Sync SSL Certificates to DogeCloud CDN

·(edited)· / , , , ·

606

reads·

likes

This article was last modified on . Some content may be outdated. Feel free to ask the author if you have questions.

AI Translation中文English

Key Insights

AI · GEN

Two months ago, because Tencent Cloud CDN suspends service immediately upon arrears, I switched to DogeCloud CDN.

Currently, the free SSL certificates from BT/1Panel are only valid for 90 days. Although they can be renewed automatically, after renewal you still have to manually update the CDN certificate frequently, which is very troublesome.

Fortunately, DogeCloud provides a corresponding API, allowing us to automatically sync SSL certificates to DogeCloud CDN through scripts.

Features

🔑 Dynamically generate DogeCloud API access tokens
📤 One-click certificate upload and management
🌐 Intelligent multi-domain certificate binding
🗑️ Old certificate cleanup (optional)
⏰ Seamless integration with Let's Encrypt automatic renewal
✅ Dual-platform support (BT/1Panel)

Quick Start

Obtain DogeCloud API key:
- Log in to the DogeCloud console
- Go to "User Center" → "Key Management"
- Create a new key pair
Confirm certificate path:
- BT Panel: /www/server/panel/vhost/ssl/domain-directory/
- 1Panel can skip this step

Configuration Guide

Edit the following parameters in the script:

CodeBlock Loading...

Deployment Guide

1Panel

Enter the certificate management interface
Create/edit certificate:
- Enable "Auto-renew"
- Enable "Push certificate to local directory"
- Select directory
- Enable "Execute script after application"
- Paste the content of this script
- Modify the certificate path to:
CodeBlock Loading...

BT Panel

Create a scheduled task:
- Task type: Shell script
- Task name: arbitrary
- Execution cycle: execute once at 01:30 on the 1st of every month
- Execution user: root
- Script content: paste the content of this script

Cooperate with the automatic renewal of Let’s Encrypt certificate scheduled task /www/server/panel/pyenv/bin/python /www/server/panel/class/acme_v2.py –renew=1 to theoretically achieve hands-off certificate management for DogeCloud CDN.

After saving, run the task once. If the following information is displayed, the certificate sync is complete:

CodeBlock Loading...

Code Ideas

Obtain Key & Generate `AccessToken`

DogeCloud's API has an authentication mechanism. Before use, you need to obtain AccessKey and SecretKey from the console's Key Management, and then generate AccessToken based on AccessKey and SecretKey.

The generation process of AccessToken is to concatenate the request URL and request content, then encrypt it with SecretKey using HMAC-SHA1, and finally connect the encrypted value with AccessKey using a colon. For the specific generation algorithm, please refer to the documentation Authentication Mechanism .

CodeBlock Loading...

After generating the AccessToken, you only need to add Authorization: TOKEN <AccessToken> to the request header to pass authentication.

Find BT Panel Domain Certificate & Upload Certificate

Under the /www/server/panel/vhost/ssl/ directory, you can find all domain-named folders for BT Panel, and inside each folder are the full certificate chain fullchain.pem and private key privkey.pem corresponding to that domain.

It is recommended to use the same wildcard certificate for the domain and all its subdomains, so that the domain and all its subdomains can be synced at once.

Taking the domain vinking.top as an example, the paths of the full certificate chain file and private key file are as follows:

CodeBlock Loading...

After obtaining the domain certificate, you need to submit the certificate content to https://api.dogecloud.com/cdn/cert/upload.json via POST. After a successful upload, you need to obtain the certificate ID so that the just-uploaded certificate can be bound to the domain.

Refer to the documentation Upload Certificate and Bind Certificate.

CodeBlock Loading...

Two months ago, because Tencent Cloud CDN suspends service immediately upon arrears, I switched to DogeCloud CDN.

Fortunately, DogeCloud provides a corresponding API, allowing us to automatically sync SSL certificates to DogeCloud CDN through scripts.

Features

🔑 Dynamically generate DogeCloud API access tokens
📤 One-click certificate upload and management
🌐 Intelligent multi-domain certificate binding
🗑️ Old certificate cleanup (optional)
⏰ Seamless integration with Let's Encrypt automatic renewal
✅ Dual-platform support (BT/1Panel)

Quick Start

Obtain DogeCloud API key:
- Log in to the DogeCloud console
- Go to "User Center" → "Key Management"
- Create a new key pair
Confirm certificate path:
- BT Panel: /www/server/panel/vhost/ssl/domain-directory/
- 1Panel can skip this step

Configuration Guide

Edit the following parameters in the script:

BASH

# DogeCloud AccessKey and SecretK
ACCESS_KEY="your_access_key_here"   # Replace with your AccessKey
SECRET_KEY="your_secret_key_here"  # Replace with your SecretKey

# Certificate path configuration
FULLCHAIN_PATH="/path/to/fullchain.pem"  # Full-chain certificate path
PRIVKEY_PATH="/path/to/privkey.pem"      # Private key path

# Domain configuration
DOMAINS=("example.com" "cdn.example.com" "www.example.com")  # List of domains to bind

# Old certificate handling strategy
DELETE_OLD_CERT=false  # true=auto delete old certificate | false=keep historical certificates

CodeBlock Loading...

Deployment Guide

1Panel

Enter the certificate management interface
Create/edit certificate:
- Enable "Auto-renew"
- Enable "Push certificate to local directory"
- Select directory
- Enable "Execute script after application"
- Paste the content of this script
- Modify the certificate path to:
SH
# Certificate path FULLCHAIN_PATH="./fullchain.pem" PRIVKEY_PATH="./privkey.pem"
CodeBlock Loading...

