Merge branch 'main' into feat/cloud-load-balance

internal/applicant/applicant.go

@@ -7,6 +7,8 @@ import (
 	"crypto/rand"
 	"errors"
 	"fmt"
+	"os"
+	"strconv"
 	"strings"
 
 	"github.com/usual2970/certimate/internal/domain"
@@ -63,12 +65,13 @@ type Certificate struct {
 }
 
 type ApplyOption struct {
-	Email        string `json:"email"`
-	Domain       string `json:"domain"`
-	Access       string `json:"access"`
-	KeyAlgorithm string `json:"keyAlgorithm"`
-	Nameservers  string `json:"nameservers"`
-	Timeout      int64  `json:"timeout"`
+	Email              string `json:"email"`
+	Domain             string `json:"domain"`
+	Access             string `json:"access"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
+	Nameservers        string `json:"nameservers"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }
 
 type ApplyUser struct {
@@ -115,12 +118,13 @@ func Get(record *models.Record) (Applicant, error) {
 	}
 
 	option := &ApplyOption{
-		Email:        applyConfig.Email,
-		Domain:       record.GetString("domain"),
-		Access:       access.GetString("config"),
-		KeyAlgorithm: applyConfig.KeyAlgorithm,
-		Nameservers:  applyConfig.Nameservers,
-		Timeout:      applyConfig.Timeout,
+		Email:              applyConfig.Email,
+		Domain:             record.GetString("domain"),
+		Access:             access.GetString("config"),
+		KeyAlgorithm:       applyConfig.KeyAlgorithm,
+		Nameservers:        applyConfig.Nameservers,
+		Timeout:            applyConfig.Timeout,
+		DisableFollowCNAME: applyConfig.DisableFollowCNAME,
 	}
 
 	switch access.GetString("configType") {
@@ -177,6 +181,10 @@ func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, erro
 		return nil, err
 	}
 
+	// Some unified lego environment variables are configured here.
+	// link: https://github.com/go-acme/lego/issues/1867
+	os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(option.DisableFollowCNAME))
+
 	myUser := ApplyUser{
 		Email: option.Email,
 		key:   privateKey,

internal/deployer/aliyun_esa.go

@@ -1,7 +1,7 @@
 /*
  * @Author: Bin
  * @Date: 2024-09-17
- * @FilePath: /github.com/usual2970/certimate/internal/deployer/aliyun_esa.go
+ * @FilePath: /certimate/internal/deployer/aliyun_esa.go
  */
 package deployer
 
@@ -9,6 +9,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
 	dcdn20180115 "github.com/alibabacloud-go/dcdn-20180115/v3/client"
@@ -55,8 +56,15 @@ func (d *AliyunESADeployer) GetInfo() []string {
 
 func (d *AliyunESADeployer) Deploy(ctx context.Context) error {
 	certName := fmt.Sprintf("%s-%s-%s", d.option.Domain, d.option.DomainId, rand.RandStr(6))
+
+	// 支持泛解析域名，在 Aliyun DCND 中泛解析域名表示为 .example.com
+	domain := getDeployString(d.option.DeployConfig, "domain")
+	if strings.HasPrefix(domain, "*") {
+		domain = strings.TrimPrefix(domain, "*")
+	}
+
 	setDcdnDomainSSLCertificateRequest := &dcdn20180115.SetDcdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(getDeployString(d.option.DeployConfig, "domain")),
+		DomainName:  tea.String(domain),
 		CertName:    tea.String(certName),
 		CertType:    tea.String("upload"),
 		SSLProtocol: tea.String("on"),

internal/domain/domains.go

@@ -1,11 +1,12 @@
 package domain
 
 type ApplyConfig struct {
-	Email        string `json:"email"`
-	Access       string `json:"access"`
-	KeyAlgorithm string `json:"keyAlgorithm"`
-	Nameservers  string `json:"nameservers"`
-	Timeout      int64  `json:"timeout"`
+	Email              string `json:"email"`
+	Access             string `json:"access"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
+	Nameservers        string `json:"nameservers"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }
 
 type DeployConfig struct {