chore:

packages/core/acme-client/src/auto.js

@@ -53,10 +53,10 @@ export default  async (client, userOpts) => {
 
     try {
         client.getAccountUrl();
-        log('[auto] Account URL already exists, skipping account registration');
+        log('[auto] Account URL already exists, skipping account registration（ 证书申请账户已存在，跳过注册 ）');
     }
     catch (e) {
-        log('[auto] Registering account');
+        log('[auto] Registering account （注册证书申请账户）');
         await client.createAccount(accountPayload);
     }
 
@@ -64,7 +64,7 @@ export default  async (client, userOpts) => {
      * Parse domains from CSR
      */
 
-    log('[auto] Parsing domains from Certificate Signing Request');
+    log('[auto] Parsing domains from Certificate Signing Request ');
     const { commonName, altNames } = readCsrDomains(opts.csr);
     const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
 
@@ -120,20 +120,20 @@ export default  async (client, userOpts) => {
                 // throw new Error('测试异常');
                 /* Challenge verification */
                 if (opts.skipChallengeVerification === true) {
-                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true，wait 60s`);
+                    log(`[auto] [${d}] 跳过本地验证（skipChallengeVerification=true），等待 60s`);
                     await wait(60 * 1000);
                 }
                 else {
-                    log(`[auto] [${d}] Running challenge verification, type = ${challenge.type}`);
+                    log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
                     try {
                         await client.verifyChallenge(authz, challenge);
                     }
                     catch (e) {
-                        log(`[auto] [${d}] challenge verification threw error: ${e.message}`);
+                        log(`[auto] [${d}] 本地验证失败，尝试请求ACME提供商获取状态: ${e.message}`);
                     }
                 }
                 /* Complete challenge and wait for valid status */
-                log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`);
+                log(`[auto] [${d}] 请求ACME提供商完成验证，等待返回valid状态`);
                 await client.completeChallenge(challenge);
                 challengeCompleted = true;
 

packages/core/acme-client/src/client.js

@@ -500,7 +500,7 @@ class AcmeClient {
             await verify[challenge.type](authz, challenge, keyAuthorization);
         };
 
-        log('Waiting for ACME challenge verification', this.backoffOpts);
+        log('Waiting for ACME challenge verification（等待ACME挑战验证）', this.backoffOpts);
         return util.retry(verifyFn, this.backoffOpts);
     }
 
@@ -568,14 +568,14 @@ class AcmeClient {
             const resp = await this.api.apiRequest(item.url, null, [200]);
 
             /* Verify status */
-            log(`Item has status: ${resp.data.status}`);
+            log(`Item has status（挑战状态）: ${resp.data.status}`);
 
             if (invalidStates.includes(resp.data.status)) {
                 abort();
                 throw new Error(util.formatResponseError(resp));
             }
             else if (pendingStates.includes(resp.data.status)) {
-                throw new Error('Operation is pending or processing');
+                throw new Error('Operation is pending or processing（当前仍然在等待状态）');
             }
             else if (validStates.includes(resp.data.status)) {
                 return resp.data;
@@ -584,7 +584,7 @@ class AcmeClient {
             throw new Error(`Unexpected item status: ${resp.data.status}`);
         };
 
-        log(`Waiting for valid status from: ${item.url}`, this.backoffOpts);
+        log(`Waiting for valid status （等待valid状态）: ${item.url}`, this.backoffOpts);
         return util.retry(verifyFn, this.backoffOpts);
     }
 

packages/core/acme-client/src/util.js

@@ -60,8 +60,9 @@ async function retryPromise(fn, attempts, backoff) {
             throw e;
         }
 
+        log(`Promise rejected: ${e.message}`);
         const duration = backoff.duration();
-        log(`Promise rejected attempt #${backoff.attempts}, retrying in ${duration}ms: ${e.message}`);
+        log(`attempt #${backoff.attempts}, ${duration}ms 后重试: ${e.message}`);
 
         await new Promise((resolve) => { setTimeout(resolve, duration); });
         return retryPromise(fn, attempts, backoff);
@@ -241,7 +242,7 @@ async function resolveDomainBySoaRecord(recordName) {
  */
 
 async function getAuthoritativeDnsResolver(recordName) {
-    log(`Locating authoritative NS records for name: ${recordName}`);
+    log(`Locating authoritative NS records for name: ${recordName} （获取域名的权威NS服务器）`);
     const resolver = new dns.Resolver();
 
     try {
@@ -249,13 +250,14 @@ async function getAuthoritativeDnsResolver(recordName) {
         const domain = await resolveDomainBySoaRecord(recordName);
 
         /* Resolve authoritative NS addresses */
-        log(`Looking up authoritative NS records for domain: ${domain}`);
+        log(`Looking up authoritative NS records for domain（获取域名的权威NS服务器）: ${domain}`);
         const nsRecords = await dns.resolveNs(domain);
+        log(`域名权威NS服务器：${nsRecords}`);
         const nsAddrArray = await Promise.all(nsRecords.map(async (r) => dns.resolve4(r)));
         const nsAddresses = [].concat(...nsAddrArray).filter((a) => a);
 
         if (!nsAddresses.length) {
-            throw new Error(`Unable to locate any valid authoritative NS addresses for domain: ${domain}`);
+            throw new Error(`Unable to locate any valid authoritative NS addresses for domain（获取权威服务器IP失败）: ${domain}`);
         }
 
         /* Authoritative NS success */
@@ -263,12 +265,12 @@ async function getAuthoritativeDnsResolver(recordName) {
         resolver.setServers(nsAddresses);
     }
     catch (e) {
-        log(`Authoritative NS lookup error: ${e.message}`);
+        log(`Authoritative NS lookup error（获取权威NS服务器地址失败）: ${e.message}`);
     }
 
     /* Return resolver */
     const addresses = resolver.getServers();
-    log(`DNS resolver addresses: ${addresses.join(', ')}`);
+    log(`DNS resolver addresses（域名的权威NS服务器地址）: ${addresses.join(', ')}`);
 
     return resolver;
 }

packages/core/acme-client/src/verify.js

@@ -113,14 +113,14 @@ export async function walkTxtRecord(recordName) {
 
 async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
     const recordName = `${prefix}${authz.identifier.value}`;
-    log(`Resolving DNS TXT from record: ${recordName}`);
+    log(`Resolving DNS TXT from record（解析DNS TXT记录）: ${recordName}`);
     const recordValues = await walkTxtRecord(recordName);
-    log(`DNS query finished successfully, found ${recordValues.length} TXT records`);
+    log(`DNS query finished successfully（DNS查询成功）, found ${recordValues.length} TXT records`);
     if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
-        throw new Error(`Authorization not found in DNS TXT record: ${recordName}，need:${keyAuthorization},found:${recordValues}`);
+        throw new Error(`Authorization not found in DNS TXT record（没有找到需要的DNS TXT记录）: ${recordName}，need:${keyAuthorization},found:${recordValues}`);
     }
 
-    log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified`);
+    log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified（域名所有权校验成功）`);
     return true;
 }
 

packages/ui/certd-server/src/plugins/plugin-dnsla/dns-provider.ts

@@ -146,7 +146,9 @@ export class DnslaDnsProvider extends AbstractDnsProvider<DnslaRecord> {
       type: 16,
       host: fullRecord,
       data: value,
-      ttl: 1,
+      ttl: 60,
+      weight:1,
+      preference:1,
     });
 
     return res.data;