lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-03 14:10:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5eb4aa3a0eab9ffa729c8e813cbf973d9683cc13
certd/packages/ui/certd-server/metadata/deploy_CertApply.yaml

455 lines
15 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
showRunStrategy: false
default:
strategy:
runStrategy: 0
input:
renewDays: 20
forceUpdate: false
name: CertApply
title: 证书申请JS版
icon: ph:certificate
group: cert
desc: 免费通配符域名证书申请,支持多个域名打到同一个证书上
input:
domains:
title: 证书域名
component:
name: domain-selector
vModel: value
mode: tags
placeholder: >-
请输入证书域名/IP比如foo.com , *.foo.com , *.sub.foo.com , *.bar.com ,
123.123.123.123
tokenSeparators:
- ','
- ' '
-
-
- '|'
search: true
pager: true
rules:
- type: domains
required: true
col:
span: 24
order: -999
helper: |-
1、支持多个域名打到一个证书上例如 foo.com*.foo.com*.bar.com
2、子域名被通配符包含的不要填写例如www.foo.com已经被*.foo.com包含不要填写www.foo.com
3、泛域名只能通配*号那一级(*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com
4、输入一个空格之后再输入下一个
5、如果设置了子域托管解析比如免费的二级域名托管在CF或者阿里云请先[设置托管子域名](#/certd/pipeline/subDomain)
email:
title: 邮箱
component:
name: email-selector
vModel: value
rules:
- type: email
message: 请输入正确的邮箱
required: true
order: -1
helper: 请输入邮箱
challengeType:
title: 域名验证方式
value: dns
component:
name: a-select
vModel: value
options:
- value: dns
label: DNS直接验证
- value: cname
label: CNAME代理验证
- value: http
label: HTTP文件验证IP证书只能选它
- value: dnses
label: 多DNS提供商
- value: auto
label: 自动匹配
required: true
helper: >
1. <b>DNS直接验证</b>当域名dns解析已被本系统支持时即下方DNS解析服务商选项中可选推荐选择此方式
2.
<b>CNAME代理验证</b>:支持任何注册商的域名,第一次需要手动添加[CNAME记录](#/certd/cname/record)如果经常申请失败建议将DNS服务器修改为阿里云/腾讯云的然后使用DNS直接验证
3. <b>HTTP文件验证</b>不支持泛域名需要配置网站文件上传IP证书必须选它
4. <b>多DNS提供商</b>每个域名可以选择独立的DNS提供商
5. <b>自动匹配</b>:此处无需选择校验方式,需要在[域名管理](#/certd/cert/domain)中提前配置好校验方式
order: 0
dnsProviderType:
title: DNS解析服务商
component:
name: dns-provider-selector
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
}),
component:{
onSelectedChange: ctx.compute(({form})=>{
return ($event)=>{
form.dnsProviderAccessType = $event.accessType
}
})
}
}
required: true
helper: |-
您的域名注册商或者域名的dns服务器属于哪个平台
如果这里没有请选择CNAME代理验证校验方式
order: 0
dnsProviderAccess:
title: DNS解析授权
component:
name: access-selector
required: true
helper: 请选择dns解析服务商授权
mergeScript: |-
return {
component:{
type: ctx.compute(({form})=>{
return form.dnsProviderAccessType || form.dnsProviderType
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
})
}
order: 0
domainsVerifyPlan:
title: 域名验证配置
component:
name: domains-verify-plan-editor
rules:
- type: checkDomainVerifyPlan
required: true
col:
span: 24
mergeScript: |-
return {
component:{
domains: ctx.compute(({form})=>{
return form.domains
}),
defaultType: ctx.compute(({form})=>{
return form.challengeType || 'cname'
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'cname' || form.challengeType === 'http' || form.challengeType === 'dnses'
}),
helper: ctx.compute(({form})=>{
if(form.challengeType === 'cname' ){
return '请按照上面的提示给要申请证书的域名添加CNAME记录添加后点击验证验证成功后不要删除记录申请和续期证书会一直用它'
}else if (form.challengeType === 'http'){
return '请按照上面的提示,给每个域名设置文件上传配置,证书申请过程中会上传校验文件到网站根目录的.well-known/acme-challenge/目录下'
}else if (form.challengeType === 'http'){
return '给每个域名单独配置dns提供商'
}
})
}
order: 0
sslProvider:
title: 证书颁发机构
value: letsencrypt
component:
name: icon-select
vModel: value
options:
- value: letsencrypt
label: Let's Encrypt免费新手推荐支持IP证书
icon: simple-icons:letsencrypt
- value: google
label: Google免费
icon: flat-color-icons:google
- value: zerossl
label: ZeroSSL免费
icon: emojione:digit-zero
- value: litessl
label: litessl免费
icon: roentgen:free
- value: sslcom
label: SSL.com仅主域名和www免费
icon: la:expeditedssl
- value: letsencrypt_staging
label: Let's Encrypt测试环境仅供测试
icon: simple-icons:letsencrypt
helper: |-
Let's Encrypt申请最简单
Google大厂光环兼容性好仅首次需要翻墙获取EAB授权
ZeroSSL需要EAB授权无需翻墙
SSL.com仅主域名和www免费,必须设置CAA记录
required: true
order: 0
googleCommonEabAccessId:
title: Google公共EAB授权
isSys: true
show: false
order: 0
zerosslCommonEabAccessId:
title: ZeroSSL公共EAB授权
isSys: true
show: false
order: 0
sslcomCommonEabAccessId:
title: SSL.com公共EAB授权
isSys: true
show: false
order: 0
litesslCommonEabAccessId:
title: litessl公共EAB授权
isSys: true
show: false
order: 0
eabAccessId:
title: EAB授权
component:
name: access-selector
type: eab
maybeNeed: false
required: false
helper: >-
需要提供EAB授权
ZeroSSL请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB
Credentials'
Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)用过一次后会绑定邮箱后续复用EAB要用同一个邮箱
SSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api
credentials链接然后点击编辑按钮查看Secret key和HMAC key
litessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|| (form.sslProvider === 'litessl' && !form.litesslCommonEabAccessId)
})
}
order: 0
googleAccessId:
title: 服务账号授权
component:
name: access-selector
type: google
maybeNeed: false
required: false
helper: >-
google服务账号授权与EAB授权选填其中一个[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)
服务账号授权需要配置代理或者服务器本身在海外
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.sslProvider === 'google' && !form.googleCommonEabAccessId
})
}
order: 0
privateKeyType:
title: 加密算法
value: rsa_2048
component:
name: a-select
vModel: value
options:
- value: rsa_1024
label: RSA 1024
- value: rsa_2048
label: RSA 2048
- value: rsa_3072
label: RSA 3072
- value: rsa_4096
label: RSA 4096
- value: rsa_2048_pkcs1
label: RSA 2048 pkcs1 (旧版)
- value: ec_256
label: EC 256
- value: ec_384
label: EC 384
helper: |-
如无特殊需求,默认即可
选择RSA 2048 pkcs1可以获得旧版RSA证书
maybeNeed: false
required: true
order: 0
certProfile:
title: 证书配置
value: classic
component:
name: a-select
vModel: value
options:
- value: classic
label: 经典classic
- value: tlsserver
label: TLS服务器tlsserver
- value: shortlived
label: 短暂的shortlived
helper: 如无特殊需求,默认即可
required: false
maybeNeed: true
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.sslProvider === 'letsencrypt'
})
}
order: 0
preferredChain:
title: 首选链
component:
name: a-select
vModel: value
options:
- value: ISRG Root X1
label: ISRG Root X1
- value: ISRG Root X2
label: ISRG Root X2
helper: 如无特殊需求保持默认即可
required: false
maybeNeed: true
mergeScript: |2-
const chainConfigs = {"letsencrypt":{"helper":"如无特殊需求保持默认即可","options":[{"value":"ISRG Root X1","label":"ISRG Root X1"},{"value":"ISRG Root X2","label":"ISRG Root X2"}]},"google":{"helper":"GlobalSign 提供对老旧设备更好的兼容性,但证书链会变长","options":[{"value":"GTS Root R1","label":"GTS Root R1"},{"value":"GlobalSign","label":"GlobalSign"}]}};
const supportedProviders = ["letsencrypt","google"];
const defaultProvider = "letsencrypt";
const getConfig = (provider)=> chainConfigs[provider] || chainConfigs[defaultProvider];
return {
show: ctx.compute(({form})=> supportedProviders.includes(form.sslProvider)),
component: {
options: ctx.compute(({form})=> getConfig(form.sslProvider).options)
},
helper: ctx.compute(({form})=> getConfig(form.sslProvider).helper),
value: ctx.compute(({form})=>{
const { options } = getConfig(form.sslProvider);
const allowed = options.map(item=>item.value);
const current = form.preferredChain;
if(allowed.includes(current)){
return current;
}
return allowed[0];
})
};
order: 0
useProxy:
title: 使用代理
value: false
component:
name: a-switch
vModel: checked
maybeNeed: true
helper: |-
如果acme-v02.api.letsencrypt.org或dv.acme-v02.api.pki.goog被墙无法访问请尝试开启此选项
默认情况会进行测试,如果无法访问,将会自动使用代理
order: 0
reverseProxy:
title: 自定义反代地址
component:
placeholder: google.yourproxy.com
maybeNeed: true
helper: |-
填写你的自定义反代地址不要带http://
letsencrypt反代目标acme-v02.api.letsencrypt.org
google反代目标dv.acme-v02.api.pki.goog
order: 0
skipLocalVerify:
title: 跳过本地校验DNS
value: false
component:
name: a-switch
vModel: checked
maybeNeed: true
helper: 跳过本地校验可以加快申请速度,同时也会增加失败概率。
order: 0
maxCheckRetryCount:
title: 检查解析重试次数
value: 20
component:
name: a-input-number
vModel: value
maybeNeed: true
helper: 检查域名验证解析记录重试次数,如果你的域名服务商解析生效速度慢,可以适当增加此值
order: 0
waitDnsDiffuseTime:
title: 等待解析生效时长
value: 30
component:
name: a-input-number
vModel: value
maybeNeed: true
helper: 等待解析生效时长如果使用CNAME方式校验本地验证失败可以尝试延长此时间比如5-10分钟
order: 0
pfxPassword:
title: 证书加密密码
component:
name: input-password
vModel: value
required: false
order: 100
helper: |-
转换成PFX、jks格式证书是否需要加密
不传则pfx格式默认空密码jks格式默认123456
pfxArgs:
title: PFX证书转换参数
value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: 兼容 Windows Server 最新
- value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2016
- value: '-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2008
required: false
order: 100
maybeNeed: true
helper: 兼容Windows Server各个版本
renewDays:
title: 更新天数
component:
name: a-input-number
vModel: value
required: true
order: 100
helper: 到期前多少天后更新证书,注意:流水线默认不会自动运行,请设置定时器,每天定时运行本流水线
successNotify:
title: 证书申请成功通知
value: false
component:
name: a-switch
vModel: checked
order: 100
maybeNeed: true
helper: 证书申请成功后是否发送通知,优先使用默认通知渠道
output:
cert:
title: 域名证书
type: cert
certZip:
title: 域名证书压缩文件
type: certZip
pluginType: deploy
type: builtIn
scriptFilePath: /plugins/plugin-cert/plugin/cert-plugin/apply.js
Reference in New Issue View Git Blame Copy Permalink