feat: preferred chain

2026-06-22 21:05:48 +08:00 · 2025-11-06 14:23:58 +08:00 · 2025-11-06 14:23:58 +08:00 · 47b5f4345f
commit 47b5f4345f
parent 380cdd7eee
5 changed files with 29 additions and 6 deletions
--- a/internal/certapply/client_certifier.go
+++ b/internal/certapply/client_certifier.go
@ -47,7 +47,8 @@ type ObtainCertificateRequest struct {
 	HttpDelayWait int32

 	// ACME 相关
-	ACMEProfile string
+	PreferredChain string
+	ACMEProfile    string

 	// ARI 相关
 	ARIReplacesAcctUrl string
@ -166,6 +167,7 @@ func (c *ACMEClient) sendObtainCertificateRequest(request *ObtainCertificateRequ
 		Domains:        request.Domains,
 		PrivateKey:     privkey,
 		Bundle:         true,
+		PreferredChain: request.PreferredChain,
 		Profile:        request.ACMEProfile,
 		NotAfter:       request.ValidityTo,
 		ReplacesCertID: lo.If(request.ARIReplacesAcctUrl == c.account.ACMEAcctUrl, request.ARIReplacesCertId).Else(""),
--- a/internal/domain/workflow.go
+++ b/internal/domain/workflow.go
@ -153,6 +153,7 @@ func (c WorkflowNodeConfig) AsBizApply() WorkflowNodeConfigForBizApply {
 		CAProviderAccessId:    xmaps.GetString(c, "caProviderAccessId"),
 		CAProviderConfig:      xmaps.GetKVMapAny(c, "caProviderConfig"),
 		ValidityLifetime:      xmaps.GetString(c, "validityLifetime"),
+		PreferredChain:        xmaps.GetString(c, "preferredChain"),
 		ACMEProfile:           xmaps.GetString(c, "acmeProfile"),
 		Nameservers:           nameservers,
 		DnsPropagationWait:    xmaps.GetInt32(c, "dnsPropagationWait"),
@ -226,6 +227,7 @@ type WorkflowNodeConfigForBizApply struct {
 	KeyAlgorithm          string         `json:"keyAlgorithm,omitempty"`          // 私钥算法
 	KeyContent            string         `json:"keyContent,omitempty"`            // 私钥内容
 	ValidityLifetime      string         `json:"validityLifetime,omitempty"`      // 有效期，形如 "30d"、"6h"
+	PreferredChain        string         `json:"preferredChain,omitempty"`        // 首选证书链
 	ACMEProfile           string         `json:"acmeProfile,omitempty"`           // ACME Profiles Extension
 	Nameservers           []string       `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
 	DnsPropagationWait    int32          `json:"dnsPropagationWait,omitempty"`    // DNS 传播等待时间，等同于 lego 的 `--dns-propagation-wait` 参数
--- a/ui/src/components/workflow/designer/forms/BizApplyNodeConfigForm.tsx
+++ b/ui/src/components/workflow/designer/forms/BizApplyNodeConfigForm.tsx
@ -518,6 +518,16 @@ const BizApplyNodeConfigForm = ({ node, ...props }: BizApplyNodeConfigFormProps)
            <InternalValidityLifetimeInput placeholder={t("workflow_node.apply.form.validity_lifetime.placeholder")} />
          </Form.Item>

+          <Form.Item
+            name="preferredChain"
+            label={t("workflow_node.apply.form.preferred_chain.label")}
+            extra={t("workflow_node.apply.form.preferred_chain.help")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.apply.form.preferred_chain.tooltip") }}></span>}
+          >
+            <Input allowClear placeholder={t("workflow_node.apply.form.preferred_chain.placeholder")} />
+          </Form.Item>
+
          <Form.Item
            name="acmeProfile"
            label={t("workflow_node.apply.form.acme_profile.label")}
@ -884,6 +894,7 @@ const getSchema = ({ i18n = getI18n() }: { i18n?: ReturnType<typeof getI18n> })
          if (!v) return true;
          return /^\d+[d|h]$/.test(v) && parseInt(v) > 0;
        }, t("workflow_node.apply.form.validity_lifetime.placeholder")),
+      preferredChain: z.string().nullish(),
      acmeProfile: z.string().nullish(),
      disableFollowCNAME: z.boolean().nullish(),
      disableARI: z.boolean().nullish(),
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@ -102,8 +102,12 @@
  "workflow_node.apply.form.validity_lifetime.tooltip": "It determines the <em>NotAfter</em> field of the certificate in the ACME protocol. If you don't understand this option, just keep it by default.",
  "workflow_node.apply.form.validity_lifetime.units.h": "hours",
  "workflow_node.apply.form.validity_lifetime.units.d": "days",
-  "workflow_node.apply.form.acme_profile.label": "Certificate ACME profile (Optional)",
-  "workflow_node.apply.form.acme_profile.placeholder": "Please enter certificate's ACME profile",
+  "workflow_node.apply.form.preferred_chain.label": "Preferred chain (Optional)",
+  "workflow_node.apply.form.preferred_chain.placeholder": "Please enter preferred chain",
+  "workflow_node.apply.form.preferred_chain.help": "Notes: Not all CAs support this feature.",
+  "workflow_node.apply.form.preferred_chain.tooltip": "It determines the <em>PreferredChain</em> field of the certificate in the ACME protocol. If you don't understand this option, just keep it by default. <br><a href=\"https://letsencrypt.org/certificates/\" target=\"_blank\">Click here to learn more</a>.",
+  "workflow_node.apply.form.acme_profile.label": "ACME profile (Optional)",
+  "workflow_node.apply.form.acme_profile.placeholder": "Please enter ACME profile",
  "workflow_node.apply.form.acme_profile.help": "Notes: Not all CAs support this feature.",
  "workflow_node.apply.form.acme_profile.tooltip": "It determines the <em>Profile</em> field of the certificate in the ACME protocol. If you don't understand this option, just keep it by default. <br><a href=\"https://letsencrypt.org/docs/profiles/\" target=\"_blank\">Click here to learn more</a>.",
  "workflow_node.apply.form.nameservers.label": "DNS recursive nameservers (Optional)",
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@ -101,10 +101,14 @@
  "workflow_node.apply.form.validity_lifetime.tooltip": "表示证书的有效期。如果你不了解该选项的用途，保持默认即可。",
  "workflow_node.apply.form.validity_lifetime.units.h": "小时",
  "workflow_node.apply.form.validity_lifetime.units.d": "天",
-  "workflow_node.apply.form.acme_profile.label": "证书 ACME 配置（可选）",
-  "workflow_node.apply.form.acme_profile.placeholder": "请输入证书的 ACME 配置",
+  "workflow_node.apply.form.preferred_chain.label": "首选证书链（可选）",
+  "workflow_node.apply.form.preferred_chain.placeholder": "请输入首选证书链",
+  "workflow_node.apply.form.preferred_chain.help": "注意：并非所有证书颁发机构都支持此特性。",
+  "workflow_node.apply.form.preferred_chain.tooltip": "表示证书颁发时使用的首选证书链。如果你不了解该选项的用途，保持默认即可。<br><a href=\"https://letsencrypt.org/zh-cn/certificates/\" target=\"_blank\">点此了解更多</a>。",
+  "workflow_node.apply.form.acme_profile.label": "ACME 配置文件（可选）",
+  "workflow_node.apply.form.acme_profile.placeholder": "请输入 ACME 配置文件",
  "workflow_node.apply.form.acme_profile.help": "注意：并非所有证书颁发机构都支持此特性。",
-  "workflow_node.apply.form.acme_profile.tooltip": "表示证书颁发时使用的 ACME 证书配置。如果你不了解该选项的用途，保持默认即可。<br><a href=\"https://letsencrypt.org/zh-cn/docs/profiles/\" target=\"_blank\">点此了解更多</a>。",
+  "workflow_node.apply.form.acme_profile.tooltip": "表示证书颁发时使用的 ACME 证书配置文件。如果你不了解该选项的用途，保持默认即可。<br><a href=\"https://letsencrypt.org/zh-cn/docs/profiles/\" target=\"_blank\">点此了解更多</a>。",
  "workflow_node.apply.form.nameservers.label": "DNS 递归服务器（可选）",
  "workflow_node.apply.form.nameservers.placeholder": "请输入 DNS 递归服务器（多个值请用半角分号隔开）",
  "workflow_node.apply.form.nameservers.tooltip": "表示在 ACME DNS-01 质询时使用自定义的 DNS 递归服务器。如果你不了解该选项的用途，保持默认即可。<br><a href=\"https://go-acme.github.io/lego/usage/cli/options/index.html#dns-resolvers-and-challenge-verification\" target=\"_blank\">点此了解更多</a>。",