GuanM/certimate
1
0
Fork 0
mirror of https://github.com/usual2970/certimate.git synced 2025-06-07 13:09:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
RHQYZ 2025-03-02 00:31:04 +08:00 committed by GitHub
parent 344c269f34
commit 5db18ab749
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 126 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -1,8 +1 @@
## v0.0.3
- 解决一些 bug
- 添加 README.md
## v0.0.1
- Initial release
A full changelog of past releases is available on [GitHub Releases](https://github.com/usual2970/certimate/releases) page.

251
README.md
View File

@ -1,239 +1,114 @@
[中文](README.md) | [English](README_EN.md)
<h1 align="center">🔒 Certimate</h1>
<div align="center">
[![Stars](https://img.shields.io/github/stars/usual2970/certimate?style=flat)](https://github.com/usual2970/certimate)
[![Forks](https://img.shields.io/github/forks/usual2970/certimate?style=flat)](https://github.com/usual2970/certimate)
[![Docker Pulls](https://img.shields.io/docker/pulls/usual2970/certimate?style=flat)](https://hub.docker.com/r/usual2970/certimate)
[![Release](https://img.shields.io/github/v/release/usual2970/certimate?sort=semver)](https://github.com/usual2970/certimate/releases)
[![License](https://img.shields.io/github/license/usual2970/certimate)](https://mit-license.org/)
</div>
<div align="center">
中文 [English](README_EN.md)
</div>
> [!WARNING]
> 当前分支为 `next`,是 v0.3.x 的开发分支,目前还没有稳定,请勿在生产环境中使用。
>
> 如需访问之前的版本,请切换至 `main` 分支。
# 🔒Certimate
---
做个人产品或在小企业负责运维的同学,需要管理多个域名,要给域名申请证书。但手动申请证书有以下缺点:
## 🚩 项目简介
1. 😱 麻烦:申请、部署证书虽不困难,但也挺麻烦的,尤其是维护多个域名的时候。
2. 😭 易忘:当前免费证书有效期仅 90 天,这就要求定期操作,增加工作量的同时,也很容易忘掉,导致网站无法访问。
做个人产品或者在中小企业里负责运维的同学,会遇到要管理多个域名的情况,需要给域名申请证书。但是手动申请证书有以下缺点:
Certimate 就是为了解决上述问题而产生的,它具有以下特点:
- 😱 麻烦:申请证书并部署到服务的流程虽不复杂,但也挺麻烦的,犹其是你有多个域名需要维护的时候。
- 😭 易忘:另外当前免费证书的有效期只有 90 天,这就要求你定期的操作,增加了工作量的同时,你也很容易忘掉续期,从而导致网站访问不了。
1. 操作简单:自动申请、部署、续期 SSL 证书,全程无需人工干预。
2. 支持私有部署部署方法简单只需下载二进制文件执行即可。二进制文件、Docker 镜像全部用 Github Actions 生成,过程透明,可自行审计。
3. 数据安全:由于是私有部署,所有数据均存储在本地,不会保存在提供商的服务器,确保数据的安全性。
Certimate 就是为了解决上述问题而产生的,它具有以下优势:
相关文章:
- **本地部署**:一键安装,只需要下载二进制文件,然后直接运行即可。同时也支持 Docker 部署、源代码部署等方式。​
- **数据安全**:由于是私有部署,所有数据均存储在自己的服务器上,不会经过第三方,确保数据的隐私和安全。​
- **操作简单**:简单配置即可轻松申请 SSL 证书并部署到指定的目标上,在证书即将过期前自动续期,从申请证书到使用证书完全自动化,无需人工操作。​
- [V0.2.0-第一个不向后兼容的版本](https://docs.certimate.me/blog/v0.2.0)
- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
- [域名变量及部署授权组介绍](https://docs.certimate.me/blog/multi-deployer)
Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决方案。
Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决方案。使用文档请访问 [https://docs.certimate.me](https://docs.certimate.me)
## 💡 功能特性
## 一、安装
- 灵活的工作流编排方式,证书从申请到部署完全自动化;
- 支持泛域名、多域名证书,可选 RSA、ECC 签名算法;
- 支持 20+ 域名托管商如阿里云、腾讯云、Cloudflare 等);
- 支持 50+ 部署目标(如 Kubernetes、CDN、WAF、负载均衡等
- 支持邮件、钉钉、飞书、企业微信、Webhook 等多种通知渠道;
- 支持 Let's Encrypt、ZeroSSL、Google Trust Services 等多种 ACME 证书颁发机构;
- 更多特性等待探索。
安装 Certimate 非常简单,你可以选择以下方式之一进行安装:
## ⏱️ 快速启动
### 1. 二进制文件
**5 分钟部署 Certimate**
你可以直接从[Releases 页](https://github.com/usual2970/certimate/releases)下载预先编译好的二进制文件,解压后执行:
以二进制部署为例,从 [GitHub Releases](https://github.com/usual2970/certimate/releases) 页面下载预先编译好的二进制可执行文件压缩包,解压缩后在终端中执行:
```bash
./certimate serve
```
或运行以下命令自动给 Certimate 自身添加证书
浏览器中访问 `http://127.0.0.1:8090`
```bash
./certimate serve 你的域名
```
初始的管理员账号及密码:
> [!NOTE]
> MacOS 在执行二进制文件时会提示无法打开“Certimate”因为 Apple 无法检查其是否包含恶意软件。可在“系统设置 > 隐私与安全性 > 安全性”中点击“仍然允许”,然后再次尝试执行二进制文件。
- 账号:`admin@certimate.fun`
- 密码:`1234567890`
### 2. Docker 安装
即刻使用 Certimate。
```bash
如何使用 Docker 或其他部署方式请参考文档。
mkdir -p ~/.certimate && cd ~/.certimate && curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && docker compose up -d
## 📄 技术文档
```
请访问 [docs.certimate.me](https://docs.certimate.me/) 以阅读技术文档。
### 3. 源代码安装
相关文章:
```bash
git clone EMAIL:usual2970/certimate.git
cd certimate
make local.run
```
- [v0.3.0:第二个不向后兼容的大版本](https://docs.certimate.me/blog/v0.3.0)
- [v0.2.0:第一个不向后兼容的大版本](https://docs.certimate.me/blog/v0.2.0)
- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
## 二、使用
## ⭐ 运行界面
执行完上述安装操作后,在浏览器中访问 `http://127.0.0.1:8090` 即可访问 Certimate 管理页面。
[![Screenshot](https://i.imgur.com/4DAUKEE.gif)](https://www.bilibili.com/video/BV1xockeZEm2)
```bash
用户名admin@certimate.fun
密码1234567890
```
## 🤝 参与贡献
### 视频介绍
[![观看视频](https://i.imgur.com/4DAUKEE.gif)](https://www.bilibili.com/video/BV1xockeZEm2)
## 三、支持的提供商列表
### 证书申请
支持以下的 DNS 提供商的托管域名:
<details>
<summary>[展开查看]</summary>
| 提供商 | 备注 |
| :----------------------------------------------------------------- | :-------------------------------------- |
| [阿里云](https://www.aliyun.com/) | |
| [腾讯云](https://cloud.tencent.com/) | |
| [百度智能云](https://cloud.baidu.com/) | |
| [华为云](https://www.huaweicloud.com/) | |
| [火山引擎](https://www.volcengine.com/) | |
| [京东云](https://www.jdcloud.com/) | |
| [AWS Route53](https://aws.amazon.com/route53/) | |
| [Azure](https://azure.microsoft.com/) | |
| [CloudFlare](https://www.cloudflare.com/) | |
| [ClouDNS](https://www.cloudns.net/) | |
| [DNS.LA](https://www.dns.la/) | |
| [Gcore](https://gcore.com/) | |
| [GNAME](https://www.gname.com/) | |
| [GoDaddy](https://www.godaddy.com/) | |
| [Name.com](https://www.name.com/) | |
| [Namecheap](https://www.namecheap.com/) | |
| [NameSilo](https://www.namesilo.com/) | |
| [IBM NS1 Connect](https://www.ibm.com/cn-zh/products/ns1-connect/) | |
| [移动云](https://ecloud.10086.cn/) | |
| [雨云](https://www.rainyun.com/) | |
