diff --git a/packages/core/acme-client/src/auto.js b/packages/core/acme-client/src/auto.js index a10afc61..323e02b5 100644 --- a/packages/core/acme-client/src/auto.js +++ b/packages/core/acme-client/src/auto.js @@ -53,10 +53,10 @@ export default async (client, userOpts) => { try { client.getAccountUrl(); - log('[auto] Account URL already exists, skipping account registration'); + log('[auto] Account URL already exists, skipping account registration( 证书申请账户已存在,跳过注册 )'); } catch (e) { - log('[auto] Registering account'); + log('[auto] Registering account (注册证书申请账户)'); await client.createAccount(accountPayload); } @@ -64,7 +64,7 @@ export default async (client, userOpts) => { * Parse domains from CSR */ - log('[auto] Parsing domains from Certificate Signing Request'); + log('[auto] Parsing domains from Certificate Signing Request '); const { commonName, altNames } = readCsrDomains(opts.csr); const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d))); @@ -120,20 +120,20 @@ export default async (client, userOpts) => { // throw new Error('测试异常'); /* Challenge verification */ if (opts.skipChallengeVerification === true) { - log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true,wait 60s`); + log(`[auto] [${d}] 跳过本地验证(skipChallengeVerification=true),等待 60s`); await wait(60 * 1000); } else { - log(`[auto] [${d}] Running challenge verification, type = ${challenge.type}`); + log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`); try { await client.verifyChallenge(authz, challenge); } catch (e) { - log(`[auto] [${d}] challenge verification threw error: ${e.message}`); + log(`[auto] [${d}] 本地验证失败,尝试请求ACME提供商获取状态: ${e.message}`); } } /* Complete challenge and wait for valid status */ - log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`); + log(`[auto] [${d}] 请求ACME提供商完成验证,等待返回valid状态`); await client.completeChallenge(challenge); challengeCompleted = true; diff --git a/packages/core/acme-client/src/client.js b/packages/core/acme-client/src/client.js index 998e682a..3b42aa79 100644 --- a/packages/core/acme-client/src/client.js +++ b/packages/core/acme-client/src/client.js @@ -500,7 +500,7 @@ class AcmeClient { await verify[challenge.type](authz, challenge, keyAuthorization); }; - log('Waiting for ACME challenge verification', this.backoffOpts); + log('Waiting for ACME challenge verification(等待ACME挑战验证)', this.backoffOpts); return util.retry(verifyFn, this.backoffOpts); } @@ -568,14 +568,14 @@ class AcmeClient { const resp = await this.api.apiRequest(item.url, null, [200]); /* Verify status */ - log(`Item has status: ${resp.data.status}`); + log(`Item has status(挑战状态): ${resp.data.status}`); if (invalidStates.includes(resp.data.status)) { abort(); throw new Error(util.formatResponseError(resp)); } else if (pendingStates.includes(resp.data.status)) { - throw new Error('Operation is pending or processing'); + throw new Error('Operation is pending or processing(当前仍然在等待状态)'); } else if (validStates.includes(resp.data.status)) { return resp.data; @@ -584,7 +584,7 @@ class AcmeClient { throw new Error(`Unexpected item status: ${resp.data.status}`); }; - log(`Waiting for valid status from: ${item.url}`, this.backoffOpts); + log(`Waiting for valid status (等待valid状态): ${item.url}`, this.backoffOpts); return util.retry(verifyFn, this.backoffOpts); } diff --git a/packages/core/acme-client/src/util.js b/packages/core/acme-client/src/util.js index 0ccbce49..03ee6d30 100644 --- a/packages/core/acme-client/src/util.js +++ b/packages/core/acme-client/src/util.js @@ -60,8 +60,9 @@ async function retryPromise(fn, attempts, backoff) { throw e; } + log(`Promise rejected: ${e.message}`); const duration = backoff.duration(); - log(`Promise rejected attempt #${backoff.attempts}, retrying in ${duration}ms: ${e.message}`); + log(`attempt #${backoff.attempts}, ${duration}ms 后重试: ${e.message}`); await new Promise((resolve) => { setTimeout(resolve, duration); }); return retryPromise(fn, attempts, backoff); @@ -241,7 +242,7 @@ async function resolveDomainBySoaRecord(recordName) { */ async function getAuthoritativeDnsResolver(recordName) { - log(`Locating authoritative NS records for name: ${recordName}`); + log(`Locating authoritative NS records for name: ${recordName} (获取域名的权威NS服务器)`); const resolver = new dns.Resolver(); try { @@ -249,13 +250,14 @@ async function getAuthoritativeDnsResolver(recordName) { const domain = await resolveDomainBySoaRecord(recordName); /* Resolve authoritative NS addresses */ - log(`Looking up authoritative NS records for domain: ${domain}`); + log(`Looking up authoritative NS records for domain(获取域名的权威NS服务器): ${domain}`); const nsRecords = await dns.resolveNs(domain); + log(`域名权威NS服务器:${nsRecords}`); const nsAddrArray = await Promise.all(nsRecords.map(async (r) => dns.resolve4(r))); const nsAddresses = [].concat(...nsAddrArray).filter((a) => a); if (!nsAddresses.length) { - throw new Error(`Unable to locate any valid authoritative NS addresses for domain: ${domain}`); + throw new Error(`Unable to locate any valid authoritative NS addresses for domain(获取权威服务器IP失败): ${domain}`); } /* Authoritative NS success */ @@ -263,12 +265,12 @@ async function getAuthoritativeDnsResolver(recordName) { resolver.setServers(nsAddresses); } catch (e) { - log(`Authoritative NS lookup error: ${e.message}`); + log(`Authoritative NS lookup error(获取权威NS服务器地址失败): ${e.message}`); } /* Return resolver */ const addresses = resolver.getServers(); - log(`DNS resolver addresses: ${addresses.join(', ')}`); + log(`DNS resolver addresses(域名的权威NS服务器地址): ${addresses.join(', ')}`); return resolver; } diff --git a/packages/core/acme-client/src/verify.js b/packages/core/acme-client/src/verify.js index 53214532..b09becff 100644 --- a/packages/core/acme-client/src/verify.js +++ b/packages/core/acme-client/src/verify.js @@ -113,14 +113,14 @@ export async function walkTxtRecord(recordName) { async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') { const recordName = `${prefix}${authz.identifier.value}`; - log(`Resolving DNS TXT from record: ${recordName}`); + log(`Resolving DNS TXT from record(解析DNS TXT记录): ${recordName}`); const recordValues = await walkTxtRecord(recordName); - log(`DNS query finished successfully, found ${recordValues.length} TXT records`); + log(`DNS query finished successfully(DNS查询成功), found ${recordValues.length} TXT records`); if (!recordValues.length || !recordValues.includes(keyAuthorization)) { - throw new Error(`Authorization not found in DNS TXT record: ${recordName},need:${keyAuthorization},found:${recordValues}`); + throw new Error(`Authorization not found in DNS TXT record(没有找到需要的DNS TXT记录): ${recordName},need:${keyAuthorization},found:${recordValues}`); } - log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified`); + log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified(域名所有权校验成功)`); return true; } diff --git a/packages/ui/certd-server/src/plugins/plugin-dnsla/dns-provider.ts b/packages/ui/certd-server/src/plugins/plugin-dnsla/dns-provider.ts index a3005152..b3956139 100644 --- a/packages/ui/certd-server/src/plugins/plugin-dnsla/dns-provider.ts +++ b/packages/ui/certd-server/src/plugins/plugin-dnsla/dns-provider.ts @@ -146,7 +146,9 @@ export class DnslaDnsProvider extends AbstractDnsProvider { type: 16, host: fullRecord, data: value, - ttl: 1, + ttl: 60, + weight:1, + preference:1, }); return res.data;