Some users find it cumbersome to manually upload certificates through the interface when using SafeLine WAF's SSL Cert feature.
They want to store certificate files in a fixed directory and have Safeline automatically detect and update them after overwriting, allowing the entire process to be completed through automation tools. Related issues include:
- [Suggestion] Add path import method for certificates
- [Bug] After manually updating certificate files and restarting the container, the expiration time in the [Certificate Management] interface is not synchronized
- Suggestions for combining acme.sh for automatic certificate deployment
- [Suggestion] Allow loading wildcard certificate from file system
To solve or optimize the above issues, Safeline Community Edition launched the automatic certificate reading and updating feature in version 7.2.0. Below is an introduction to how to use this feature.
Prerequisites
- WAF version >= 7.2.0
Upload Certificate Once
To let the WAF know that there are certificates that need periodic updates, you need to upload the certificate once in the WAF.
Get Certificate Path
By default, certificates are saved in /data/safeline/resources/nginx/certs
ls /data/safeline/resources/nginx/certs/ -lh
total 8.0K
-rw-r--r-- 1 root root 1.4K Nov 22 18:15 cert_1.crt
-rw-r--r-- 1 root root 1.7K Nov 22 18:15 cert_1.key
Update Certificates Using Files
- You can use tools like certbot to apply for free certificates
After obtaining the certificates, simply overwrite the above files
WAF Automatic Updates
WAF refreshes certificate content every hour by default.
Top comments (0)