github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore:

pull/213/head
xiaojunnuo 2024-10-10 15:32:25 +08:00
parent 99387ee32b
commit a954ab7ede
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/google/google.md
View File

@ -9,7 +9,8 @@ https://console.cloud.google.com/apis/library/publicca.googleapis.com
## 2、 获取授权 ## 2、 获取授权
以下两种方式任选其一 以下两种方式任选其一
### 2.1 直接获取EAB ### 2.1 直接获取EAB 【推荐】
1. 打开“Google Cloud Shell”在右上角点击激活CloudShell图标 1. 打开“Google Cloud Shell”在右上角点击激活CloudShell图标
等待分配完成后在 Shell 窗口内输入如下命令: 等待分配完成后在 Shell 窗口内输入如下命令:
@ -29,6 +30,8 @@ keyId: xxxxxxxxxxxxx]
3. 到Certd中创建一条EAB授权记录填写keyId(=kid) 和 b64MacKey 信息 3. 到Certd中创建一条EAB授权记录填写keyId(=kid) 和 b64MacKey 信息
注意keyId没有`]`结尾,不要把`]`也复制了 注意keyId没有`]`结尾,不要把`]`也复制了
注意EAB授权使用过一次之后会绑定邮箱后续再次使用时要使用相同的邮箱
否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
### 2.2 通过服务账号获取EAB ### 2.2 通过服务账号获取EAB

5
packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
View File

@ -40,6 +40,7 @@ type AcmeServiceOptions = {
eab?: ClientExternalAccountBindingOptions; eab?: ClientExternalAccountBindingOptions;
skipLocalVerify?: boolean; skipLocalVerify?: boolean;
useMappingProxy?: boolean; useMappingProxy?: boolean;
reverseProxy?: string;
privateKeyType?: PrivateKeyType; privateKeyType?: PrivateKeyType;
signal?: AbortSignal; signal?: AbortSignal;
}; };
@ -91,8 +92,8 @@ export class AcmeService {
const urlMapping: UrlMapping = { const urlMapping: UrlMapping = {
enabled: false, enabled: false,
mappings: { mappings: {
"acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work", "acme-v02.api.letsencrypt.org": this.options.reverseProxy || "letsencrypt.proxy.handsfree.work",
"dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work", "dv.acme-v02.api.pki.goog": this.options.reverseProxy || "google.proxy.handsfree.work",
}, },
}; };
const conf = await this.getAccountConfig(email, urlMapping); const conf = await this.getAccountConfig(email, urlMapping);

12
packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
View File

@ -147,7 +147,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
maybeNeed: true, maybeNeed: true,
required: false, required: false,
helper: helper:
"需要提供EAB授权\nZeroSSL请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://gitee.com/certd/certd/blob/v2/doc/google/google.md)", "需要提供EAB授权\nZeroSSL请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://gitee.com/certd/certd/blob/v2/doc/google/google.md)用过一次后会绑定邮箱后续复用EAB要用同一个邮箱",
mergeScript: ` mergeScript: `
return { return {
show: ctx.compute(({form})=>{ show: ctx.compute(({form})=>{
@ -211,6 +211,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
}) })
useProxy = false; useProxy = false;
@TaskInput({
title: "自定义反代地址",
component: {
placeholder: "google.yourproxy.com",
},
helper: "填写你的自定义反代地址不要带http://\nletsencrypt反代目标acme-v02.api.letsencrypt.org\ngoogle反代目标dv.acme-v02.api.pki.goog",
})
reverseProxy = "";
@TaskInput({ @TaskInput({
title: "跳过本地校验DNS", title: "跳过本地校验DNS",
value: false, value: false,
@ -259,6 +268,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
eab, eab,
skipLocalVerify: this.skipLocalVerify, skipLocalVerify: this.skipLocalVerify,
useMappingProxy: this.useProxy, useMappingProxy: this.useProxy,
reverseProxy: this.reverseProxy,
privateKeyType: this.privateKeyType, privateKeyType: this.privateKeyType,
// cnameProxyService: this.ctx.cnameProxyService, // cnameProxyService: this.ctx.cnameProxyService,
// dnsProviderCreator: this.createDnsProvider.bind(this), // dnsProviderCreator: this.createDnsProvider.bind(this),