v0.2.6

feat: 支持配置 CNAME 认证跟随禁用

.github/workflows/push_image.yml

@@ -56,3 +56,4 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
+

internal/applicant/applicant.go

@@ -7,6 +7,8 @@ import (
 	"crypto/rand"
 	"errors"
 	"fmt"
+	"os"
+	"strconv"
 	"strings"
 
 	"github.com/usual2970/certimate/internal/domain"
@@ -63,12 +65,13 @@ type Certificate struct {
 }
 
 type ApplyOption struct {
-	Email        string `json:"email"`
+	Email              string `json:"email"`
-	Domain       string `json:"domain"`
+	Domain             string `json:"domain"`
-	Access       string `json:"access"`
+	Access             string `json:"access"`
-	KeyAlgorithm string `json:"keyAlgorithm"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
-	Nameservers  string `json:"nameservers"`
+	Nameservers        string `json:"nameservers"`
-	Timeout      int64  `json:"timeout"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }
 
 type ApplyUser struct {
@@ -115,12 +118,13 @@ func Get(record *models.Record) (Applicant, error) {
 	}
 
 	option := &ApplyOption{
-		Email:        applyConfig.Email,
+		Email:              applyConfig.Email,
-		Domain:       record.GetString("domain"),
+		Domain:             record.GetString("domain"),
-		Access:       access.GetString("config"),
+		Access:             access.GetString("config"),
-		KeyAlgorithm: applyConfig.KeyAlgorithm,
+		KeyAlgorithm:       applyConfig.KeyAlgorithm,
-		Nameservers:  applyConfig.Nameservers,
+		Nameservers:        applyConfig.Nameservers,
-		Timeout:      applyConfig.Timeout,
+		Timeout:            applyConfig.Timeout,
+		DisableFollowCNAME: applyConfig.DisableFollowCNAME,
 	}
 
 	switch access.GetString("configType") {
@@ -177,6 +181,10 @@ func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, erro
 		return nil, err
 	}
 
+	// Some unified lego environment variables are configured here.
+	// link: https://github.com/go-acme/lego/issues/1867
+	os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(option.DisableFollowCNAME))
+
 	myUser := ApplyUser{
 		Email: option.Email,
 		key:   privateKey,

internal/domain/domains.go

@@ -1,11 +1,12 @@
 package domain
 
 type ApplyConfig struct {
-	Email        string `json:"email"`
+	Email              string `json:"email"`
-	Access       string `json:"access"`
+	Access             string `json:"access"`
-	KeyAlgorithm string `json:"keyAlgorithm"`
+	KeyAlgorithm       string `json:"keyAlgorithm"`
-	Nameservers  string `json:"nameservers"`
+	Nameservers        string `json:"nameservers"`
-	Timeout      int64  `json:"timeout"`
+	Timeout            int64  `json:"timeout"`
+	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }
 
 type DeployConfig struct {

ui/src/components/ui/tooltip.tsx

@@ -24,4 +24,31 @@ const TooltipContent = React.forwardRef<React.ElementRef<typeof TooltipPrimitive
 );
 TooltipContent.displayName = TooltipPrimitive.Content.displayName;
 
-export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider };
+type TooltipFastProps = TooltipPrimitive.TooltipContentProps &
+  TooltipPrimitive.TooltipProps &
+  React.RefAttributes<HTMLDivElement> & {
+    contentView?: JSX.Element;
+  };
+
+const TooltipLink = React.forwardRef((props: React.PropsWithChildren, forwardedRef: React.ForwardedRef<HTMLAnchorElement>) => (
+  <a {...props} ref={forwardedRef}>
+    {props.children}
+  </a>
+));
+
+function TooltipFast({ children, contentView, open, defaultOpen, onOpenChange, ...props }: TooltipFastProps) {
+  return (
+    <TooltipProvider>
+      <Tooltip open={open} defaultOpen={defaultOpen} onOpenChange={onOpenChange}>
+        <TooltipPrimitive.Trigger asChild>
+          <TooltipLink>{children}</TooltipLink>
+        </TooltipPrimitive.Trigger>
+        <TooltipContent side="top" align="center" {...props}>
+          {contentView}
+        </TooltipContent>
+      </Tooltip>
+    </TooltipProvider>
+  );
+}
+
+export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider, TooltipFast };

