diff --git a/docs/guide/qa/use.md b/docs/guide/qa/use.md index b7cbce7b..c75407dd 100644 --- a/docs/guide/qa/use.md +++ b/docs/guide/qa/use.md @@ -17,4 +17,17 @@ 解决方案:可以加多一个子域名,重新执行就可以规避次错误 ``` "detail": too many certificates (5) already issued for this exact set of idantifiers in the last 168hm0s -``` \ No newline at end of file +``` + +## ssl.com报错 CAA record does not include ssl.com which is required to issue the certificate +ssl.com申请证书要求必须设置CAA记录,表示允许ssl.com为该域名颁发证书 +请按如下格式添加CAA记录 + +| 示例 | 类型 | 域名前缀 | flag | tag | 值 | +|-------|-----| -- |-----------|--------|----------------------| +| 顶级域名 | CAA | @ | 0 | issue | "ssl.com" (注意有双引号) | +| 一级泛域名 | CAA | * | 0 | issue/issuewild | "ssl.com" | +| 固定子域名 | CAA | sub | 0 | issue |"ssl.com" | + + + diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts index 8b5f04c7..5bb20751 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts @@ -374,7 +374,7 @@ export class AcmeService { commonName, ...csrInfo, altNames, - emailAddress: email, + // emailAddress: email, }, privateKey ); diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts index 1d608648..d7d268fb 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts @@ -92,7 +92,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { { value: "sslcom", label: "SSL.com(仅主域名和www免费)", icon: "la:expeditedssl" }, ], }, - helper: "Let's Encrypt:申请最简单\nGoogle:大厂光环,兼容性好,仅首次需要翻墙获取EAB授权\nZeroSSL:需要EAB授权,无需翻墙", + helper: "Let's Encrypt:申请最简单\nGoogle:大厂光环,兼容性好,仅首次需要翻墙获取EAB授权\nZeroSSL:需要EAB授权,无需翻墙\nSSL.com:仅主域名和www免费,必须设置CAA记录", required: true, }) sslProvider!: SSLProvider;