BT Panel

Create a scheduled task:
- Task type: Shell script
- Task name: arbitrary
- Execution cycle: execute once at 01:30 on the 1st of every month
- Execution user: root
- Script content: paste the content of this script

Cooperate with the automatic renewal of Let’s Encrypt certificate scheduled task /www/server/panel/pyenv/bin/python /www/server/panel/class/acme_v2.py –renew=1 to theoretically achieve hands-off certificate management for DogeCloud CDN.

After saving, run the task once. If the following information is displayed, the certificate sync is complete:

Certificate uploaded successfully!
Certificate ID: 12345
Certificate successfully bound to www.vinking.top
Certificate successfully bound to vinking.top
Certificate ID 12344 deleted successfully.
----------------------------------------------------------------------------
★[2024-12-26 16:01:29] Successful
----------------------------------------------------------------------------

CodeBlock Loading...

Code Ideas

Obtain Key & Generate `AccessToken`

# DogeCloud AccessKey and SecretKey
ACCESS_KEY="xxxx"
SECRET_KEY="xxxxxx"

function generateAccessToken() {
    local apiPath="$1"
    local body="$2"
    local signStr=$(echo -e "${apiPath}\n${body}")
    local sign=$(echo -n "$signStr" | openssl dgst -sha1 -hmac "$SECRET_KEY" | awk '{print $NF}')
    local accessToken="$ACCESS_KEY:$sign"

    echo "$accessToken"
}

CodeBlock Loading...

After generating the AccessToken, you only need to add Authorization: TOKEN <AccessToken> to the request header to pass authentication.

Find BT Panel Domain Certificate & Upload Certificate

It is recommended to use the same wildcard certificate for the domain and all its subdomains, so that the domain and all its subdomains can be synced at once.

Taking the domain vinking.top as an example, the paths of the full certificate chain file and private key file are as follows:

FULLCHAIN_PATH="/www/server/panel/vhost/ssl/vinking.top/fullchain.pem"
PRIVKEY_PATH="/www/server/panel/vhost/ssl/vinking.top/privkey.pem"

CodeBlock Loading...

Refer to the documentation Upload Certificate and Bind Certificate.

# BT Panel Let's Encrypt certificate path
FULLCHAIN_PATH="/www/server/panel/vhost/ssl/vinking.top/fullchain.pem"
PRIVKEY_PATH="/www/server/panel/vhost/ssl/vinking.top/privkey.pem"

# Certificate note name
CURRENT_DATE=$(date +"%y/%m/%d")
NOTE="Certificate $CURRENT_DATE"

# List of domains to bind
DOMAINS=("xxxxx.com" "cdn.xxxxx.com" "www.xxxxx.com")

# Upload certificate to DogeCloud
function uploadCert() {
    local note="$1"
    local certFile="$2"
    local privateKeyFile="$3"
    local certContent=$(<"$certFile")
    local privateKeyContent=$(<"$privateKeyFile")
    local encodedCert=$(echo "$certContent" | jq -sRr @uri)
    local encodedPrivateKey=$(echo "$privateKeyContent" | jq -sRr @uri)
    local body="note=$note&cert=$encodedCert&private=$encodedPrivateKey"
    local accessToken=$(generateAccessToken "/cdn/cert/upload.json" "$body")
    local response=$(curl -s -X POST "https://api.dogecloud.com/cdn/cert/upload.json"  \
         -H "Authorization: TOKEN $accessToken" \
         -H "Content-Type: application/x-www-form-urlencoded" \
         --data "$body")

    local code=$(echo "$response" | jq -r '.code')

    if [ "$code" -eq 200 ]; then
        echo "Certificate uploaded successfully!"
        local certId=$(echo "$response" | jq -r '.data.id')
        echo "Certificate ID: $certId"
        bindCert "$certId"
    else
        local errMsg=$(echo "$response" | jq -r '.msg')
        echo "Certificate upload failed, error code: $code, error message: $errMsg"
    fi
}

# Bind certificate
function bindCert() {
    local certId="$1"
    local responses=()

    for domain in "${DOMAINS[@]}"; do
        (
            local body="id=$certId&domain=$domain"
            local accessToken=$(generateAccessToken "/cdn/cert/bind.json" "$body")
            local response=$(curl -s -X POST "https://api.dogecloud.com/cdn/cert/bind.json"  \
                 -H "Authorization: TOKEN $accessToken" \
                 -H "Content-Type: application/x-www-form-urlencoded" \
                 --data "$body")
            local code=$(echo "$response" | jq -r '.code')

            if [ "$code" -eq 200 ]; then
                echo "Certificate successfully bound to $domain"
            else
                local errMsg=$(echo "$response" | jq -r '.msg')
                echo "Failed to bind certificate to $domain, error code: $code, error message: $errMsg"
            fi
        ) &
    done

    wait
}

CodeBlock Loading...

Sync SSL Certificates to DogeCloud CDN

Sync SSL Certificates to DogeCloud CDN

Features

Quick Start

Configuration Guide

Deployment Guide

1Panel

BT Panel

Code Ideas

Obtain Key & Generate AccessToken

Find BT Panel Domain Certificate & Upload Certificate

Features

Quick Start

Configuration Guide

Deployment Guide

1Panel

BT Panel

Code Ideas

Obtain Key & Generate AccessToken

Find BT Panel Domain Certificate & Upload Certificate

Obtain Key & Generate `AccessToken`

Obtain Key & Generate `AccessToken`