From 1dba225ebba957c8cfdbe85db8e98e2edb50747c Mon Sep 17 00:00:00 2001
From: Hanrea <hanrea@qq.com>
Date: Mon, 17 Jun 2024 12:22:49 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E2=9C=A8=20=E9=85=8D=E7=BD=AE=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6dns=5Fapi=E5=8F=82=E6=95=B0=E6=B7=BB=E5=8A=A0=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81=E4=BB=BB=E6=84=8F=E5=9F=9F=E5=90=8D=E5=8C=B9=E9=85=8D?=
 =?UTF-8?q?:=20domain:=20'*'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/task.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/task.js b/src/task.js
index 64a6d39..07aa1e5 100644
--- a/src/task.js
+++ b/src/task.js
@@ -87,7 +87,12 @@ async function doTask() {
     const mail = task.mail || config.acme_mail
     const serviceList = task.serviceList
 
-    const dnsParam = config.dns_api.find(item => item.domain == common.getRootDomain(domain))
+    let anyParsm = config.dns_api.find(item => item.domain == "*")
+    let dnsParam = config.dns_api.find(item => item.domain == common.getRootDomain(domain))
+    if (!dnsParam && anyParsm){
+      // 使用 * 匹配参数（只需要配置dns解析服务商即可）
+      dnsParam = anyParsm;
+    }
 
     let isAddRoute = false
     try {

From 75716baef2c85dbe7bb0f617dff2aacff9f0b39c Mon Sep 17 00:00:00 2001
From: Hanrea <hanrea@qq.com>
Date: Mon, 17 Jun 2024 12:24:01 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E2=9C=A8=20=E5=88=9B=E5=BB=BA=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E6=97=B6=E5=AF=B9=E6=B3=9B=E5=9F=9F=E5=90=8D=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=E4=B8=BB=E5=9F=9F=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/apisix.js | 12 ++++++------
 src/common.js | 18 ++++++++++++++++--
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/apisix.js b/src/apisix.js
index 14f0ca4..99c6eaf 100644
--- a/src/apisix.js
+++ b/src/apisix.js
@@ -149,7 +149,7 @@ async function removeVerifyRoute(domain) {
 }
 
 /**
- * 列出指定单sni的证书，不传列出所有单sni的证书
+ * 列出指定单sni的证书，不传列出所有单sni的证书(泛域名也包括在内)
  * @typedef {{id: string, domain: string, validity_start: number, validity_end: number}} Item
  * @param {string|undefined} sni
  * @returns {Promise<Array<Item>>}
@@ -165,14 +165,14 @@ async function listSSL(sni) {
   }
 
   const results = []
-
   list.forEach(item => {
-    if (item.snis.length > 1) return
-    if (sni && sni !== item.snis[0]) return
-
+    var domain = item.snis.find(sni => sni.startsWith("*."));
+    if (!domain && item.snis.length > 1) return
+    domain = domain || item.snis[0];
+    if (sni && domain.indexOf(sni) < 0) return
     results.push({
       id: item.id,
-      domain: item.snis[0],
+      domain: domain,
       validity_start: item.validity_start,
       validity_end: item.validity_end
     })
diff --git a/src/common.js b/src/common.js
index 5338e50..5222de9 100644
--- a/src/common.js
+++ b/src/common.js
@@ -93,7 +93,14 @@ async function createSSL(domain, email, dnsParam, acmeEnv, acmeParam) {
 
   if (dnsParam) {
     const options = { timeout: 1000 * 350, env: { ...acmeEnv, ...dnsParam.env } }
-    await execShell(`acme.sh  --home /acme.sh --issue --force -m ${email} -d ${domain} --dns ${dnsParam.dns} ${acmeParam.join(' ')}`, options).catch(
+    let dnsshell = ``;
+    if (domain.indexOf("*")>=0){
+
+      dnsshell = `acme.sh  --home /acme.sh --issue --force -m ${email} -d ${domain.replace("*.","")} -d ${domain}  --dns ${dnsParam.dns} ${acmeParam.join(' ')}`;
+    }else{
+      dnsshell = `acme.sh  --home /acme.sh --issue --force -m ${email} -d ${domain} --dns ${dnsParam.dns} ${acmeParam.join(' ')}`
+    }
+    await execShell(dnsshell, options).catch(
       data => {
         return Promise.reject({
           message: 'DSN验证申请证书失败',
@@ -115,7 +122,14 @@ async function createSSL(domain, email, dnsParam, acmeEnv, acmeParam) {
     })
   }
 
-  await execShell(`acme.sh --home /acme.sh --install-cert -d ${domain} --key-file ${ssl_key} --fullchain-file ${ssl_cer}`, { timeout: 1000 * 10 })
+  let insshell = "";
+  if (domain.indexOf("*") >= 0) {
+
+    insshell = `acme.sh --home /acme.sh --install-cert -d ${domain.replace("*.", "")} -d ${domain}  --key-file ${ssl_key} --fullchain-file ${ssl_cer}`
+  } else {
+    insshell = `acme.sh --home /acme.sh --install-cert -d ${domain} --key-file ${ssl_key} --fullchain-file ${ssl_cer}`
+  }
+  await execShell(insshell, { timeout: 1000 * 10 })
 
   const info = parseCA(ssl_cer, ssl_key)