feat: 移除面板证书续签并将证书有效期固定为10年

internal/job/cert_renew.go

@@ -2,7 +2,6 @@ package job
 
 import (
 	"log/slog"
-	"path/filepath"
 	"time"
 
 	"gorm.io/gorm"
@@ -10,8 +9,6 @@ import (
 	"github.com/tnb-labs/panel/internal/app"
 	"github.com/tnb-labs/panel/internal/biz"
 	pkgcert "github.com/tnb-labs/panel/pkg/cert"
-	"github.com/tnb-labs/panel/pkg/io"
-	"github.com/tnb-labs/panel/pkg/shell"
 )
 
 // CertRenew 证书续签
@@ -60,19 +57,4 @@ func (r *CertRenew) Run() {
 			r.log.Warn("[Cert Renew] failed to renew cert", slog.Any("err", err))
 		}
 	}
-
-	// 续签面板证书
-	panelCert, err := io.Read(filepath.Join(app.Root, "panel/storage/cert.pem"))
-	if err != nil {
-		r.log.Warn("[Cert Renew] failed to read panel cert", slog.Any("err", err))
-		return
-	}
-	decode, err := pkgcert.ParseCert(panelCert)
-	if err != nil {
-		r.log.Warn("[Cert Renew] failed to parse panel cert", slog.Any("err", err))
-		return
-	}
-	if time.Until(decode.NotAfter) < 24*7*time.Hour {
-		_, _ = shell.Exec("panel-cli https generate")
-	}
 }

pkg/cert/cert.go

@@ -141,7 +141,7 @@ func GenerateSelfSigned(names []string) (cert []byte, key []byte, err error) {
 		SerialNumber:          big.NewInt(2),
 		Subject:               pkix.Name{CommonName: "Rat Panel CA"},
 		NotBefore:             time.Now(),
-		NotAfter:              time.Now().AddDate(3, 0, 0),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
@@ -167,7 +167,7 @@ func GenerateSelfSigned(names []string) (cert []byte, key []byte, err error) {
 		SerialNumber: big.NewInt(3),
 		Subject:      pkix.Name{CommonName: "Rat Panel"},
 		NotBefore:    time.Now(),
-		NotAfter:     time.Now().AddDate(1, 0, 0),
+		NotAfter:     time.Now().AddDate(10, 0, 0),
 		KeyUsage:     x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 	}