Merge branch 'main' into feat/workflow

internal/deployer/aliyun_clb.go

@@ -246,10 +246,10 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLo
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
 	//
 	// 这里仅修改跟被替换证书一致的扩展域名
-	if describeDomainExtensionsResp.Body.DomainExtensions == nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension == nil {
+	if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
 		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
-			if *domainExtension.ServerCertificateId == *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
+			if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
-				break
+				continue
 			}
 
 			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{

internal/deployer/qiniu_cdn.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	xerrors "github.com/pkg/errors"
 	"github.com/qiniu/go-sdk/v7/auth"
@@ -69,9 +70,14 @@ func (d *QiniuCDNDeployer) Deploy(ctx context.Context) error {
 
 	d.infos = append(d.infos, toStr("已上传证书", upres))
 
+	// 在七牛 CDN 中泛域名表示为 .example.com，需去除前缀星号
+	domain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(domain, "*") {
+		domain = strings.TrimPrefix(domain, "*")
+	}
+
 	// 获取域名信息
 	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
-	domain := d.option.DeployConfig.GetConfigAsString("domain")
 	getDomainInfoResp, err := d.sdkClient.GetDomainInfo(domain)
 	if err != nil {
 		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDomainInfo'")

internal/deployer/tencent_clb.go

@@ -102,7 +102,7 @@ func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
 func (d *TencentCLBDeployer) createSdkClients(secretId, secretKey, region string) (*tencentCLBDeployerSdkClients, error) {
 	credential := common.NewCredential(secretId, secretKey)
 
-	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	sslClient, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
 	if err != nil {
 		return nil, err
 	}

internal/deployer/tencent_cos.go

@@ -33,6 +33,7 @@ func NewTencentCOSDeployer(option *DeployerOption) (Deployer, error) {
 	client, err := (&TencentCOSDeployer{}).createSdkClient(
 		access.SecretId,
 		access.SecretKey,
+		option.DeployConfig.GetConfigAsString("region"),
 	)
 	if err != nil {
 		return nil, xerrors.Wrap(err, "failed to create sdk clients")
@@ -95,9 +96,9 @@ func (d *TencentCOSDeployer) Deploy(ctx context.Context) error {
 	return nil
 }
 
-func (d *TencentCOSDeployer) createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
+func (d *TencentCOSDeployer) createSdkClient(secretId, secretKey, region string) (*tcSsl.Client, error) {
 	credential := common.NewCredential(secretId, secretKey)
-	client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
 	if err != nil {
 		return nil, err
 	}

internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -89,6 +90,12 @@ func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyP
 	var certId, certName string
 	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
 
+	// 去除证书和私钥内容中的空白行，以符合阿里云 API 要求
+	// REF: https://github.com/usual2970/certimate/issues/326
+	re := regexp.MustCompile(`(?m)^\s*$\n?`)
+	certPem = strings.TrimSpace(re.ReplaceAllString(certPem, ""))
+	privkeyPem = strings.TrimSpace(re.ReplaceAllString(privkeyPem, ""))
+
 	// 上传新证书
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
 	uploadServerCertificateReq := &aliyunSlb.UploadServerCertificateRequest{

ui/src/components/certimate/DeployToTencentCLB.tsx

@@ -44,9 +44,7 @@ const DeployToTencentCLB = () => {
       }),
       loadbalancerId: z.string().min(1, t("domain.deployment.form.tencent_clb_loadbalancer_id.placeholder")),
       listenerId: z.string().optional(),
-      domain: z.string().regex(/^$|^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
+      domain: z.string().optional(),
-        message: t("common.errmsg.domain_invalid"),
-      }),
     })
     .refine(
       (data) => {
@@ -63,10 +61,20 @@ const DeployToTencentCLB = () => {
         path: ["listenerId"],
       }
     )
-    .refine((data) => (data.resourceType === "ruledomain" ? !!data.domain?.trim() : true), {
+    .refine(
-      message: t("domain.deployment.form.tencent_clb_ruledomain.placeholder"),
+      (data) => {
-      path: ["domain"],
+        switch (data.resourceType) {
-    });
+          case "ssl-deploy":
+          case "ruledomain":
+            return !!data.domain?.trim() && /^$|^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/.test(data.domain);
+        }
+        return true;
+      },
+      {
+        message: t("domain.deployment.form.tencent_clb_ruledomain.placeholder"),
+        path: ["domain"],
+      }
+    );
 
   useEffect(() => {
     const res = formSchema.safeParse(config.config);

ui/src/domain/version.ts

@@ -1 +1 @@
-export const version = "Certimate v0.2.18";
+export const version = "Certimate v0.2.19";