| [西部数码](https://www.west.cn/) | |
| [PowerDNS](https://www.powerdns.com/) | |
| ACME 代理 HTTP 请求 | 可申请允许通过 HTTP 请求修改 DNS 的域名 |
</details>
### 证书部署
支持以下的主机提供商:
<details>
<summary>[展开查看]</summary>
| 提供商 | 备注 |
| :-------------------------------------- | :---------------------------------------------------------------------------- |
| 本地部署 | 可部署到本地服务器 |
| SSH 部署 | 可部署到远程服务器(通过 SSH+SFTP/SCP |
| Webhook 回调 | 可部署到 Webhook |
| [Kubernetes](https://kubernetes.io/) | 可部署到 Kubernetes Secret |
| [阿里云](https://www.aliyun.com/) | 可部署到阿里云 OSS、CDN、DCDN、ESA、SLBCLB/ALB/NLB、WAF、Live、VOD 等服务 |
| [腾讯云](https://cloud.tencent.com/) | 可部署到腾讯云 COS、CDN、ECDN、EdgeOne、CLB、WAF、CSS、VOD 等服务 |
| [百度智能云](https://cloud.baidu.com/) | 可部署到百度智能云 CDN 等服务 |
| [华为云](https://www.huaweicloud.com/) | 可部署到华为云 CDN、ELB、WAF 等服务 |
| [火山引擎](https://www.volcengine.com/) | 可部署到火山引擎 TOS、CDN、DCDN、CLB、ImageX、Live 等服务 |
| [京东云](https://www.jdcloud.com/) | 可部署到京东云 CDN、ALB、视频直播、视频点播等服务 |
| [七牛云](https://www.qiniu.com/) | 可部署到七牛云 CDN、直播云等服务 |
| [白山云](https://www.baishan.com/) | 可部署到白山云 CDN |
| [多吉云](https://www.dogecloud.com/) | 可部署到多吉云 CDN |
| [优刻得](https://www.ucloud.cn/) | 可部署到优刻得 US3、UCDN 等服务 |
| [雷池](https://waf-ce.chaitin.cn/) | 可部署到雷池 WAF |
| [宝塔面板](https://www.bt.cn/) | 可部署到宝塔面板 |
| [AWS](https://aws.amazon.com/) | 可部署到 AWS CloudFront |
| [BytePlus](https://www.byteplus.com/) | 可部署到 BytePlus CDN |
| [CacheFly](https://www.cachefly.com/) | 可部署到 CacheFly CDN |
| [Cdnfly](https://www.cdnfly.cn/) | 可部署到 Cdnfly CDN |
| [Edgio](https://edg.io/) | 可部署到 Edgio Applications |
| [Gcore](https://gcore.com/) | 可部署到 Gcore CDN |
</details>
## 四、概念
Certimate 的工作流程如下:
- 用户通过 Certimate 管理页面填写申请证书的信息包括域名、DNS 提供商的授权信息、以及要部署到的提供商的授权信息。
- Certimate 向证书厂商的 API 发起申请请求,获取 SSL 证书。
- Certimate 存储证书信息,包括证书内容、私钥、证书有效期等,并在证书即将过期时自动续期。
- Certimate 向提供商的 API 发起部署请求,将证书部署到提供商的服务器上。
这就涉及域名、DNS 提供商的授权信息、部署提供商的授权信息等。
### 1. 域名
就是要申请证书的域名。
### 2. DNS 提供商授权信息
给域名申请证书需要证明域名是你的,所以我们手动申请证书的时候一般需要在域名提供商的控制台解析记录中添加一个 TXT 域名解析记录。
Certimate 会自动添加一个 TXT 域名解析记录,你只需要在 Certimate 后台中填写你的域名提供商的授权信息即可。
比如你在阿里云购买的域名,授权信息如下:
```bash
accessKeyId: your-access-key-id
accessKeySecret: your-access-key-secret
```
在腾讯云购买的域名,授权信息如下:
```bash
secretId: your-secret-id
secretKey: your-secret-key
```
注意,此授权信息需具有访问域名及 DNS 解析的管理权限,具体的权限清单请参阅各提供商自己的技术文档。
### 3. 部署提供商授权信息
Certimate 申请证书后,会自动将证书部署到你指定的目标上,比如阿里云 CDNCertimate 会根据你填写的授权信息及域名找到对应的 CDN 服务,并将证书部署到对应的 CDN 服务上。
部署提供商授权信息和 DNS 提供商授权信息基本一致,区别在于 DNS 提供商授权信息用于证明域名是你的,部署提供商授权信息用于提供证书部署的授权信息。
注意,此授权信息需具有访问部署目标服务的相关管理权限,具体的权限清单请参阅各提供商自己的技术文档。
## 五、常见问题
Q: 提供 SaaS 服务吗?
> A: 不提供,目前仅支持 self-hosted私有部署
Q: 数据安全?
> A: 由于仅支持私有部署,各种数据都保存在用户的服务器上。另外 Certimate 源码也开源,二进制包及 Docker 镜像打包过程全部使用 Github Actions 进行,过程透明可见,可自行审计。
Q: 自动续期证书?