ui/src/domain/domain.ts

@@ -53,6 +53,7 @@ export type ApplyConfig = {
   keyAlgorithm?: string;
   nameservers?: string;
   timeout?: number;
+  disableFollowCNAME?: boolean;
 };
 
 export type Statistic = {

ui/src/domain/version.ts

@@ -1 +1 @@
-export const version = "Certimate v0.2.5";
+export const version = "Certimate v0.2.6";

ui/src/i18n/locales/en/nls.domain.json

@@ -41,6 +41,9 @@
   "domain.application.form.key_algorithm.placeholder": "Please select certificate key algorithm",
   "domain.application.form.timeout.label": "DNS Propagation Timeout (Seconds)",
   "domain.application.form.timeoue.placeholder": "Please enter maximum waiting time for DNS propagation",
+  "domain.application.form.disable_follow_cname.label": "Disable DNS CNAME following",
+  "domain.application.form.disable_follow_cname.tips": "This option will disable Acme DNS authentication CNAME follow. If you don't understand this option, just keep it by default. ",
+  "domain.application.form.disable_follow_cname.tips_link": "Learn more",
   "domain.application.unsaved.message": "Please save applyment configuration first",
 
   "domain.deployment.tab": "Deploy Settings",

ui/src/i18n/locales/zh/nls.domain.json

@@ -41,6 +41,9 @@
   "domain.application.form.key_algorithm.placeholder": "请选择数字证书算法",
   "domain.application.form.timeout.label": "DNS 传播检查超时时间（单位：秒）",
   "domain.application.form.timeoue.placeholder": "请输入 DNS 传播检查超时时间",
+  "domain.application.form.disable_follow_cname.label": "禁用 DNS CNAME 跟随",
+  "domain.application.form.disable_follow_cname.tips": "该选项将禁用 Acme DNS 认证 CNAME 跟随，如果你不了解此选项保持默认即可，",
+  "domain.application.form.disable_follow_cname.tips_link": "了解更多",
   "domain.application.unsaved.message": "请先保存申请配置",
 
   "domain.deployment.tab": "部署配置",

ui/src/pages/domains/Edit.tsx

@@ -4,7 +4,7 @@ import { useForm } from "react-hook-form";
 import { useTranslation } from "react-i18next";
 import z from "zod";
 import { zodResolver } from "@hookform/resolvers/zod";
-import { ChevronsUpDown, Plus } from "lucide-react";
+import { ChevronsUpDown, Plus, CircleHelp } from "lucide-react";
 import { ClientResponseError } from "pocketbase";
 
 import { Button } from "@/components/ui/button";
@@ -26,6 +26,8 @@ import { EmailsSetting } from "@/domain/settings";
 import { DeployConfig, Domain } from "@/domain/domain";
 import { save, get } from "@/repository/domains";
 import { useConfig } from "@/providers/config";
+import { Switch } from "@/components/ui/switch";
+import { TooltipFast } from "@/components/ui/tooltip";
 
 const Edit = () => {
   const {
@@ -64,6 +66,7 @@ const Edit = () => {
     keyAlgorithm: z.string().optional(),
     nameservers: z.string().optional(),
     timeout: z.number().optional(),
+    disableFollowCNAME: z.boolean().optional(),
   });
 
   const form = useForm<z.infer<typeof formSchema>>({
@@ -76,6 +79,7 @@ const Edit = () => {
       keyAlgorithm: "RSA2048",
       nameservers: "",
       timeout: 60,
+      disableFollowCNAME: true,
     },
   });
 
@@ -89,6 +93,7 @@ const Edit = () => {
         keyAlgorithm: domain.applyConfig?.keyAlgorithm,
         nameservers: domain.applyConfig?.nameservers,
         timeout: domain.applyConfig?.timeout,
+        disableFollowCNAME: domain.applyConfig?.disableFollowCNAME,
       });
     }
   }, [domain, form]);
@@ -108,6 +113,7 @@ const Edit = () => {
         keyAlgorithm: data.keyAlgorithm,
         nameservers: data.nameservers,
         timeout: data.timeout,
+        disableFollowCNAME: data.disableFollowCNAME,
       },
     };
 
