Tired of manually renewing your SSL certificates every 90 days?
Cloud providers have reduced the validity of their free SSL certs from 1 year to just 3 months. While SafeLine WAF supports Let's Encrypt out of the box, it lacks automatic renewal. That’s where this automation tool comes in—saving you time and reducing downtime.
🔧 What This Tool Does
This Go-based utility automatically renews your SafeLine SSL certificates using Let's Encrypt’s DNS-01 challenge. It supports several major DNS providers out of the box:
- Tencent Cloud
- Aliyun (Alibaba Cloud)
- Huawei Cloud
- West.cn
- Rainyun
Don’t see your DNS provider? Leave a comment on the GitHub repo—the author is open to adding more.
GitHub: https://github.com/Wink541/SafelineAPI
Mirror (Gitea): https://gitea.doicat.com/duoduo/SafelineAPI
🚀 Getting Started
1. Clone the Repo
git clone https://github.com/Wink541/SafelineAPI
cd SafelineAPI
2. Build the Binary
go build -o safelineApi ./cmd/safelineApi/main.go
# Optional: cross-compile for your platform
go env -w GOOS=linux # Options: linux / windows / darwin
go env -w GOARCH=amd64 # Options: amd64 / arm64
3. Edit Config File
Create a config.json with the following structure:
{
"SafeLine": {
"Host": {
"HostName": "192.168.1.4",
"Port": "1443"
},
"ApiToken": "your-safeline-token"
},
"ApplyCert": {
"Days": 30,
"Email": "your@email.com",
"SavePath": "/tmp/ssl",
"DNSProviderConfig": {
"DNSProvider": "TencentCloud",
"TencentCloud": {
"SecretId": "your-id",
"SecretKey": "your-key"
},
"AliCloud": {
"AccessKeyId": "your-id",
"AccessKeySecret": "your-secret"
},
"HuaweiCloud": {
"AccessKeyId": "your-id",
"Region": "cn-east-2",
"SecretAccessKey": "your-key"
},
"WestCN": {
"Username": "your-username",
"Password": "your-password"
},
"RainYun": {
"ApiKey": "your-api-key"
}
}
}
}
4. Run the Tool
./safelineApi ./config.json
5. (Optional) Add a Cron Job
To automate renewal every month:
0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log
🧪 Example Output
Before execution:
Certificates close to expiry (under 90 days)
Log output after running the tool:
[SUCCESS] 2025/04/15 21:36:07 SafeLine config validated!
[INFO] 2025/04/15 21:36:08 Starting certificate renewal...
[INFO] 2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com]
[INFO] 2025/04/15 21:36:14 DNS record propagation successful
[SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated!
After execution:
Certificates renewed successfully ✅
✍️ Final Thoughts
This simple Go tool solves a real-world pain: automating SSL renewals for SafeLine WAF. If you’re tired of getting those “certificate expired” warnings, this tool’s for you.
The project is still evolving—feel free to contribute or suggest improvements on GitHub!
pretty cool, i hate dealing with expiring certs so this is honestly a relief - you think stuff like this keeps running because of habit, or just wanting less headaches long-term?