Tired of manually renewing your SSL certificates every 90 days? Cloud providers have reduced the validity of their free SSL certs from 1 year to just 3 months. While SafeLine WAF supports Let’s Encrypt out of the box, it lacks automatic renewal. That’s where this automation tool comes in — saving you time and reducing downtime. 🔧 What This Tool Does This Go-based utility automatically renews your SafeLine SSL certificates using Let’s Encrypt’s DNS-01 challenge. It supports several major DNS providers out of the box: DNS-01 challenge Tencent CloudAliyun (Alibaba Cloud)Huawei CloudWest.cnRainyun Tencent Cloud Aliyun (Alibaba Cloud) Huawei Cloud West.cn Rainyun Don’t see your DNS provider? Leave a comment on the GitHub repo — the author is open to adding more. Don’t see your DNS provider? Leave a comment on the GitHub repo — the author is open to adding more. GitHub: https://github.com/Wink541/SafelineAPI https://github.com/Wink541/SafelineAPI Mirror (Gitea): https://gitea.doicat.com/duoduo/SafelineAPI https://gitea.doicat.com/duoduo/SafelineAPI 🚀 Getting Started 1. Clone the Repo git clone https://github.com/Wink541/SafelineAPI cd SafelineAPI git clone https://github.com/Wink541/SafelineAPI cd SafelineAPI 2. Build the Binary go build -o safelineApi ./cmd/safelineApi/main.go # Optional: cross-compile for your platform go env -w GOOS=linux # Options: linux / windows / darwin go env -w GOARCH=amd64 # Options: amd64 / arm64 go build -o safelineApi ./cmd/safelineApi/main.go # Optional: cross-compile for your platform go env -w GOOS=linux # Options: linux / windows / darwin go env -w GOARCH=amd64 # Options: amd64 / arm64 3. Edit Config File Create a config.json with the following structure: config.json { "SafeLine": { "Host": { "HostName": "192.168.1.4", "Port": "1443" }, "ApiToken": "your-safeline-token" }, "ApplyCert": { "Days": 30, "Email": "your@email.com", "SavePath": "/tmp/ssl", "DNSProviderConfig": { "DNSProvider": "TencentCloud", "TencentCloud": { "SecretId": "your-id", "SecretKey": "your-key" }, "AliCloud": { "AccessKeyId": "your-id", "AccessKeySecret": "your-secret" }, "HuaweiCloud": { "AccessKeyId": "your-id", "Region": "cn-east-2", "SecretAccessKey": "your-key" }, "WestCN": { "Username": "your-username", "Password": "your-password" }, "RainYun": { "ApiKey": "your-api-key" } } } } { "SafeLine": { "Host": { "HostName": "192.168.1.4", "Port": "1443" }, "ApiToken": "your-safeline-token" }, "ApplyCert": { "Days": 30, "Email": "your@email.com", "SavePath": "/tmp/ssl", "DNSProviderConfig": { "DNSProvider": "TencentCloud", "TencentCloud": { "SecretId": "your-id", "SecretKey": "your-key" }, "AliCloud": { "AccessKeyId": "your-id", "AccessKeySecret": "your-secret" }, "HuaweiCloud": { "AccessKeyId": "your-id", "Region": "cn-east-2", "SecretAccessKey": "your-key" }, "WestCN": { "Username": "your-username", "Password": "your-password" }, "RainYun": { "ApiKey": "your-api-key" } } } } 4. Run the Tool ./safelineApi ./config.json ./safelineApi ./config.json 5. (Optional) Add a Cron Job To automate renewal every month: 0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log 0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log 🧪 Example Output Before execution: Certificates close to expiry (under 90 days) Certificates close to expiry (under 90 days) Log output after running the tool: [SUCCESS] 2025/04/15 21:36:07 SafeLine config validated! [INFO] 2025/04/15 21:36:08 Starting certificate renewal... [INFO] 2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com] [INFO] 2025/04/15 21:36:14 DNS record propagation successful [SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated! [SUCCESS] 2025/04/15 21:36:07 SafeLine config validated! [INFO] 2025/04/15 21:36:08 Starting certificate renewal... [INFO] 2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com] [INFO] 2025/04/15 21:36:14 DNS record propagation successful [SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated! After execution: Certificates renewed successfully ✅ Certificates renewed successfully ✅ ✍️ Final Thoughts This simple Go tool solves a real-world pain: automating SSL renewals for SafeLine WAF. If you’re tired of getting those “certificate expired” warnings, this tool’s for you. The project is still evolving — feel free to contribute or suggest improvements on GitHub! 🌐 GitHub Repository📚 Official Docs💬 Discord Community 🌐 GitHub Repository GitHub Repository 📚 Official Docs Official Docs 💬 Discord Community Discord Community