@@ -176,7 +182,7 @@ const Edit = () => {
     <>
       <div className="">
         <Toaster />
-        <div className=" h-5 text-muted-foreground">
+        <div className="h-5 text-muted-foreground">
           <Breadcrumb>
             <BreadcrumbList>
               <BreadcrumbItem>
@@ -190,7 +196,7 @@ const Edit = () => {
             </BreadcrumbList>
           </Breadcrumb>
         </div>
-        <div className="mt-5 flex w-full justify-center md:space-x-10 flex-col md:flex-row">
+        <div className="flex flex-col justify-center w-full mt-5 md:space-x-10 md:flex-row">
           <div className="w-full md:w-[200px] text-muted-foreground space-x-3 md:space-y-3 flex-row md:flex-col flex md:mt-5">
             <div
               className={cn("cursor-pointer text-right", tab === "apply" ? "text-primary" : "")}
@@ -247,11 +253,11 @@ const Edit = () => {
                     name="email"
                     render={({ field }) => (
                       <FormItem>
-                        <FormLabel className="flex w-full justify-between">
+                        <FormLabel className="flex justify-between w-full">
                           <div>{t("domain.application.form.email.label") + " " + t("domain.application.form.email.tips")}</div>
                           <EmailsEdit
                             trigger={
-                              <div className="font-normal text-primary hover:underline cursor-pointer flex items-center">
+                              <div className="flex items-center font-normal cursor-pointer text-primary hover:underline">
                                 <Plus size={14} />
                                 {t("common.add")}
                               </div>
@@ -293,11 +299,11 @@ const Edit = () => {
                     name="access"
                     render={({ field }) => (
                       <FormItem>
-                        <FormLabel className="flex w-full justify-between">
+                        <FormLabel className="flex justify-between w-full">
                           <div>{t("domain.application.form.access.label")}</div>
                           <AccessEdit
                             trigger={
-                              <div className="font-normal text-primary hover:underline cursor-pointer flex items-center">
+                              <div className="flex items-center font-normal cursor-pointer text-primary hover:underline">
                                 <Plus size={14} />
                                 {t("common.add")}
                               </div>
@@ -344,8 +350,8 @@ const Edit = () => {
                     <Collapsible>
                       <CollapsibleTrigger className="w-full my-4">
                         <div className="flex items-center justify-between space-x-4">
-                          <span className="flex-1 text-sm text-gray-600 text-left">{t("domain.application.form.advanced_settings.label")}</span>
+                          <span className="flex-1 text-sm text-left text-gray-600">{t("domain.application.form.advanced_settings.label")}</span>
-                          <ChevronsUpDown className="h-4 w-4" />
+                          <ChevronsUpDown className="w-4 h-4" />
                         </div>
                       </CollapsibleTrigger>
                       <CollapsibleContent>
@@ -424,6 +430,49 @@ const Edit = () => {
                               </FormItem>
                             )}
                           />
+
+                          {/* 禁用 CNAME 跟随 */}
+                          <FormField
+                            control={form.control}
+                            name="disableFollowCNAME"
+                            render={({ field }) => (
+                              <FormItem>
+                                <FormLabel>
+                                  <div className="flex">
+                                    <span className="mr-1">{t("domain.application.form.disable_follow_cname.label")} </span>
+                                    <TooltipFast
+                                      className="max-w-[20rem]"
+                                      contentView={
+                                        <p>
+                                          {t("domain.application.form.disable_follow_cname.tips")}
+                                          <a
+                                            className="text-primary"
+                                            target="_blank"
+                                            href="https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/#the-advantages-of-a-cname"
+                                          >
+                                            {t("domain.application.form.disable_follow_cname.tips_link")}
+                                          </a>
+                                        </p>
+                                      }
+                                    >
+                                      <CircleHelp size={14} />
+                                    </TooltipFast>
+                                  </div>
+                                </FormLabel>
+                                <FormControl>
+                                  <div>
+                                    <Switch
+                                      defaultChecked={field.value}
+                                      onCheckedChange={(value) => {
+                                        form.setValue(field.name, value);
+                                      }}
+                                    />
+                                  </div>
+                                </FormControl>
+                                <FormMessage />
+                              </FormItem>
+                            )}
+                          />
                         </div>
                       </CollapsibleContent>
                     </Collapsible>