feat: 证书添加超时

internal/data/cert.go

@@ -205,7 +205,9 @@ func (r *certRepo) ObtainAuto(id uint) (*acme.Certificate, error) {
 		}
 	}
 
-	ssl, err := client.ObtainCertificate(context.Background(), cert.Domains, acme.KeyType(cert.Type))
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+	defer cancel()
+	ssl, err := client.ObtainCertificate(ctx, cert.Domains, acme.KeyType(cert.Type))
 	if err != nil {
 		return nil, err
 	}
@@ -276,7 +278,9 @@ func (r *certRepo) ObtainPanel(account *biz.CertAccount, ips []string) ([]byte,
 	}
 	client.UsePanel(ips, confPath, webServer)
 
-	ssl, err := client.ObtainIPCertificate(context.Background(), ips, acme.KeyEC256)
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+	defer cancel()
+	ssl, err := client.ObtainIPCertificate(ctx, ips, acme.KeyEC256)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -290,7 +294,7 @@ func (r *certRepo) ObtainSelfSigned(id uint) error {
 		return err
 	}
 
-	crt, key, err := pkgcert.GenerateSelfSignedRSA(cert.Domains)
+	crt, key, err := pkgcert.GenerateSelfSigned(cert.Domains)
 	if err != nil {
 		return err
 	}
@@ -345,10 +349,12 @@ func (r *certRepo) Renew(id uint) (*acme.Certificate, error) {
 		}
 	}
 
-	ssl, err := client.RenewCertificate(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type))
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+	defer cancel()
+	ssl, err := client.RenewCertificate(ctx, cert.CertURL, cert.Domains, acme.KeyType(cert.Type))
 	if err != nil {
 		// 续签失败，尝试重签
-		ssl, err = client.ObtainCertificate(context.Background(), cert.Domains, acme.KeyType(cert.Type))
+		ssl, err = client.ObtainCertificate(ctx, cert.Domains, acme.KeyType(cert.Type))
 		if err != nil {
 			return nil, err
 		}
@@ -384,7 +390,9 @@ func (r *certRepo) RefreshRenewalInfo(id uint) (mholtacme.RenewalInfo, error) {
 		return mholtacme.RenewalInfo{}, err
 	}
 
-	renewInfo, err := client.GetRenewalInfo(context.Background(), crt)
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+	renewInfo, err := client.GetRenewalInfo(ctx, crt)
 	if err != nil {
 		return mholtacme.RenewalInfo{}, err
 	}
@@ -409,7 +417,9 @@ func (r *certRepo) ManualDNS(id uint) ([]acme.DNSRecord, error) {
 	}
 
 	client.UseManualDns()
-	records, err := client.GetDNSRecords(context.Background(), cert.Domains, acme.KeyType(cert.Type))
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+	records, err := client.GetDNSRecords(ctx, cert.Domains, acme.KeyType(cert.Type))
 	if err != nil {
 		return nil, err
 	}

internal/job/cert_renew.go

@@ -67,7 +67,7 @@ func (r *CertRenew) Run() {
 		// 到达建议时间，续签证书
 		if time.Now().After(cert.RenewalInfo.SelectedTime) {
 			if _, err := r.certRepo.Renew(cert.ID); err != nil {
-				r.log.Warn("failed to renew cert", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
+				r.log.Warn("failed to renew certificate", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
 			}
 		}
 	}
@@ -76,7 +76,7 @@ func (r *CertRenew) Run() {
 	if r.conf.HTTP.ACME {
 		decode, err := pkgcert.ParseCert(filepath.Join(app.Root, "panel/storage/cert.pem"))
 		if err != nil {
-			r.log.Warn("failed to parse panel cert", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
+			r.log.Warn("failed to parse panel certificate", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
 			return
 		}
 		// 结束时间大于 2 天不续签
@@ -107,7 +107,7 @@ func (r *CertRenew) Run() {
 		}
 		crt, key, err := r.certRepo.ObtainPanel(account, ips)
 		if err != nil {
-			r.log.Warn("failed to obtain ACME cert", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
+			r.log.Warn("failed to obtain panel certificate via ACME", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
 			return
 		}
 
@@ -115,11 +115,11 @@ func (r *CertRenew) Run() {
 			Cert: string(crt),
 			Key:  string(key),
 		}); err != nil {
-			r.log.Warn("failed to update panel cert", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
+			r.log.Warn("failed to update panel certificate", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err))
 			return
 		}
 
-		r.log.Info("panel cert renewed successfully", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0))
+		r.log.Info("panel certificate renewed successfully", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0))
 		tools.RestartPanel()
 	}
 

internal/service/cli.go

@@ -384,14 +384,14 @@ func (s *CliService) HTTPSGenerate(ctx context.Context, cmd *cli.Command) error
 		}
 		crt, key, err = s.certRepo.ObtainPanel(account, ips)
 		if err == nil {
-			fmt.Println(s.t.Get("Successfully obtained SSL certificate via ACME"))
+			fmt.Println(s.t.Get("Successfully obtained panel certificate via ACME"))
 		} else {
-			fmt.Println(s.t.Get("Failed to obtain ACME certificate, using self-signed certificate"))
+			fmt.Println(s.t.Get("Failed to obtain panel certificate via ACME, using self-signed certificate"))
 		}
 	}
 
 	if crt == nil || key == nil {
-		crt, key, err = cert.GenerateSelfSignedRSA(names)
+		crt, key, err = cert.GenerateSelfSigned(names)
 		if err != nil {
 			return err
 		}