我有一个需求,就是让用户自己把自己的域名绑定我们的提供的AWS服务器。
AWS需要验证证书 上一篇文章中我用php的AcmClient中的requestCertificate方法申请到了证书。
$acmClient = new AcmClient([
'region' => 'us-east-1',
'version' => '2015-12-08',
'credentials'=>[
// 'id'=>"851725259723",
'key'=>"AKIA4MTWICPFTJEVQ25E",
"secret"=>"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"
]
]);
$subdomainName = "";
// 使用 mt_rand() 生成随机数
$randomNumber = mt_rand(1000, 99999);
$result = $acmClient->requestCertificate([
'DomainName' =>"$domainName",
'ValidationMethod' => 'DNS',
''
]);
$acm_certificate = $result->get("CertificateArn");
开始我以为返回的这个 arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6 就可以配置在域名解析上。当我填上去的时候发现报错了
原来要填的不是这个。
后来我在AWS的后台证书上发现,原来证书里有一个domain。通常我们如果是自己来绑定域名,到后台来复制过去,然后去到域名服务商那里填写信息解析域名就可以了。
但是我们的需求是,通过Api获取到CNAME等信息,通过接口返回给用户,让用户自己去绑定域名。
第一步通过Api接口 requestCertificate方法申请证书是成功了,但是requestCertificate的返回里没有我们要的CNAME信息。
通过查看文档,发现describeCertificate方法返回了我要的东西。ResourceRecord里面包含的就是。https://docs.aws.amazon.com/zh_cn/acm/latest/APIReference/API_DescribeCertificate.html
于是我写好了调用方法:
// echo $acm_certificate;
$certificate_detail = $acmClient->describeCertificate(
[
"CertificateArn"=> $acm_certificate
],
);
返回值是这样的:
Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.
{
"Certificate": {
"CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6",
"DomainName": "sdafsdfsd.com",
"SubjectAlternativeNames": [
"sdafsdfsd.com"
],
"DomainValidationOptions": [
{
"DomainName": "sdafsdfsd.com",
"ValidationDomain": "sdafsdfsd.com",
"ValidationStatus": "PENDING_VALIDATION",
"ValidationMethod": "DNS"
}
],
"Subject": "CN=sdafsdfsd.com",
"Issuer": "Amazon",
"CreatedAt": "2024-11-13T06:26:15+00:00",
"Status": "PENDING_VALIDATION",
"KeyAlgorithm": "RSA-2048",
"SignatureAlgorithm": "SHA256WITHRSA",
"InUseBy": [],
"Type": "AMAZON_ISSUED",
"KeyUsages": [],
"ExtendedKeyUsages": [],
"RenewalEligibility": "INELIGIBLE",
"Options": {
"CertificateTransparencyLoggingPreference": "DISABLED"
}
},
"@metadata": {
"statusCode": 200,
"effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com",
"headers": {
"x-amzn-requestid": "dc2eafd9-f2d0-4ec5-b712-3f863878b1ab",
"content-type": "application\/x-amz-json-1.1",
"content-length": "695",
"date": "Wed, 13 Nov 2024 06:26:17 GMT",
"connection": "close"
},
"transferStats": {
"http": [
[]
]
}
}
}
文档上明明说会返回这个值,但我实际结果里面没有。怎么办?我到处搜索,找客服还要花钱。没办法,继续折腾。偶然一次,发现去掉"IdempotencyToken",这个动态随机参数时,我重复点击请求我写的接口(里面包含有requestCertificate和describeCertificate这两个操作),突然有一次返回的结果里面有ResourceRecord。
Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.
{
"Certificate": {
"CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/36323e6b-44b0-4319-a89c-554f83b4903d",
"DomainName": "dddddddseeddeessssssseee.com",
"SubjectAlternativeNames": [
"dddddddseeddeessssssseee.com"
],
"DomainValidationOptions": [
{
"DomainName": "dddddddseeddeessssssseee.com",
"ValidationDomain": "dddddddseeddeessssssseee.com",
"ValidationStatus": "PENDING_VALIDATION",
"ResourceRecord": {
"Name": "_aed5251d9f13549ea764739a398b8031.dddddddseeddeessssssseee.com.",
"Type": "CNAME",
"Value": "_3f3f8c3ebb4c32f510b21bbee66da88e.djqtsrsxkq.acm-validations.aws."
},
"ValidationMethod": "DNS"
}
],
"Subject": "CN=dddddddseeddeessssssseee.com",
"Issuer": "Amazon",
"CreatedAt": "2024-11-13T09:02:12+00:00",
"Status": "PENDING_VALIDATION",
"KeyAlgorithm": "RSA-2048",
"SignatureAlgorithm": "SHA256WITHRSA",
"InUseBy": [],
"Type": "AMAZON_ISSUED",
"KeyUsages": [],
"ExtendedKeyUsages": [],
"RenewalEligibility": "INELIGIBLE",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED"
}
},
"@metadata": {
"statusCode": 200,
"effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com",
"headers": {
"x-amzn-requestid": "8ba40475-79b0-4a0a-adda-c8a32d9357e4",
"content-type": "application\/x-amz-json-1.1",
"content-length": "952",
"date": "Wed, 13 Nov 2024 09:18:55 GMT",
"connection": "close"
},
"transferStats": {
"http": [
[]
]
}
}
}
sss{}
到此我恍然大悟,原来是ResourceRecord要返回的时候还没拿到,需要多次请求。直接返回值里有ResourceRecord为止。