New Go Tool Automates SSL Renewal for SafeLine WAF, Ending 90-Day Cert Headaches

Written by sharon627 | Published 2025/06/04
Tech Story Tags: cybersecurity | waf | safeline | ssl | safeline-ssl-renewal-tool | auto-renew-ssl-letsencrypt | ssl-cert-automation-safeline | safeline-dns-challenge-ssl

TLDRAutomate SSL renewals for SafeLine WAF with this Go-based tool using Let’s Encrypt DNS-01. Save time, prevent downtime, and never miss a cert expiry again.via the TL;DR App

Tired of manually renewing your SSL certificates every 90 days?


Cloud providers have reduced the validity of their free SSL certs from 1 year to just 3 months. While SafeLine WAF supports Let’s Encrypt out of the box, it lacks automatic renewal. That’s where this automation tool comes in — saving you time and reducing downtime.


🔧 What This Tool Does


This Go-based utility automatically renews your SafeLine SSL certificates using Let’s Encrypt’s DNS-01 challenge. It supports several major DNS providers out of the box:


  • Tencent Cloud
  • Aliyun (Alibaba Cloud)
  • Huawei Cloud
  • West.cn
  • Rainyun


Don’t see your DNS provider? Leave a comment on the GitHub repo — the author is open to adding more.


GitHub: https://github.com/Wink541/SafelineAPI

Mirror (Gitea): https://gitea.doicat.com/duoduo/SafelineAPI


🚀 Getting Started


1. Clone the Repo

git clone https://github.com/Wink541/SafelineAPI
cd SafelineAPI


2. Build the Binary

go build -o safelineApi ./cmd/safelineApi/main.go
# Optional: cross-compile for your platform
go env -w GOOS=linux    # Options: linux / windows / darwin
go env -w GOARCH=amd64  # Options: amd64 / arm64


3. Edit Config File


Create a config.json with the following structure:

{
  "SafeLine": {
    "Host": {
      "HostName": "192.168.1.4",
      "Port": "1443"
    },
    "ApiToken": "your-safeline-token"
  },
  "ApplyCert": {
    "Days": 30,
    "Email": "your@email.com",
    "SavePath": "/tmp/ssl",
    "DNSProviderConfig": {
      "DNSProvider": "TencentCloud",
      "TencentCloud": {
        "SecretId": "your-id",
        "SecretKey": "your-key"
      },
      "AliCloud": {
        "AccessKeyId": "your-id",
        "AccessKeySecret": "your-secret"
      },
      "HuaweiCloud": {
        "AccessKeyId": "your-id",
        "Region": "cn-east-2",
        "SecretAccessKey": "your-key"
      },
      "WestCN": {
        "Username": "your-username",
        "Password": "your-password"
      },
      "RainYun": {
        "ApiKey": "your-api-key"
      }
    }
  }
}


4. Run the Tool

./safelineApi ./config.json


5. (Optional) Add a Cron Job


To automate renewal every month:

0 0 1,31 * * root /opt/safelineApi/safelineApi /opt/safelineApi/config.json > /opt/safelineApi/app.log


🧪 Example Output


Before execution:

Certificates close to expiry (under 90 days)


Log output after running the tool:

[SUCCESS] 2025/04/15 21:36:07 SafeLine config validated!
[INFO]    2025/04/15 21:36:08 Starting certificate renewal...
[INFO]    2025/04/15 21:36:10 Using DNS-01 challenge for domain [www.doicat.com]
[INFO]    2025/04/15 21:36:14 DNS record propagation successful
[SUCCESS] 2025/04/15 21:36:43 Certificate for [www.doicat.com] updated!


After execution:

Certificates renewed successfully ✅


✍️ Final Thoughts


This simple Go tool solves a real-world pain: automating SSL renewals for SafeLine WAF. If you’re tired of getting those “certificate expired” warnings, this tool’s for you.


The project is still evolving — feel free to contribute or suggest improvements on GitHub!

Written by sharon627 | Feel free to reach me out! 📮xxxsharonnn428@gmail.com
Published by HackerNoon on 2025/06/04
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy