mirror of https://github.com/certd/certd
chore:
xiaojunnuo
parent
389a1fbd04
commit
1a71969403
|
|
@ -53,10 +53,10 @@ export default async (client, userOpts) => {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
client.getAccountUrl();
|
client.getAccountUrl();
|
||||||
log('[auto] Account URL already exists, skipping account registration');
|
log('[auto] Account URL already exists, skipping account registration( 证书申请账户已存在,跳过注册 )');
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
log('[auto] Registering account');
|
log('[auto] Registering account (注册证书申请账户)');
|
||||||
await client.createAccount(accountPayload);
|
await client.createAccount(accountPayload);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -120,20 +120,20 @@ export default async (client, userOpts) => {
|
||||||
// throw new Error('测试异常');
|
// throw new Error('测试异常');
|
||||||
/* Challenge verification */
|
/* Challenge verification */
|
||||||
if (opts.skipChallengeVerification === true) {
|
if (opts.skipChallengeVerification === true) {
|
||||||
log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true,wait 60s`);
|
log(`[auto] [${d}] 跳过本地验证(skipChallengeVerification=true),等待 60s`);
|
||||||
await wait(60 * 1000);
|
await wait(60 * 1000);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
log(`[auto] [${d}] Running challenge verification, type = ${challenge.type}`);
|
log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
|
||||||
try {
|
try {
|
||||||
await client.verifyChallenge(authz, challenge);
|
await client.verifyChallenge(authz, challenge);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
log(`[auto] [${d}] challenge verification threw error: ${e.message}`);
|
log(`[auto] [${d}] 本地验证失败,尝试请求ACME提供商获取状态: ${e.message}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Complete challenge and wait for valid status */
|
/* Complete challenge and wait for valid status */
|
||||||
log(`[auto] [${d}] Completing challenge with ACME provider and waiting for valid status`);
|
log(`[auto] [${d}] 请求ACME提供商完成验证,等待返回valid状态`);
|
||||||
await client.completeChallenge(challenge);
|
await client.completeChallenge(challenge);
|
||||||
challengeCompleted = true;
|
challengeCompleted = true;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -500,7 +500,7 @@ class AcmeClient {
|
||||||
await verify[challenge.type](authz, challenge, keyAuthorization);
|
await verify[challenge.type](authz, challenge, keyAuthorization);
|
||||||
};
|
};
|
||||||
|
|
||||||
log('Waiting for ACME challenge verification', this.backoffOpts);
|
log('Waiting for ACME challenge verification(等待ACME挑战验证)', this.backoffOpts);
|
||||||
return util.retry(verifyFn, this.backoffOpts);
|
return util.retry(verifyFn, this.backoffOpts);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -568,14 +568,14 @@ class AcmeClient {
|
||||||
const resp = await this.api.apiRequest(item.url, null, [200]);
|
const resp = await this.api.apiRequest(item.url, null, [200]);
|
||||||
|
|
||||||
/* Verify status */
|
/* Verify status */
|
||||||
log(`Item has status: ${resp.data.status}`);
|
log(`Item has status(挑战状态): ${resp.data.status}`);
|
||||||
|
|
||||||
if (invalidStates.includes(resp.data.status)) {
|
if (invalidStates.includes(resp.data.status)) {
|
||||||
abort();
|
abort();
|
||||||
throw new Error(util.formatResponseError(resp));
|
throw new Error(util.formatResponseError(resp));
|
||||||
}
|
}
|
||||||
else if (pendingStates.includes(resp.data.status)) {
|
else if (pendingStates.includes(resp.data.status)) {
|
||||||
throw new Error('Operation is pending or processing');
|
throw new Error('Operation is pending or processing(当前仍然在等待状态)');
|
||||||
}
|
}
|
||||||
else if (validStates.includes(resp.data.status)) {
|
else if (validStates.includes(resp.data.status)) {
|
||||||
return resp.data;
|
return resp.data;
|
||||||
|
|
@ -584,7 +584,7 @@ class AcmeClient {
|
||||||
throw new Error(`Unexpected item status: ${resp.data.status}`);
|
throw new Error(`Unexpected item status: ${resp.data.status}`);
|
||||||
};
|
};
|
||||||
|
|
||||||
log(`Waiting for valid status from: ${item.url}`, this.backoffOpts);
|
log(`Waiting for valid status (等待valid状态): ${item.url}`, this.backoffOpts);
|
||||||
return util.retry(verifyFn, this.backoffOpts);
|
return util.retry(verifyFn, this.backoffOpts);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -60,8 +60,9 @@ async function retryPromise(fn, attempts, backoff) {
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log(`Promise rejected: ${e.message}`);
|
||||||
const duration = backoff.duration();
|
const duration = backoff.duration();
|
||||||
log(`Promise rejected attempt #${backoff.attempts}, retrying in ${duration}ms: ${e.message}`);
|
log(`attempt #${backoff.attempts}, ${duration}ms 后重试: ${e.message}`);
|
||||||
|
|
||||||
await new Promise((resolve) => { setTimeout(resolve, duration); });
|
await new Promise((resolve) => { setTimeout(resolve, duration); });
|
||||||
return retryPromise(fn, attempts, backoff);
|
return retryPromise(fn, attempts, backoff);
|
||||||
|
|
@ -241,7 +242,7 @@ async function resolveDomainBySoaRecord(recordName) {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
async function getAuthoritativeDnsResolver(recordName) {
|
async function getAuthoritativeDnsResolver(recordName) {
|
||||||
log(`Locating authoritative NS records for name: ${recordName}`);
|
log(`Locating authoritative NS records for name: ${recordName} (获取域名的权威NS服务器)`);
|
||||||
const resolver = new dns.Resolver();
|
const resolver = new dns.Resolver();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
@ -249,13 +250,14 @@ async function getAuthoritativeDnsResolver(recordName) {
|
||||||
const domain = await resolveDomainBySoaRecord(recordName);
|
const domain = await resolveDomainBySoaRecord(recordName);
|
||||||
|
|
||||||
/* Resolve authoritative NS addresses */
|
/* Resolve authoritative NS addresses */
|
||||||
log(`Looking up authoritative NS records for domain: ${domain}`);
|
log(`Looking up authoritative NS records for domain(获取域名的权威NS服务器): ${domain}`);
|
||||||
const nsRecords = await dns.resolveNs(domain);
|
const nsRecords = await dns.resolveNs(domain);
|
||||||
|
log(`域名权威NS服务器:${nsRecords}`);
|
||||||
const nsAddrArray = await Promise.all(nsRecords.map(async (r) => dns.resolve4(r)));
|
const nsAddrArray = await Promise.all(nsRecords.map(async (r) => dns.resolve4(r)));
|
||||||
const nsAddresses = [].concat(...nsAddrArray).filter((a) => a);
|
const nsAddresses = [].concat(...nsAddrArray).filter((a) => a);
|
||||||
|
|
||||||
if (!nsAddresses.length) {
|
if (!nsAddresses.length) {
|
||||||
throw new Error(`Unable to locate any valid authoritative NS addresses for domain: ${domain}`);
|
throw new Error(`Unable to locate any valid authoritative NS addresses for domain(获取权威服务器IP失败): ${domain}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authoritative NS success */
|
/* Authoritative NS success */
|
||||||
|
|
@ -263,12 +265,12 @@ async function getAuthoritativeDnsResolver(recordName) {
|
||||||
resolver.setServers(nsAddresses);
|
resolver.setServers(nsAddresses);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
log(`Authoritative NS lookup error: ${e.message}`);
|
log(`Authoritative NS lookup error(获取权威NS服务器地址失败): ${e.message}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return resolver */
|
/* Return resolver */
|
||||||
const addresses = resolver.getServers();
|
const addresses = resolver.getServers();
|
||||||
log(`DNS resolver addresses: ${addresses.join(', ')}`);
|
log(`DNS resolver addresses(域名的权威NS服务器地址): ${addresses.join(', ')}`);
|
||||||
|
|
||||||
return resolver;
|
return resolver;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -113,14 +113,14 @@ export async function walkTxtRecord(recordName) {
|
||||||
|
|
||||||
async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
|
async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
|
||||||
const recordName = `${prefix}${authz.identifier.value}`;
|
const recordName = `${prefix}${authz.identifier.value}`;
|
||||||
log(`Resolving DNS TXT from record: ${recordName}`);
|
log(`Resolving DNS TXT from record(解析DNS TXT记录): ${recordName}`);
|
||||||
const recordValues = await walkTxtRecord(recordName);
|
const recordValues = await walkTxtRecord(recordName);
|
||||||
log(`DNS query finished successfully, found ${recordValues.length} TXT records`);
|
log(`DNS query finished successfully(DNS查询成功), found ${recordValues.length} TXT records`);
|
||||||
if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
|
if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
|
||||||
throw new Error(`Authorization not found in DNS TXT record: ${recordName},need:${keyAuthorization},found:${recordValues}`);
|
throw new Error(`Authorization not found in DNS TXT record(没有找到需要的DNS TXT记录): ${recordName},need:${keyAuthorization},found:${recordValues}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified`);
|
log(`Key authorization match for ${challenge.type}/${recordName}, ACME challenge verified(域名所有权校验成功)`);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -146,7 +146,9 @@ export class DnslaDnsProvider extends AbstractDnsProvider<DnslaRecord> {
|
||||||
type: 16,
|
type: 16,
|
||||||
host: fullRecord,
|
host: fullRecord,
|
||||||
data: value,
|
data: value,
|
||||||
ttl: 1,
|
ttl: 60,
|
||||||
|
weight:1,
|
||||||
|
preference:1,
|
||||||
});
|
});
|
||||||
|
|
||||||
return res.data;
|
return res.data;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue