From b6e634f1aeef8dbb0285a347252a976a177d8f9e Mon Sep 17 00:00:00 2001
From: eryajf <eryajf@163.com>
Date: Fri, 22 Nov 2024 10:38:58 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=B0=83=E6=95=B4=E8=AF=81=E4=B9=A6?=
 =?UTF-8?q?=E5=8C=B9=E9=85=8D=E7=9A=84=E5=88=A4=E6=96=AD=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pkg/export/record_cert.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/pkg/export/record_cert.go b/pkg/export/record_cert.go
index 4b841d1..c8aa9ec 100644
--- a/pkg/export/record_cert.go
+++ b/pkg/export/record_cert.go
@@ -3,6 +3,7 @@ package export
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"net"
 	"strings"
@@ -93,7 +94,7 @@ func GetCertInfo(record provider.GetRecordCertReq) (certInfo provider.RecordCert
 	cert := certs[0]
 	certInfo.SubjectCommonName = cert.Subject.CommonName
 	certInfo.IssuerCommonName = cert.Issuer.CommonName
-	if strings.Contains(certInfo.SubjectCommonName, record.DomainName) || strings.Contains(certInfo.IssuerCommonName, record.DomainName) {
+	if strings.Contains(certInfo.SubjectCommonName, record.DomainName) || checkCertMatched(record, cert) {
 		certInfo.CertMatched = true
 	} else {
 		certInfo.CertMatched = false
@@ -160,3 +161,14 @@ func isPortOpen(domain string) bool {
 	defer conn.Close()
 	return true
 }
+
+// checkCertMatched 检查证书是否匹配
+// https://github.com/opsre/cloud_dns_exporter/issues/25
+func checkCertMatched(record provider.GetRecordCertReq, cert *x509.Certificate) bool {
+	for _, name := range cert.DNSNames {
+		if strings.Contains(name, record.DomainName) {
+			return true
+		}
+	}
+	return false
+}