fix: 优化手动dns签发

2026-02-04 03:07:20 +08:00 · 2025-06-17 09:06:05 +08:00
parent fb95ff2861
commit c492639897
3 changed files with 21 additions and 17 deletions
--- a/internal/data/cert.go
+++ b/internal/data/cert.go
@@ -326,7 +326,7 @@ func (r *certRepo) ManualDNS(id uint) ([]acme.DNSRecord, error) {
 		return nil, err
 	}

-	client.UseManualDns(len(cert.Domains))
+	client.UseManualDns()
 	records, err := client.GetDNSRecords(context.Background(), cert.Domains, acme.KeyType(cert.Type))
 	if err != nil {
 		return nil, err
--- a/pkg/acme/client.go
+++ b/pkg/acme/client.go
@@ -35,14 +35,16 @@ func (c *Client) UseDns(dnsType DnsType, param DNSParam) {
 }

 // UseManualDns 使用手动 DNS 验证
-func (c *Client) UseManualDns(total int, check ...bool) {
+func (c *Client) UseManualDns(check ...bool) {
 	c.controlChan = make(chan struct{})
-	c.dataChan = make(chan any)
+	c.dnsChan = make(chan any)
+	c.certChan = make(chan any)
 	c.zClient.ChallengeSolvers = map[string]acmez.Solver{
 		acme.ChallengeTypeDNS01: &manualDNSSolver{
 			check:       len(check) > 0 && check[0],
 			controlChan: c.controlChan,
-			dataChan:    c.dataChan,
+			dnsChan:     c.dnsChan,
+			certChan:    c.certChan,
 			records:     []DNSRecord{},
 		},
 	}
@@ -84,13 +86,13 @@ func (c *Client) ObtainCertificateManual() (Certificate, error) {
 	// 发送信号，开始验证
 	c.controlChan <- struct{}{}
 	// 等待验证完成
-	data := <-c.dataChan
+	certs := <-c.certChan

-	if err, ok := data.(error); ok {
+	if err, ok := certs.(error); ok {
 		return Certificate{}, err
 	}

-	return data.(Certificate), nil
+	return certs.(Certificate), nil
 }

 // RenewCertificate 续签 SSL 证书
@@ -107,22 +109,22 @@ func (c *Client) RenewCertificate(ctx context.Context, certUrl string, domains [
 func (c *Client) GetDNSRecords(ctx context.Context, domains []string, keyType KeyType) ([]DNSRecord, error) {
 	go func(ctx context.Context, domains []string, keyType KeyType) {
 		certs, err := c.ObtainCertificate(ctx, domains, keyType)
-		// 将证书和错误信息发送到 dataChan
+		// 将证书和错误信息发送到 certChan
 		if err != nil {
-			c.dataChan <- err
+			c.certChan <- err
 			return
 		}
-		c.dataChan <- certs
+		c.certChan <- certs
 	}(ctx, domains, keyType)

-	// 这里要少一次循环，因为需要卡住最后一次的 dataChan，等待手动 DNS 验证完成
+	// 这里要少一次循环，因为需要卡住最后一次的 dnsChan，等待手动 DNS 验证完成
 	for i := 1; i < len(domains); i++ {
-		<-c.dataChan
+		<-c.dnsChan
 		c.controlChan <- struct{}{}
 	}

 	// 因为上面少了一次循环，所以这里接收到的即为完整的 DNS 记录切片
-	data := <-c.dataChan
+	data := <-c.dnsChan
 	if err, ok := data.(error); ok {
 		return nil, err
 	}
--- a/pkg/acme/solvers.go
+++ b/pkg/acme/solvers.go
@@ -267,9 +267,10 @@ type DNSProvider interface {
 }

 type manualDNSSolver struct {
-	check       bool
+	check       bool // 是否检查 DNS 解析，目前没写
 	controlChan chan struct{}
-	dataChan    chan any
+	dnsChan     chan any
+	certChan    chan any
 	records     []DNSRecord
 }

@@ -286,7 +287,7 @@ func (s *manualDNSSolver) Present(ctx context.Context, challenge acme.Challenge)
 		Domain: domain,
 		Value:  keyAuth,
 	})
-	s.dataChan <- s.records
+	s.dnsChan <- s.records

 	select {
 	case <-s.controlChan:
@@ -301,7 +302,8 @@ func (s *manualDNSSolver) CleanUp(_ context.Context, _ acme.Challenge) error {
 		_ = recover()
 	}()
 	close(s.controlChan)
-	close(s.dataChan)
+	close(s.dnsChan)
+	close(s.certChan)
 	return nil
 }