当前位置：首页 > news >正文

aws中AcmClient.describeCertificate返回值中没有ResourceRecord

news 2025/7/17 1:55:34

我有一个需求，就是让用户自己把自己的域名绑定我们的提供的AWS服务器。

AWS需要验证证书上一篇文章中我用php的AcmClient中的requestCertificate方法申请到了证书。

   $acmClient = new AcmClient(['region' => 'us-east-1','version' => '2015-12-08','credentials'=>[// 'id'=>"851725259723",'key'=>"AKIA4MTWICPFTJEVQ25E","secret"=>"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"]]);$subdomainName = "";// 使用 mt_rand() 生成随机数$randomNumber = mt_rand(1000, 99999);$result = $acmClient->requestCertificate(['DomainName' =>"$domainName",  'ValidationMethod' => 'DNS','']);$acm_certificate = $result->get("CertificateArn");

开始我以为返回的这个 arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6 就可以配置在域名解析上。当我填上去的时候发现报错了

原来要填的不是这个。

后来我在AWS的后台证书上发现，原来证书里有一个domain。通常我们如果是自己来绑定域名，到后台来复制过去，然后去到域名服务商那里填写信息解析域名就可以了。

但是我们的需求是，通过Api获取到CNAME等信息，通过接口返回给用户，让用户自己去绑定域名。

第一步通过Api接口 requestCertificate方法申请证书是成功了，但是requestCertificate的返回里没有我们要的CNAME信息。

通过查看文档，发现describeCertificate方法返回了我要的东西。ResourceRecord里面包含的就是。https://docs.aws.amazon.com/zh_cn/acm/latest/APIReference/API_DescribeCertificate.html

于是我写好了调用方法：

       // echo $acm_certificate;$certificate_detail = $acmClient->describeCertificate(["CertificateArn"=> $acm_certificate],);

返回值是这样的：

Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.{"Certificate": {"CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6","DomainName": "sdafsdfsd.com","SubjectAlternativeNames": ["sdafsdfsd.com"],"DomainValidationOptions": [{"DomainName": "sdafsdfsd.com","ValidationDomain": "sdafsdfsd.com","ValidationStatus": "PENDING_VALIDATION","ValidationMethod": "DNS"}],"Subject": "CN=sdafsdfsd.com","Issuer": "Amazon","CreatedAt": "2024-11-13T06:26:15+00:00","Status": "PENDING_VALIDATION","KeyAlgorithm": "RSA-2048","SignatureAlgorithm": "SHA256WITHRSA","InUseBy": [],"Type": "AMAZON_ISSUED","KeyUsages": [],"ExtendedKeyUsages": [],"RenewalEligibility": "INELIGIBLE","Options": {"CertificateTransparencyLoggingPreference": "DISABLED"}},"@metadata": {"statusCode": 200,"effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com","headers": {"x-amzn-requestid": "dc2eafd9-f2d0-4ec5-b712-3f863878b1ab","content-type": "application\/x-amz-json-1.1","content-length": "695","date": "Wed, 13 Nov 2024 06:26:17 GMT","connection": "close"},"transferStats": {"http": [[]]}}
}

文档上明明说会返回这个值，但我实际结果里面没有。怎么办？我到处搜索，找客服还要花钱。没办法，继续折腾。偶然一次，发现去掉"IdempotencyToken"，这个动态随机参数时，我重复点击请求我写的接口（里面包含有requestCertificate和describeCertificate这两个操作），突然有一次返回的结果里面有ResourceRecord。

Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.{"Certificate": {"CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/36323e6b-44b0-4319-a89c-554f83b4903d","DomainName": "dddddddseeddeessssssseee.com","SubjectAlternativeNames": ["dddddddseeddeessssssseee.com"],"DomainValidationOptions": [{"DomainName": "dddddddseeddeessssssseee.com","ValidationDomain": "dddddddseeddeessssssseee.com","ValidationStatus": "PENDING_VALIDATION","ResourceRecord": {"Name": "_aed5251d9f13549ea764739a398b8031.dddddddseeddeessssssseee.com.","Type": "CNAME","Value": "_3f3f8c3ebb4c32f510b21bbee66da88e.djqtsrsxkq.acm-validations.aws."},"ValidationMethod": "DNS"}],"Subject": "CN=dddddddseeddeessssssseee.com","Issuer": "Amazon","CreatedAt": "2024-11-13T09:02:12+00:00","Status": "PENDING_VALIDATION","KeyAlgorithm": "RSA-2048","SignatureAlgorithm": "SHA256WITHRSA","InUseBy": [],"Type": "AMAZON_ISSUED","KeyUsages": [],"ExtendedKeyUsages": [],"RenewalEligibility": "INELIGIBLE","Options": {"CertificateTransparencyLoggingPreference": "ENABLED"}},"@metadata": {"statusCode": 200,"effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com","headers": {"x-amzn-requestid": "8ba40475-79b0-4a0a-adda-c8a32d9357e4","content-type": "application\/x-amz-json-1.1","content-length": "952","date": "Wed, 13 Nov 2024 09:18:55 GMT","connection": "close"},"transferStats": {"http": [[]]}}
}
sss{}

到此我恍然大悟，原来是ResourceRecord要返回的时候还没拿到，需要多次请求。直接返回值里有ResourceRecord为止。

查看全文

http://www.lryc.cn/news/483539.html