CertShip - A tool for automatic SSL certificate binding to OSS
A Python tool that uses acme.sh to automatically apply for certificates and deploy them to cloud platforms (such as Alibaba Cloud AliOSS).
- Certificate source: Let’s Encrypt (acme.sh is only the issuance tool)
- Special thanks to: the help of GitHub Copilot
- Special thanks to: Neilpang, the author of acme.sh
- Special thanks to: Sora for the logo
Install dependencies
poetry install
Usage
You can run the tool via poetry:
poetry run certship --help
Or directly:
python3 -m src.cli --help
Example
poetry run certship \
--domain <your domain> \
--dns-provider <dns provider, default ali> \
--platform alioss \
--oss-bucket <OSS bucket name> \
--oss-endpoint <OSS endpoint> \
--ali-key <Aliyun AccessKeyId> \
--ali-secret <Aliyun AccessKeySecret> \
[--ecc] [--run] [--force] [--debug]
Arguments
--domain
: The domain to apply for the certificate (required)--dns-provider
: DNS provider, default is ali (optional, any DNS plugin supported by acme.sh)--platform
: Target platform, currently only supports alioss or tencentcos (required)--oss-bucket
: Aliyun OSS bucket name (required for alioss)--oss-endpoint
: OSS endpoint (required for alioss)--ali-key
: Aliyun AccessKeyId (required for alioss)--ali-secret
: Aliyun AccessKeySecret (required for alioss)--ecc
: Use ECC certificate (optional)--run
: Issue and deploy certificate (optional, if not set, only deploys existing certificate)--force
: Force certificate renewal (optional)--debug
: acme.sh debug mode (optional)
Requirements
- Python 3.8+
- poetry
- acme.sh (must be installed and configured, defaults to Let’s Encrypt)
- ossutil64 (must be installed and configured for AliOSS)
Typical workflow
- Install dependencies:
poetry install
- Install acme.sh and configure DNS API
- Install and configure ossutil64 (requires yundun-cert:CreateSSLCertificate permission)
- Run the above command to automatically issue and bind the certificate
Supported platforms
- Alibaba Cloud AliOSS
- Tencent Cloud COS
- Local Nginx
- Qiniu Cloud
PRs are welcome!
This site is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.