我有一个需求，就是让用户自己把自己的域名绑定我们的提供的AWS服务器。

AWS需要验证证书 上一篇文章中我用php的AcmClient中的requestCertificate方法申请到了证书。

   $acmClient = new AcmClient([
            'region' => 'us-east-1',
            'version' => '2015-12-08',
            'credentials'=>[
                // 'id'=>"851725259723",
                'key'=>"AKIA4MTWICPFTJEVQ25E",
                "secret"=>"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"
            ]
            
        ]);
        

        $subdomainName = "";

        // 使用 mt_rand() 生成随机数
        $randomNumber = mt_rand(1000, 99999);
 
        $result = $acmClient->requestCertificate([
            'DomainName' =>"$domainName",  
     
            'ValidationMethod' => 'DNS',
            ''
        ]);

        $acm_certificate = $result->get("CertificateArn");

开始我以为返回的这个 arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6 就可以配置在域名解析上。当我填上去的时候发现报错了

原来要填的不是这个。

后来我在AWS的后台证书上发现，原来证书里有一个domain。通常我们如果是自己来绑定域名，到后台来复制过去，然后去到域名服务商那里填写信息解析域名就可以了。

但是我们的需求是，通过Api获取到CNAME等信息，通过接口返回给用户，让用户自己去绑定域名。

第一步通过Api接口 requestCertificate方法申请证书是成功了，但是requestCertificate的返回里没有我们要的CNAME信息。

通过查看文档，发现describeCertificate方法返回了我要的东西。ResourceRecord里面包含的就是。https://docs.aws.amazon.com/zh_cn/acm/latest/APIReference/API_DescribeCertificate.html

于是我写好了调用方法：

       // echo $acm_certificate;
            $certificate_detail = $acmClient->describeCertificate(
                [
                    "CertificateArn"=> $acm_certificate
                ],
            );

返回值是这样的：

Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.

{
    "Certificate": {
        "CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/b59ed66e-edce-40da-8ed7-2f69f535ccc6",
        "DomainName": "sdafsdfsd.com",
        "SubjectAlternativeNames": [
            "sdafsdfsd.com"
        ],
        "DomainValidationOptions": [
            {
                "DomainName": "sdafsdfsd.com",
                "ValidationDomain": "sdafsdfsd.com",
                "ValidationStatus": "PENDING_VALIDATION",
                "ValidationMethod": "DNS"
            }
        ],
        "Subject": "CN=sdafsdfsd.com",
        "Issuer": "Amazon",
        "CreatedAt": "2024-11-13T06:26:15+00:00",
        "Status": "PENDING_VALIDATION",
        "KeyAlgorithm": "RSA-2048",
        "SignatureAlgorithm": "SHA256WITHRSA",
        "InUseBy": [],
        "Type": "AMAZON_ISSUED",
        "KeyUsages": [],
        "ExtendedKeyUsages": [],
        "RenewalEligibility": "INELIGIBLE",
        "Options": {
            "CertificateTransparencyLoggingPreference": "DISABLED"
        }
    },
    "@metadata": {
        "statusCode": 200,
        "effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com",
        "headers": {
            "x-amzn-requestid": "dc2eafd9-f2d0-4ec5-b712-3f863878b1ab",
            "content-type": "application\/x-amz-json-1.1",
            "content-length": "695",
            "date": "Wed, 13 Nov 2024 06:26:17 GMT",
            "connection": "close"
        },
        "transferStats": {
            "http": [
                []
            ]
        }
    }
}

文档上明明说会返回这个值，但我实际结果里面没有。怎么办？我到处搜索，找客服还要花钱。没办法，继续折腾。偶然一次，发现去掉"IdempotencyToken"，这个动态随机参数时，我重复点击请求我写的接口（里面包含有requestCertificate和describeCertificate这两个操作），突然有一次返回的结果里面有ResourceRecord。

Model Data
----------
Data can be retrieved from the model object using the get() method of the
model (e.g., `$result->get($key)`) or "accessing the result like an
associative array (e.g. `$result['key']`). You can also execute JMESPath
expressions on the result data using the search() method.

{
    "Certificate": {
        "CertificateArn": "arn:aws:acm:us-east-1:851725259723:certificate\/36323e6b-44b0-4319-a89c-554f83b4903d",
        "DomainName": "dddddddseeddeessssssseee.com",
        "SubjectAlternativeNames": [
            "dddddddseeddeessssssseee.com"
        ],
        "DomainValidationOptions": [
            {
                "DomainName": "dddddddseeddeessssssseee.com",
                "ValidationDomain": "dddddddseeddeessssssseee.com",
                "ValidationStatus": "PENDING_VALIDATION",
                "ResourceRecord": {
                    "Name": "_aed5251d9f13549ea764739a398b8031.dddddddseeddeessssssseee.com.",
                    "Type": "CNAME",
                    "Value": "_3f3f8c3ebb4c32f510b21bbee66da88e.djqtsrsxkq.acm-validations.aws."
                },
                "ValidationMethod": "DNS"
            }
        ],
        "Subject": "CN=dddddddseeddeessssssseee.com",
        "Issuer": "Amazon",
        "CreatedAt": "2024-11-13T09:02:12+00:00",
        "Status": "PENDING_VALIDATION",
        "KeyAlgorithm": "RSA-2048",
        "SignatureAlgorithm": "SHA256WITHRSA",
        "InUseBy": [],
        "Type": "AMAZON_ISSUED",
        "KeyUsages": [],
        "ExtendedKeyUsages": [],
        "RenewalEligibility": "INELIGIBLE",
        "Options": {
            "CertificateTransparencyLoggingPreference": "ENABLED"
        }
    },
    "@metadata": {
        "statusCode": 200,
        "effectiveUri": "https:\/\/acm.us-east-1.amazonaws.com",
        "headers": {
            "x-amzn-requestid": "8ba40475-79b0-4a0a-adda-c8a32d9357e4",
            "content-type": "application\/x-amz-json-1.1",
            "content-length": "952",
            "date": "Wed, 13 Nov 2024 09:18:55 GMT",
            "connection": "close"
        },
        "transferStats": {
            "http": [
                []
            ]
        }
    }
}
sss{}

到此我恍然大悟，原来是ResourceRecord要返回的时候还没拿到，需要多次请求。直接返回值里有ResourceRecord为止。