Purpose

Request and renew free certificates from let's encrypt for Aliyun CDN domains.

Prepare

Install certbot with aliyun DNS plugin and aliyun-cert

pip3 install aliyun-cert

Create config file ~/.secrets/aliyun.ini for aliyun access key

dns_aliyun_key_id = xxx
dns_aliyun_key_secret = yyy

Request Certificates from let's encrypt

# request new cert
certbot certonly \
  --authenticator dns-aliyun \
  --dns-aliyun-propagation-seconds 30 \
  --dns-aliyun-credentials ~/.secrets/aliyun.ini \
  -d example.com -d *.example.com

Deploy certificate for aliyun CDN domains

# upload certificate
aliyun-cert upload-cert --domain example.com /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem

# deploy certificates with certificates id returned from last command
aliyun-cert set-cert --cert-id 123456 --domain cdn.example.com --service cdn

# check all SSL-enabled CDN domains and their certificates
aliyun-cert list-domains --cdn

Renew Certificates

Create crontab file /etc/cron.d/certbot

0 0,12 * * * root sleep 1471 && certbot renew -q

Create deploy hook to update aliyun CDN's certification in /etc/letsencrypt/renewal-hooks/deploy/09-deploy-aliyun.sh

#!/bin/bash

aliyun-cert certbot-deploy-hook --cdn --delete-old-cert

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.en.md

README.en.md

Purpose

Prepare

Request Certificates from let's encrypt

Deploy certificate for aliyun CDN domains

Renew Certificates

Files

README.en.md

Latest commit

History

README.en.md

File metadata and controls

Purpose

Prepare

Request Certificates from let's encrypt

Deploy certificate for aliyun CDN domains

Renew Certificates