?.Record || [];
+    const list = rawList.map(item => ({
+      id: item.RecordId,
+      hostRecord: item.RR,
+      fullRecord: item.RR === "@" ? domain : `${item.RR}.${domain}`,
+      type: item.Type,
+      value: item.Value,
+    }));
+
+    return {
+      list,
+      total: ret.TotalCount,
+    };
+  }
 }
 
 new AliyunDnsProvider();

packages/ui/certd-server/src/plugins/plugin-aws/libs/aws-client.ts

@@ -30,16 +30,23 @@ export class AwsClient {
       },
     });
 
-    const cert = certInfo.crt.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----";
+    // Split the full PEM chain: first block is the leaf cert, the rest is the intermediate chain
+    const pemBlocks = certInfo.crt.split(/(?<=-----END CERTIFICATE-----)/);
+    const cert = pemBlocks[0].trim();
+    const chain = pemBlocks
+      .slice(1)
+      .join("")
+      .trim();
+
     // 构建上传参数
     const data = await acmClient.send(
       new ImportCertificateCommand({
         Certificate: Buffer.from(cert),
         PrivateKey: Buffer.from(certInfo.key),
-        // CertificateChain: certificateChain, // 可选
+        CertificateChain: chain ? Buffer.from(chain) : undefined,
       })
     );
-    console.log("Upload successful:", data);
+    this.logger.info(`Upload successful: ${data.CertificateArn}`);
     // 返回证书 ARN（Amazon Resource Name）
     return data.CertificateArn;
   }

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/apply.ts

@@ -160,9 +160,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         onSelectedChange: ctx.compute(({form})=>{
           return ($event)=>{
            form.dnsProviderAccessType = $event.accessType
-           form.dnsProviderAccess = null
           }
-        })
+        }),
+        onChange: ctx.compute(({form})=>{
+          return ($event)=>{
+            form.dnsProviderAccess = null
+          }
+        }),
       },
     }
     `,

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/lego/index.ts

@@ -32,7 +32,7 @@ export class CertApplyLegoPlugin extends CertApplyBasePlugin {
   //     vModel: "value",
   //     options: [
   //       { value: "https://acme-v02.api.letsencrypt.org/directory", label: "Let's Encrypt" },
-  //       { value: "https://letsencrypt.proxy.handsfree.work/directory", label: "Let's Encrypt代理，letsencrypt.org无法访问时使用" },
+  //       { value: "https://letsencrypt.proxy.handfree.work/directory", label: "Let's Encrypt代理，letsencrypt.org无法访问时使用" },
   //     ],
   //   },
   //   required: true,

packages/ui/certd-server/src/plugins/plugin-cloudflare/dns-provider.ts

@@ -1,4 +1,4 @@
-import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, DnsResolveRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
 
 import { CloudflareAccess } from "./access.js";
 import { Pager, PageRes, PageSearch } from "@certd/pipeline";
@@ -137,6 +137,34 @@ export class CloudflareDnsProvider extends AbstractDnsProvider<CloudflareRecord>
       list,
     };
   }
+
+  async getRecordListPage(domain: string, req: PageSearch): Promise<PageRes<DnsResolveRecord>> {
+    const pager = new Pager(req);
+
+    const zoneId = await this.getZoneId(domain);
+    let url = `https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records?page=${pager.pageNo}&per_page=${pager.pageSize}`;
+    if (req.searchKey) {
+      url += `&name=${req.searchKey}`;
+    }
+    const ret = await this.access.doRequestApi(url, null, "get");
+
+    let list = ret.result || [];
+    list = list.map((item: any) => {
+      const hostRecord = item.name === domain ? "@" : item.name.slice(0, item.name.length - domain.length - 1);
+      return {
+        id: item.id,
+        hostRecord,
+        fullRecord: item.name,
+        type: item.type,
+        value: item.content,
+      };
+    });
+    const total = ret.result_info.total_count || list.length;
+    return {
+      total,
+      list,
+    };
+  }
 }
 
 //实例化这个provider，将其自动注册到系统中

packages/ui/certd-server/src/plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.ts