> A: 已经申请的证书会在**过期前 10 天**自动续期。每天会检查一次证书是否快要过期,快要过期时会自动重新申请证书并部署到目标服务上。
## 六、贡献
Certimate 是一个免费且开源的项目,采用 [MIT 开源协议](LICENSE.md)。你可以使用它做任何你想做的事,甚至把它当作一个付费服务提供给用户。
Certimate 是一个免费且开源的项目,采用 [MIT License](./LICENSE.md)。你可以使用它做任何你想做的事,甚至把它当作一个付费服务提供给用户。
你可以通过以下方式来支持 Certimate 的开发:
- 提交代码:如果你发现了 Bug 或有新的功能需求,而你又有相关经验,可以[提交代码](CONTRIBUTING.md)给我们。
- 提交 Issue功能建议或者 Bug 可以[提交 Issue](https://github.com/usual2970/certimate/issues) 给我们。
支持更多提供商、UI 的优化改进、Bug 修复、文档完善等,欢迎大家提交 PR
支持更多提供商、UI 的优化改进、Bug 修复、文档完善等,欢迎大家参与贡献。
## 七、免责声明
## ⛔ 免责声明
本软件依据 MIT 许可证MIT License发布免费提供,旨在“按现状”供用户使用。作者及贡献者不对使用本软件所产生的任何直接或间接后果承担责任,包括但不限于性能下降、数据丢失、服务中断、或任何其他类型的损害。
Certimate 基于 [MIT License](https://opensource.org/licenses/MIT) 发布,完全免费提供,旨在“按现状”供用户使用。作者及贡献者不对使用本软件所产生的任何直接或间接后果承担责任,包括但不限于性能下降、数据丢失、服务中断、或任何其他类型的损害。
无任何保证:本软件不提供任何明示或暗示的保证,包括但不限于对特定用途的适用性、无侵权性、商用性及可靠性的保证。
**无任何保证**:本软件不提供任何明示或暗示的保证,包括但不限于对特定用途的适用性、无侵权性、商用性及可靠性的保证。
用户责任:使用本软件即表示您理解并同意承担由此产生的一切风险及责任。
**用户责任**:使用本软件即表示您理解并同意承担由此产生的一切风险及责任。
## 八、加入社区
## 🌐 加入社群
- [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
- [Telegram](https://t.me/+ZXphsppxUg41YmVl)
- 微信群聊(超 200 人需邀请入群,可先加作者好友)
<img src="https://i.imgur.com/8xwsLTA.png" width="400"/>
<img src="https://i.imgur.com/8xwsLTA.png" width="240"/>
## 九、Star 趋势图
## 🚀 Star 趋势图
[![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)

250
README_EN.md
View File

@ -1,238 +1,112 @@
[中文](README.md) | [English](README_EN.md)
<h1 align="center">🔒 Certimate</h1>
<div align="center">
[![Stars](https://img.shields.io/github/stars/usual2970/certimate?style=flat)](https://github.com/usual2970/certimate)
[![Forks](https://img.shields.io/github/forks/usual2970/certimate?style=flat)](https://github.com/usual2970/certimate)
[![Docker Pulls](https://img.shields.io/docker/pulls/usual2970/certimate?style=flat)](https://hub.docker.com/r/usual2970/certimate)
[![Release](https://img.shields.io/github/v/release/usual2970/certimate?style=flat&sort=semver)](https://github.com/usual2970/certimate/releases)
[![License](https://img.shields.io/github/license/usual2970/certimate?style=flat)](https://mit-license.org/)
</div>
<div align="center">
[中文](README.md) English
</div>
> [!WARNING]
> The current branch is `next`, which is the development branch for v0.3.x. It is currently unstable and should not be used in production environments.
>
> To access the previous versions, please switch to the `main` branch.
# 🔒Certimate
---
## 🚩 Introduction
For individuals managing personal projects or those responsible for IT operations in small businesses who need to manage multiple domain names, applying for certificates manually comes with several drawbacks:
