From a954ab7ede5bd3d7f98b8a4cbc727c5dc0c345f3 Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Thu, 10 Oct 2024 15:32:25 +0800 Subject: [PATCH] chore: --- doc/google/google.md | 5 ++++- .../plugin-cert/src/plugin/cert-plugin/acme.ts | 5 +++-- .../plugin-cert/src/plugin/cert-plugin/index.ts | 12 +++++++++++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/doc/google/google.md b/doc/google/google.md index c9471920..7d880431 100644 --- a/doc/google/google.md +++ b/doc/google/google.md @@ -9,7 +9,8 @@ https://console.cloud.google.com/apis/library/publicca.googleapis.com ## 2、 获取授权 以下两种方式任选其一 -### 2.1 直接获取EAB +### 2.1 直接获取EAB 【推荐】 + 1. 打开“Google Cloud Shell”(在右上角点击激活CloudShell图标)。 等待分配完成后在 Shell 窗口内输入如下命令: @@ -29,6 +30,8 @@ keyId: xxxxxxxxxxxxx] 3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息 注意:keyId没有`]`结尾,不要把`]`也复制了 +注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱 +否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation` ### 2.2 通过服务账号获取EAB diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts index 9b5c2cd3..14402024 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts @@ -40,6 +40,7 @@ type AcmeServiceOptions = { eab?: ClientExternalAccountBindingOptions; skipLocalVerify?: boolean; useMappingProxy?: boolean; + reverseProxy?: string; privateKeyType?: PrivateKeyType; signal?: AbortSignal; }; @@ -91,8 +92,8 @@ export class AcmeService { const urlMapping: UrlMapping = { enabled: false, mappings: { - "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work", - "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work", + "acme-v02.api.letsencrypt.org": this.options.reverseProxy || "letsencrypt.proxy.handsfree.work", + "dv.acme-v02.api.pki.goog": this.options.reverseProxy || "google.proxy.handsfree.work", }, }; const conf = await this.getAccountConfig(email, urlMapping); diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts index 4322dde9..9d47d5d8 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts @@ -147,7 +147,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { maybeNeed: true, required: false, helper: - "需要提供EAB授权\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://gitee.com/certd/certd/blob/v2/doc/google/google.md)", + "需要提供EAB授权\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://gitee.com/certd/certd/blob/v2/doc/google/google.md),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱", mergeScript: ` return { show: ctx.compute(({form})=>{ @@ -211,6 +211,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin { }) useProxy = false; + @TaskInput({ + title: "自定义反代地址", + component: { + placeholder: "google.yourproxy.com", + }, + helper: "填写你的自定义反代地址,不要带http://\nletsencrypt反代目标:acme-v02.api.letsencrypt.org\ngoogle反代目标:dv.acme-v02.api.pki.goog", + }) + reverseProxy = ""; + @TaskInput({ title: "跳过本地校验DNS", value: false, @@ -259,6 +268,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { eab, skipLocalVerify: this.skipLocalVerify, useMappingProxy: this.useProxy, + reverseProxy: this.reverseProxy, privateKeyType: this.privateKeyType, // cnameProxyService: this.ctx.cnameProxyService, // dnsProviderCreator: this.createDnsProvider.bind(this),