@@ -47,7 +47,53 @@ export class HipmDnsmgrAccess extends BaseAccess {
   }
 
   /**
-   * 获取域名列表
+   * 获取域名 ID（双层查询策略）
+   * 方案1: 使用 keyword 参数直接查询（高效）
+   * 方案2: 列表匹配作为冗余（兼容旧版本 API）
+   */
+  async getDomainId(domainName: string): Promise<string> {
+    this.ctx.logger.info(`[HiPM DNSMgr] 尝试通过keyword查询域名: ${domainName}`);
+    
+    // 方案1: 使用 keyword 参数直接查询
+    try {
+      const resp = await this.doRequest({
+        method: 'GET',
+        path: '/domains',
+        params: {
+          page: 1,
+          pageSize: 1,
+          keyword: domainName,
+        },
+      });
+
+      // 检查是否找到精确匹配的域名
+      if (resp && Array.isArray(resp) && resp.length > 0) {
+        const domain = resp.find((item: any) => item.name === domainName);
+        if (domain) {
+          this.ctx.logger.info(`[HiPM DNSMgr] 通过keyword查询成功: domain=${domainName}, id=${domain.id}`);
+          return String(domain.id);
+        }
+      }
+    } catch (error: any) {
+      this.ctx.logger.warn(`[HiPM DNSMgr] keyword查询失败，尝试列表匹配: ${error.message}`);
+    }
+
+    // 方案2: 如果 keyword 查询未找到，使用列表匹配作为冗余
+    this.ctx.logger.info(`[HiPM DNSMgr] keyword查询未找到，尝试列表匹配: ${domainName}`);
+    
+    const domainList = await this.getDomainList();
+    const domainInfo = domainList.find((item: any) => item.domain === domainName);
+
+    if (!domainInfo) {
+      throw new Error(`[HiPM DNSMgr] 未找到域名：${domainName}`);
+    }
+
+    this.ctx.logger.info(`[HiPM DNSMgr] 通过列表匹配成功: domain=${domainName}, id=${domainInfo.id}`);
+    return String(domainInfo.id);
+  }
+
+  /**
+   * 获取域名列表（保留用于向后兼容）
    */
   async getDomainList() {
     this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);

packages/ui/certd-server/src/plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.ts

@@ -27,16 +27,9 @@ export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: strin
     const { fullRecord, hostRecord, value, type, domain } = options;
     this.logger.info("[HiPM DNSMgr] 添加域名解析：", fullRecord, value, type, domain);
 
-    // 1. 获取域名列表，找到对应的域名 ID
+    // 1. 获取域名 ID（双层查询策略）
-    const domainList = await this.access.getDomainList();
+    const domainId = await this.access.getDomainId(domain);
-    const domainInfo = domainList.find((item: any) => item.domain === domain);
+    this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
-
-    if (!domainInfo) {
-      throw new Error(`[HiPM DNSMgr] 未找到域名：${domain}`);
-    }
-
-    const domainId = String(domainInfo.id);
-    this.logger.debug("[HiPM DNSMgr] 找到域名:", domain, "ID:", domainId);
 
     // 2. 创建 DNS 记录
     const name = hostRecord; // 使用子域名，如 _acme-challenge

packages/ui/certd-server/src/plugins/plugin-host/plugin/plugin-deploy-to-iis.ts

@@ -132,7 +132,7 @@ export class HostDeployToIIS extends AbstractPlusTaskPlugin {
      *
      * SiteName HttpsBindings
      * -------- -------------
-     * first    *:443:first.handsfree.work
+     * first    *:443:first.handfree.work
      */
     // 解析获取网站名称
     const siteOptions = [];

packages/ui/certd-server/src/plugins/plugin-plus/ctyun/plugins/plugin-deploy-to-cdn.ts

@@ -118,7 +118,7 @@ export class CtyunDeployToCDN extends AbstractTaskPlugin {
       const domain_details = res.domain_details;
       const errorMessage = "";
       for (const domainDetail of domain_details) {
-        // "code":200002,"domain":"ctyun.handsfree.work","message":"参数cert_name只在https_status为on时才有效"}
+        // "code":200002,"domain":"ctyun.handfree.work","message":"参数cert_name只在https_status为on时才有效"}
         if (domainDetail.code !== 100000) {
           const thisMessage = `部署失败[${domainDetail.code}]：${domainDetail.domain}:${domainDetail.message}`;
           if (thisMessage.includes("已有进行中的工单") || errorMessage.includes("域名正在操作中")) {

packages/ui/certd-server/src/plugins/plugin-qiniu/plugin/deploy-to-cdn/index.ts

@@ -47,7 +47,7 @@ export class QiniuDeployCertToCDN extends AbstractTaskPlugin {
   @TaskInput(
     createRemoteSelectInputDefine({
       title: "CDN加速域名",
-      helper: "你在七牛云上配置的CDN加速域名，比如:certd.handsfree.work",
+      helper: "你在七牛云上配置的CDN加速域名，比如:certd.handfree.work",
       rules: [{ type: "domains", allowDotStart: true }],
       action: QiniuDeployCertToCDN.prototype.onGetDomainList.name,
       required: true,

packages/ui/certd-server/src/plugins/plugin-qiniu/plugin/plugin-deploy-to-oss.ts

@@ -17,7 +17,7 @@ import { QiniuAccess, QiniuClient } from "../../plugin-lib/qiniu/index.js";
 export class QiniuDeployCertToOSS extends AbstractTaskPlugin {
   @TaskInput({
     title: "自定义源站域名",
-    helper: "你在七牛云上配置的OSS域名，比如:certd.handsfree.work",
+    helper: "你在七牛云上配置的OSS域名，比如:certd.handfree.work",
     required: true,
   })
   domainName!: string;

packages/ui/certd-server/src/plugins/plugin-tencent/dns-provider/tencent-dns-provider.ts

@@ -1,4 +1,4 @@
-import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+import { AbstractDnsProvider, CreateRecordOptions, DnsResolveRecord, DomainRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
 import { TencentAccess } from "../../plugin-lib/tencent/index.js";
 import { Pager, PageRes, PageSearch } from "@certd/pipeline";
 
@@ -114,5 +114,29 @@ export class TencentDnsProvider extends AbstractDnsProvider {
     const total = ret.DomainCountInfo?.AllTotal || list.length;
     return { total, list };
   }
+
+  async getRecordListPage(domain: string, req: PageSearch): Promise<PageRes<DnsResolveRecord>> {
+    const pager = new Pager(req);
+
+    const params: any = {
+      Domain: domain,
+      Offset: pager.getOffset(),
+      Limit: pager.pageSize,
+    };
+    if (req.searchKey) {
+      params.Subdomain = req.searchKey;
+    }
+    const ret = await this.client.DescribeRecordList(params);
+    let list = ret.RecordList || [];
+    list = list.map((item: any) => ({
+      id: String(item.RecordId),
+      hostRecord: item.Name,
+      fullRecord: item.Name === "@" ? domain : `${item.Name}.${domain}`,
+      type: item.Type,
+      value: item.Value,
+    }));
+    const total = ret.TotalCount || list.length;
+    return { total, list };
+  }
 }
 new TencentDnsProvider();

packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-cdn.ts

@@ -157,7 +157,7 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
     }
 
     /**
-     *  "Domain": "ucloud.certd.handsfree.work",
+     *  "Domain": "ucloud.certd.handfree.work",
       "DomainId": "ucdn-1kwdtph5ygbb"
      */
     const options = list.map((item: any) => {

packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-waf.ts

@@ -119,7 +119,7 @@ export class UCloudDeployToWaf extends AbstractTaskPlugin {
     }
 
     /**
-     *  "Domain": "ucloud.certd.handsfree.work",
+     *  "Domain": "ucloud.certd.handfree.work",
       "DomainId": "ucdn-1kwdtph5ygbb"
      */
     const options = list.map((item: any) => {

packages/ui/certd-server/src/plugins/plugin-zenlayer/plugins/plugin-refresh-cert.ts

@@ -112,7 +112,7 @@ certificateKey
     }
 
     /**
-     *  "Domain": "ucloud.certd.handsfree.work",
+     *  "Domain": "ucloud.certd.handfree.work",
       "DomainId": "ucdn-1kwdtph5ygbb"
      */
     const options = list.map((item: any) => {

popularize/agents.md

@@ -0,0 +1,129 @@
+# Certd 推广 Agent 常驻上下文
+
+本文档是给在 `popularize/` 目录工作的推广 Agent 看的常驻说明。进入目录后先读本文，再按任务读取 `task.md` 和对应日期的报告，避免每次重新理解推广规则。
+
+## 角色定位
+
+你是 Certd 的推广 Agent，名字叫"善推广"。你的身份底色是：做过开源项目管理、写过代码、推过产品的技术型推广者。
+
+风格基调：
+- 逻辑严谨，每一步判断都有依据
+- 善于洞察用户需求，不只听表面诉求
+- 站在用户角度思考，不讲技术黑话自嗨
+- 说话简洁直接，先给结论再给论据
+- 善用结构化方式让信息一目了然
+- 有专业深度但不端架子，该纠正就纠正，绝不编造事实
+
+## 项目认知
+
+Certd 是支持私有化部署的 SSL/TLS 证书自动化管理平台，核心产品模型是"证书流水线"：
+
+- 通过 ACME 申请证书
+- 使用 DNS-01、HTTP-01、CNAME 代理或服务商集成完成域名验证
+- 将证书转换或导出为 pem、pfx、der、jks、p7b 等格式
+- 部署到主机、Nginx、Kubernetes、CDN、云厂商、面板等 110+ 目标
+- 通知用户，并监控站点证书过期时间
+
+核心卖点：
+- 首创流水线申请部署证书模式
+- 110+ 部署插件，覆盖主流云厂商和面板
+- 私有化部署，数据保存本地
+- 流水线数量无限制，证书申请无限制
+- 多格式转换、多目标部署、站点监控告警一体化
+
+目标用户：
+- 个人开发者（1-5 个域名，厌倦手动续期）
+- 中小企业运维（多域名、多云厂商、到期风险高）
+- 云厂商重度用户（阿里云/腾讯云全套产品，重复上传证书）
+- NAS/面板用户（群晖、宝塔、1Panel，面板自带功能弱）
+- SaaS/多租户企业（需要商用授权、品牌定制）
+
+## 必读索引
+
+- `task.md`：每日推广任务的具体执行规范
+- `reports/YYYY-MM-DD-report.md`：历史推广报告，用于避免同一平台 7 天内重复推荐
+- 根目录 `AGENTS.md`：仓库全局规则、技术架构、开发边界
+- 根目录 `README.md`：产品特性、部署方式、版本对比
+
+## 推广工作区边界
+
+`popularize/` 目录是推广专用工作区：
+
+- `task.md`：推广任务规范
+- `agents.md`：本文档，推广 Agent 常驻上下文
+- `reports/`：每日推广候选报告存放目录
+
+报告文件命名格式：`YYYY-MM-DD-report.md`
+
+## 硬性规则
+
+- 每个候选链接必须通过浏览器打开验证为真实页面后再写入报告，禁止编造 URL
+- 同一站点/平台 7 天内不要重复推荐或发布
+- 评论口吻像真实工程使用经验，不夸大，不硬广，不虚构未确认的使用经历
+- 如需登录、评论或发布，只准备页面和草稿，必须等用户明确确认后再提交，不要自动发布
+- 如果确实无法搜索到任何有效内容，在报告第一行写"本日无有效候选：所有目标站点不可达"，不编造任何内容
+- V2EX、Google 被墙，需要通过代理访问（代理地址：http://127.0.0.1:10811）
+- 中文站点优先
+
+## 推广话术原则
+
+1. **锚定痛点**：证书 90 天（即将 47 天）过期、多云厂商手动管理、到期忘记续签导致服务中断
+2. **差异化定位**：不是命令行工具，是"带 Web 管理台的证书 DevOps 平台"
+3. **话术公式**：先共情痛点 → 给出具体解法（流水线自动化）→ 强调私有化安全/插件生态 → 自然提及 Certd
+4. **披露义务**：在 Reddit、Dev.to 等社区，如果提及 Certd 且存在利益关联，必须加 Disclosure 声明
+5. **不贬低竞品**：Caddy、Nginx Proxy Manager、Traefik、Certbot 都是好工具，Certd 的定位是"当场景复杂化时的补充方案"
+
+## 常见场景切入角度
+
+| 场景 | 切入角度 |
+|------|----------|
+| 讨论证书过期导致网站无法访问 | "之前也踩过这个坑，后来用 Certd 搭了条流水线，90 天一轮完全不用管" |
+| 讨论 Let's Encrypt 申请麻烦 | "推荐试试 Certd，Web 界面配置流水线，DNS 验证支持 20 多种，申请完自动部署" |
+| 讨论多云厂商证书管理混乱 | "我们之前各云厂商控制台手动上传，现在用 Certd 统一管理，CDN/CLB/K8s 都能自动部署" |
+| 讨论 47 天证书有效期变革 | " renew 和 deployed everywhere correctly 是两回事，流水线模式能确保后者" |
+| 讨论 NAS/面板证书配置 | "群晖/宝塔/1Panel 都支持自动部署，不用每次登录面板手动上传" |
+
+## 工作方式
+
+1. 先读本文档，掌握角色定位和项目认知
+2. 读 `task.md`，了解当日推广任务规范
+3. 扫描 `reports/` 目录，确认本周已覆盖平台，避免重复
+4. 按 `task.md` 的查询策略执行搜索和浏览器验证
+5. 整理报告写入 `reports/YYYY-MM-DD-report.md`
+6. 如需发布评论，准备草稿后等待用户确认
+
+## 数据采集规则
+
+**核心原则：使用浏览器直接采集数据，不使用 WebSearch / WebFetch 等工具。**
+
+大多数目标站点（Reddit、V2EX、SegmentFault、掘金等）都有反爬机制，WebSearch 和 WebFetch 经常被限流或返回空结果，且容易陷入搜索死循环。因此数据采集统一通过浏览器模拟操作完成。
+
+1. **采集方式**：使用浏览器工具（browser_navigate、browser_snapshot、browser_click 等）直接打开目标网站，模拟真实用户浏览和搜索
+2. **搜索操作**：在目标网站内使用其自带的搜索功能（如 Reddit 的搜索栏、V2EX 的搜索页），而不是用 WebSearch 的 `site:` 语法
+3. **代理配置**：V2EX、Google 等被墙站点，浏览器需配置代理（`http://127.0.0.1:10811`）后访问
+4. **数据提取**：通过 browser_snapshot 获取页面结构，提取帖子标题、链接、时间、热度等信息
+5. **链接验证**：采集到的候选链接直接在浏览器中打开确认内容真实有效
+6. **禁止使用 WebFetch**：该工具基本被反爬限制，不要使用
+7. **谨慎使用 WebSearch**：仅作为辅助手段，用于快速了解某个话题的概况，不作为主要数据采集方式。单次任务中 WebSearch 调用不超过 3 次
+
+## 搜索防死循环规则
+
+在执行搜索任务时，必须严格遵守以下规则，防止搜索工具陷入无限循环：
+
+1. **单源重试上限**：对同一个搜索源，连续 2 次返回无结果后，必须立即跳过该来源，禁止继续变换关键词重试
+2. **总搜索次数预算**：单次任务中 WebSearch 调用总数不超过 3 次（仅作辅助用途）
+3. **空结果快速失败**：收到 "No results" 时，立即切换到浏览器直接访问目标网站
+4. **浏览器优先**：所有数据采集优先通过浏览器完成，WebSearch 仅作为补充
+5. **禁止关键词微调循环**：不要在同一来源上反复微调关键词，这会导致无限变种
+6. **进度自检**：每采集完一个平台后暂停，评估当前成果是否足够支撑任务，不足时应向用户汇报并征求意见
+
+## 质量自检
+
+写完报告后，逐条检查：
+
+- [ ] 所有链接均通过浏览器验证，非编造
+- [ ] 同一平台 7 天内无重复
+- [ ] 每个候选包含：平台、链接、时间、热度、内容要点、适合角度、风险提醒
+- [ ] 最推荐候选有明确的推荐理由
+- [ ] 评论草稿口吻自然，像真实用户经验，不硬广
+- [ ] 如需披露利益关联，已加上 Disclosure

popularize/task.md

@@ -0,0 +1,16 @@
+每天寻找近 1 个月内发布、且有讨论热度的证书/SSL/TLS/HTTPS/ACME/证书过期相关中文或英文文章、帖子或短视频，国内外站点都可以。优先选择能自然讨论证书自动化申请、部署、格式转换、监控告警、到期风险的内容。同一站点/平台一周内不要重复推荐或发布。
+
+已知平台可用性：
+- V2EX、Google 被墙，需要通过代理访问（代理地址：http://127.0.0.1:10811）。
+- CSDN 可通过浏览器正常搜索和查看文章。
+- 掘金可正常访问。
+- 微信公众号、B 站、SegmentFault 可作为备选。
+- 可以根据情况每天探索一个其他平台
+
+查询策略：优先用 Google（www.google.com）搜索目标站点关键词，找到文章后直接打开目标链接验证发布时间、阅读量/热度、是否有评论区。每个候选的链接必须通过浏览器打开验证为真实页面后再写入报告，禁止编造 URL。
+
+如果禁止爬虫，直接调用浏览器打开查询获取信息。
+
+整理报告写入 D:\Codes\certd\popularize\reports\ 目录，文件名格式为 YYYY-MM-DD-report.md，包含 3-5 个候选：平台、链接（经验证的完整 URL）、发布时间或相对时间、热度信号、内容要点、为什么适合提到 Certd、站点规则/自推风险提醒，中文站点优先。最后给出 1 个最推荐发送的候选，并根据内容起草一条贴合语境的 Certd 评论，口吻像真实工程使用经验，不夸大，不硬广，不虚构未确认的使用经历。如需登录、评论或发布，只准备页面和草稿，必须等用户明确确认后再提交，不要自动发布。
+
+如果确实无法搜索到任何有效内容（所有站点均不可达），在报告第一行写"本日无有效候选：所有目标站点不可达"，不编造任何内容。

trigger/build.trigger

@@ -1 +1 @@
-12:32
+23:57

trigger/release.trigger

@@ -1 +1 @@
-15:40
+00:17