diff --git a/src/apisix.js b/src/apisix.js index 14f0ca4..99c6eaf 100644 --- a/src/apisix.js +++ b/src/apisix.js @@ -149,7 +149,7 @@ async function removeVerifyRoute(domain) { } /** - * 列出指定单sni的证书,不传列出所有单sni的证书 + * 列出指定单sni的证书,不传列出所有单sni的证书(泛域名也包括在内) * @typedef {{id: string, domain: string, validity_start: number, validity_end: number}} Item * @param {string|undefined} sni * @returns {Promise>} @@ -165,14 +165,14 @@ async function listSSL(sni) { } const results = [] - list.forEach(item => { - if (item.snis.length > 1) return - if (sni && sni !== item.snis[0]) return - + var domain = item.snis.find(sni => sni.startsWith("*.")); + if (!domain && item.snis.length > 1) return + domain = domain || item.snis[0]; + if (sni && domain.indexOf(sni) < 0) return results.push({ id: item.id, - domain: item.snis[0], + domain: domain, validity_start: item.validity_start, validity_end: item.validity_end }) diff --git a/src/common.js b/src/common.js index 5338e50..5222de9 100644 --- a/src/common.js +++ b/src/common.js @@ -93,7 +93,14 @@ async function createSSL(domain, email, dnsParam, acmeEnv, acmeParam) { if (dnsParam) { const options = { timeout: 1000 * 350, env: { ...acmeEnv, ...dnsParam.env } } - await execShell(`acme.sh --home /acme.sh --issue --force -m ${email} -d ${domain} --dns ${dnsParam.dns} ${acmeParam.join(' ')}`, options).catch( + let dnsshell = ``; + if (domain.indexOf("*")>=0){ + + dnsshell = `acme.sh --home /acme.sh --issue --force -m ${email} -d ${domain.replace("*.","")} -d ${domain} --dns ${dnsParam.dns} ${acmeParam.join(' ')}`; + }else{ + dnsshell = `acme.sh --home /acme.sh --issue --force -m ${email} -d ${domain} --dns ${dnsParam.dns} ${acmeParam.join(' ')}` + } + await execShell(dnsshell, options).catch( data => { return Promise.reject({ message: 'DSN验证申请证书失败', @@ -115,7 +122,14 @@ async function createSSL(domain, email, dnsParam, acmeEnv, acmeParam) { }) } - await execShell(`acme.sh --home /acme.sh --install-cert -d ${domain} --key-file ${ssl_key} --fullchain-file ${ssl_cer}`, { timeout: 1000 * 10 }) + let insshell = ""; + if (domain.indexOf("*") >= 0) { + + insshell = `acme.sh --home /acme.sh --install-cert -d ${domain.replace("*.", "")} -d ${domain} --key-file ${ssl_key} --fullchain-file ${ssl_cer}` + } else { + insshell = `acme.sh --home /acme.sh --install-cert -d ${domain} --key-file ${ssl_key} --fullchain-file ${ssl_cer}` + } + await execShell(insshell, { timeout: 1000 * 10 }) const info = parseCA(ssl_cer, ssl_key) diff --git a/src/task.js b/src/task.js index 64a6d39..07aa1e5 100644 --- a/src/task.js +++ b/src/task.js @@ -87,7 +87,12 @@ async function doTask() { const mail = task.mail || config.acme_mail const serviceList = task.serviceList - const dnsParam = config.dns_api.find(item => item.domain == common.getRootDomain(domain)) + let anyParsm = config.dns_api.find(item => item.domain == "*") + let dnsParam = config.dns_api.find(item => item.domain == common.getRootDomain(domain)) + if (!dnsParam && anyParsm){ + // 使用 * 匹配参数(只需要配置dns解析服务商即可) + dnsParam = anyParsm; + } let isAddRoute = false try {