1. 😱Troublesome: Applying for and deploying certificates isnt difficult, but it can be quite a hassle, especially when managing multiple domains.
2. 😭Easily forgotten: The current free certificate has a validity period of only 90 days, requiring regular renewal operations. This increases the workload and makes it easy to forget, which can result in the website becoming inaccessible.
- 😱 Troublesome: Applying for and deploying certificates isnt difficult, but it can be quite a hassle, especially when managing multiple domains.
- 😭 Easily forgotten: The current free certificate has a validity period of only 90 days, requiring regular renewal operations. This increases the workload and makes it easy to forget, which can result in the website becoming inaccessible.
Certimate was created to solve the above-mentioned issues and has the following features:
Certimate was created to solve the above-mentioned issues and has the following advantages:
1. Simple operation: Automatically apply, deploy, and renew SSL certificates without any manual intervention.
2. Support for self-hosted deployment: The deployment method is simple; you only need to download the binary file and execute it. Both the binary files and Docker images are generated using GitHub Actions, ensuring a transparent process that can be audited independently.
3. Data security: Since it is a self-hosted deployment, all data is stored locally and will not be saved on the service providers servers, ensuring the security of the data.
- **Local Deployment**: Simply to install, download the binary and run it directly. Supports Docker deployment and source code deployment for added flexibility.
- **Data Security**: With private deployment, all data is stored on your own servers, ensuring it never resides on third-party systems and maintaining full control over your data.
- **Easy Operation**: Effortlessly apply and deploy SSL certificates with minimal configuration. The system automatically renews certificates before expiration, providing a fully automated workflow, no manual intervention required.
Related articles:
Certimate aims to provide users with a secure and user-friendly SSL certificate management solution.
- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
- [Introduction to Domain Variables and Deployment Authorization Groups](https://docs.certimate.me/blog/multi-deployer)
## 💡 Features
Certimate aims to provide users with a secure and user-friendly SSL certificate management solution. For usage documentation, please visit [https://docs.certimate.me](https://docs.certimate.me).
- Flexible workflow orchestration, fully automated from certificate application to deployment;
- Supports wildcard, multi-domain certificates, with options for RSA or ECC.
- Supports more than 20+ domain registrars (e.g., Alibaba Cloud, Tencent Cloud, Cloudflare, etc.);
- Supports more than 50+ deployment targets (e.g., Kubernetes, CDN, WAF, load balancers, etc.);
- Supports multiple notification channels including email, DingTalk, Feishu, WeCom, Webhook, and more;
- Supports multiple certificate authorities including Let's Encrypt, ZeroSSL, Google Trust Services, and more;
- More features waiting to be discovered.
## Installation
## ⏱️ Fast Track
Installing Certimate is very simple, you can choose one of the following methods for installation:
**Deploy Certimate in 5 minutes!**
### 1. Binary File
You can download the precompiled binary files directly from the [Releases page](https://github.com/usual2970/certimate/releases), and after extracting them, execute:
Download the archived package of precompiled binary files directly from [GitHub Releases](https://github.com/usual2970/certimate/releases), extract and then execute:
```bash
./certimate serve
```
Or run the following command to automatically add a certificate to Certimate itself.
Visit `http://127.0.0.1:8090` in your browser.
```bash
./certimate serve yourDomain
```
Initial administrator account:
> [!NOTE]
> When executing the binary file on macOS, you may see a prompt saying: “Cannot open certimate because Apple cannot check it for malicious software.” You can go to System Preferences > Security & Privacy > General, then click “Allow Anyway,” and try executing the binary file again.
- Username: `admin@certimate.fun`
- Password: `1234567890`
### 2. Docker Installation
Work with Certimate right now. Or read other content in the documentation to learn more.
```bash
## 📄 Documentation
mkdir -p ~/.certimate && cd ~/.certimate && curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && docker compose up -d
Please visit [docs.certimate.me](https://docs.certimate.me/en/).
```
Related articles:
### 3. Source Code Installation
- [v0.3.0:第二个不向后兼容的大版本](https://docs.certimate.me/blog/v0.3.0)
- [v0.2.0:第一个不向后兼容的大版本](https://docs.certimate.me/blog/v0.2.0)
- [Why Certimate?](https://docs.certimate.me/blog/why-certimate)
```bash
git clone EMAIL:usual2970/certimate.git
cd certimate
make local.run
```
## ⭐ Screenshot
## Usage
[![Screenshot](https://i.imgur.com/4DAUKEE.gif)](https://www.youtube.com/watch?v=am_yzdfyNOE)
After completing the installation steps above, you can access the Certimate management page by visiting <http://127.0.0.1:8090> in your browser.
## 🤝 Contributing
```bash
usernameadmin@certimate.fun
password1234567890
```
### Watch the video
[![Watch the video](https://i.imgur.com/4DAUKEE.gif)](https://www.youtube.com/watch?v=am_yzdfyNOE)
## List of Supported Providers
### Request certificates
The following DNS providers are supported:
<details>
<summary>[Fold/Unfold to view ...]</summary>
| Provider | Remarks |
| :----------------------------------------------------------- | :------------------------------------ |
| [Alibaba Cloud](https://www.alibabacloud.com/) | |
| [Tencent Cloud](https://www.tencentcloud.com/) | |
| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | |
| [Huawei Cloud](https://www.huaweicloud.com/) | |
| [Volcengine](https://www.volcengine.com/) | |
| [JD Cloud](https://www.jdcloud.com/) | |
| [AWS Route53](https://aws.amazon.com/route53/) | |
| [Azure DNS](https://azure.microsoft.com/) | |
| [CloudFlare](https://www.cloudflare.com/) | |
| [ClouDNS](https://www.cloudns.net/) | |
| [DNS.LA](https://www.dns.la/) | |
| [Gcore](https://gcore.com/) | |
| [GNAME](https://www.gname.com/) | |
| [GoDaddy](https://www.godaddy.com/) | |
| [Name.com](https://www.name.com/) | |
| [Namecheap](https://www.namecheap.com/) | |
| [NameSilo](https://www.namesilo.com/) | |
| [IBM NS1 Connect](https://www.ibm.com/products/ns1-connect/) | |
| [CMCC Cloud](https://ecloud.10086.cn/) | |
| [Rain Yun](https://www.rainyun.com/) | |
| [West.cn](https://www.west.cn/) | |
| [PowerDNS](https://www.powerdns.com/) | |
| ACME Proxy HTTP Request | Supports managing DNS by HTTP request |
</details>
### Deploy certificates
The following hosting providers are supported:
<details>
<summary>[Fold/Unfold to view ...]</summary>
| Provider | Remarks |
| :---------------------------------------------- | :------------------------------------------------------------------------------------ |
| Local | Supports deployment to local servers |
| SSH | Supports deployment to remote servers (via SSH+SFTP/SCP) |
| Webhook | Supports deployment to Webhook |
| [Kubernetes](https://kubernetes.io/) | Supports deployment to Kubernetes Secret |
| [Alibaba Cloud](https://www.alibabacloud.com/) | Supports deployment to Alibaba Cloud OSS, CDN, DCDN, SLB(CLB/ALB/NLB), WAF, Live, VOD |
| [Tencent Cloud](https://www.tencentcloud.com/) | Supports deployment to Tencent Cloud COS, CDN, ECDN, EdgeOne, CLB, WAF, CSS, VOD |
| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | Supports deployment to Baidu AI CLoud CDN |
| [Huawei Cloud](https://www.huaweicloud.com/) | Supports deployment to Huawei Cloud CDN, ELB, WAF |
| [Volcengine](https://www.volcengine.com/) | Supports deployment to Volcengine TOS, CDN, DCDN, CLB, ImageX, Live |
| [JD Cloud](https://www.jdcloud.com/) | Supports deployment to JD Cloud CDN, ALB, Live Video, VOD |
| [Qiniu Cloud](https://www.qiniu.com/) | Supports deployment to Qiniu Cloud CDN, Pili |
| [Baishan Cloud](https://intl.baishancloud.com/) | Supports deployment to Baishan Cloud CDN |
| [Doge Cloud](https://www.dogecloud.com/) | Supports deployment to Doge Cloud CDN |
| [UCloud](https://www.ucloud-global.com/) | Supports deployment to UCloud US3, UCDN |
| [SafeLine](https://waf.chaitin.com/) | Supports deployment to SafeLine WAF |
| [aaPanel](https://www.aapanel.com/) | Supports deployment to aaPanel (aka BaoTaPanel) sites |
| [AWS](https://aws.amazon.com/) | Supports deployment to AWS CloudFront |
| [BytePlus](https://www.byteplus.com/) | Supports deployment to BytePlus CDN |
| [CacheFly](https://www.cachefly.com/) | Supports deployment to CacheFly CDN |
| [Cdnfly](https://www.cdnfly.cn/) | Supports deployment to Cdnfly CDN |
| [Edgio](https://edg.io/) | Supports deployment to Edgio Applications |
| [Gcore](https://gcore.com/) | Supports deployment to Gcore CDN |
</details>
## Concepts
The workflow of Certimate is as follows:
- Users fill in the certificate application information on the Certimate management page, including domain name, authorization information for the DNS provider, and authorization information for the service provider to deploy to.
- Certimate sends a request to the certificate vendor's API to apply for an SSL certificate.
- Certimate stores the certificate information, including the certificate content, private key, validity period, etc., and automatically renews the certificate when it is about to expire.
- Certimate sends a deployment request to the service provider's API to deploy the certificate to the service provider's servers.
This involves authorization information for the domain, DNS provider, and deployment service provider.
### 1. Domain
It involves the domain name for which the certificate is being requested.
### 2. Authorization Information for the DNS Provider
To apply for a certificate for a domain, you need to prove that the domain belongs to you. Therefore, when manually applying for a certificate, you typically need to add a TXT record to the DNS records in the domain provider's control panel.
Certimate will automatically add a TXT record for you; you only need to fill in the authorization information for your DNS provider in the Certimate backend.
For example, if you purchased the domain from Alibaba Cloud, the authorization information would be as follows:
```bash
accessKeyId: your-access-key-id
accessKeySecret: your-access-key-secret
```
If you purchased the domain from Tencent Cloud, the authorization information would be as follows:
```bash
secretId: your-secret-id
secretKey: your-secret-key
```
Notes: This authorization information requires relevant administration permissions for accessing the DNS services. Please refer to the documentations of each service provider for the specific permissions list.
### 3. Authorization Information for the Deployment Service Provider
After Certimate applies for the certificate, it will automatically deploy the certificate to your specified target, such as Alibaba Cloud CDN. At this point, you need to fill in the authorization information for Alibaba Cloud. Certimate will use the authorization information and domain name you provided to locate the corresponding CDN service and deploy the certificate to that service.
The authorization information for the deployment service provider is the same as that for the DNS provider, with the distinction that the DNS provider's authorization information is used to prove that the domain belongs to you, while the deployment service provider's authorization information is used to provide authorization for the certificate deployment.
Notes: This authorization information requires relevant administration permissions to access the target deployment services. Please refer to the documentations of each service provider for the specific permissions list.
## FAQ
Q: Do you provide SaaS services?
> A: No, we do not provide that. Currently, we only support self-hosted.
Q: Data Security?
> A: Since only self-hosted is supported, all data is stored on the users server. Additionally, the source code of Certimate is open-source, and the packaging process for binary files and Docker images is entirely done using GitHub Actions. This process is transparent and visible, allowing for independent auditing.
Q: Automatic Certificate Renewal?
> A: Certificates that have already been issued will be automatically renewed **10 days before expiration**. The system checks once a day to see if any certificates are nearing expiration, and if so, it will automatically reapply for the certificate and deploy it to the target service.
## Contributing
Certimate is a free and open-source project, licensed under the [MIT License](LICENSE.md). You can use it for anything you want, even offering it as a paid service to users.
Certimate is a free and open-source project, licensed under the [MIT License](./LICENSE.md). You can use it for anything you want, even offering it as a paid service to users.
You can support the development of Certimate in the following ways:
- **Submit Code**: If you find a bug or have new feature requests, and you have relevant experience, [you can submit code to us](CONTRIBUTING_EN.md).
- **Submit an Issue**: For feature suggestions or bugs, you can [submit an issue](https://github.com/usual2970/certimate/issues) to us.
Support for more service providers, UI enhancements, bug fixes, and documentation improvements are all welcome. We encourage everyone to submit pull requests (PRs).
Support for more service providers, UI enhancements, bug fixes, and documentation improvements are all welcome. We encourage everyone to contribute.
## Disclaimer
## ⛔ Disclaimer
This software is provided under the MIT License and distributed “as-is” without any warranty of any kind. The authors and contributors are not responsible for any damages or losses resulting from the use or inability to use this software, including but not limited to data loss, business interruption, or any other potential harm.
This software is provided under the [MIT License](https://opensource.org/licenses/MIT) and distributed “as-is” without any warranty of any kind. The authors and contributors are not responsible for any damages or losses resulting from the use or inability to use this software, including but not limited to data loss, business interruption, or any other potential harm.
No Warranties: This software comes without any express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
**No Warranties**: This software comes without any express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
User Responsibility: By using this software, you agree to take full responsibility for any outcomes resulting from its use.
**User Responsibilities**: By using this software, you agree to take full responsibility for any outcomes resulting from its use.
## Join the Community
## 🌐 Join the Community
- [Telegram-a new era of messaging](https://t.me/+ZXphsppxUg41YmVl)
- [Telegram](https://t.me/+ZXphsppxUg41YmVl)
- Wechat Group
<img src="https://i.imgur.com/zSHEoIm.png" width="400"/>
<img src="https://i.imgur.com/zSHEoIm.png" width="240"/>
## Star History
## 🚀 Star History
[![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)