Tired of manually renewing your SSL certificates every 90 days? Cloud providers have reduced the validity of their free SSL certs from 1 year to just 3 months. While SafeLine WAF supports Let’s Encrypt out of the box, it lacks automatic renewal. That’s where this automation tool comes in — saving you time and reducing downtime. 🔧 What This Tool Does This Go-based utility automatically renews your SafeLine SSL certificates using Let’s Encrypt’s DNS-01 challenge. It supports several major DNS providers out of the box: DNS-01 challenge Tencent CloudAliyun (Alibaba Cloud)Huawei CloudWest.cnRainyun Tencent Cloud Aliyun (Alibaba Cloud) Huawei Cloud West.cn Rainyun Don’t see your DNS provider? Leave a comment on the GitHub repo — the author is open to adding more. Don’t see your DNS provider? Leave a comment on the GitHub repo — the author is open to adding more. GitHub: https://github.com/Wink541/SafelineAPI https://github.com/Wink541/SafelineAPI Mirror (Gitea): https://gitea.doicat.com/duoduo/SafelineAPI https://gitea.doicat.com/duoduo/SafelineAPI 🚀 Getting Started 1. Clone the Repo git clone https://github.com/Wink541/SafelineAPI
cd SafelineAPI git clone https://github.com/Wink541/SafelineAPI
cd SafelineAPI 2. Build the Binary go build -o safelineApi ./cmd/safelineApi/main.go
# Optional: cross-compile for your platform
go env -w GOOS=linux    # Options: linux / windows / darwin
go env -w GOARCH=amd64  # Options: amd64 / arm64 go build -o safelineApi ./cmd/safelineApi/main.go
# Optional: cross-compile for your platform
go env -w GOOS=linux    # Options: linux / windows / darwin
go env -w GOARCH=amd64  # Options: amd64 / arm64 3. Edit Config File Create a config.json with the following structure: config.json {
  "SafeLine": {
    "Host": {
      "HostName": "192.168.1.4",
      "Port": "1443"
    },
    "ApiToken": "your-safeline-token"
  },
  "ApplyCert": {
    "Days": 30,
    "Email": "your@email.com",
    "SavePath": "/tmp/ssl",
    "DNSProviderConfig": {
      "DNSProvider": "TencentCloud",
      "TencentCloud": {
        "SecretId": "your-id",
        "SecretKey": "your-key"
      },
      "AliCloud": {
        "AccessKeyId": "your-id",
        "AccessKeySecret": "your-secret"
      },
      "HuaweiCloud": {
        "AccessKeyId": "your-id",
        "Region": "cn-east-2",
        "SecretAccessKey": "your-key"
      },
      "WestCN": {
        "Username": "your-username",
        "Password": "your-password"
      },
      "RainYun": {
        "ApiKey": "your-api-key"
      }
    }
  }
} {
  "SafeLine": {
    "Host": {
      "HostName": "192.168.1.4",
      "Port": "1443"
    },
    "ApiToken": "your-safeline-token"
  },
  "ApplyCert": {
    "Days": 30,
    "Email": "your@email.com",
    "SavePath": "/tmp/ssl",
    "DNSProviderConfig": {
      "DNSProvider": "TencentCloud",
      "TencentCloud": {
        "SecretId": "your-id",
        "SecretKey": "your-key"
      },
      "AliCloud": {
        "AccessKeyId": "your-id",
        "AccessKeySecret": "your-secret"
      },
      "HuaweiCloud": {
        "AccessKeyId": "your-id",
        "Region": "cn-east-2",
        "SecretAccessKey": "your-key"
      },
      "WestCN": {
        "Username": "your-username",
        "Password": "your-password"
      },
      "RainYun": {
        "ApiKey": "your-api-key"
      }
    }
  }
} 4. Run the Tool ./safelineApi ./config.json ./safelineApi ./config.json 5. (Optional) Add a Cron Job To automate renewal every month: 0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log 0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log 🧪 Example Output Before execution: Certificates close to expiry (under 90 days) Certificates close to expiry (under 90 days) Log output after running the tool: [SUCCESS] 2025/04/15 21:36:07 SafeLine config validated!
[INFO]    2025/04/15 21:36:08 Starting certificate renewal...
[INFO]    2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com]
[INFO]    2025/04/15 21:36:14 DNS record propagation successful
[SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated! [SUCCESS] 2025/04/15 21:36:07 SafeLine config validated!
[INFO]    2025/04/15 21:36:08 Starting certificate renewal...
[INFO]    2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com]
[INFO]    2025/04/15 21:36:14 DNS record propagation successful
[SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated! After execution: Certificates renewed successfully ✅ Certificates renewed successfully ✅ ✍️ Final Thoughts This simple Go tool solves a real-world pain: automating SSL renewals for SafeLine WAF. If you’re tired of getting those “certificate expired” warnings, this tool’s for you. The project is still evolving — feel free to contribute or suggest improvements on GitHub! 🌐 GitHub Repository📚 Official Docs💬 Discord Community 🌐 GitHub Repository GitHub Repository 📚 Official Docs Official Docs 💬 Discord Community Discord Community

The code in this story is for educational purposes. The readers are solely responsible for whatever they build with it.

New Go Tool Automates SSL Renewal for SafeLine WAF, Ending 90-Day Cert Headaches

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

The Noonification: Panda Power (11/28/2023)

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

The Noonification: Panda Power (11/28/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps