Skip to content

AmirKenzo/Auto-SSL-Domain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
config
config
 
 
lib
lib
 
 
scripts
scripts
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
autossl.sh
autossl.sh
 
 

Repository files navigation

AutoSSL

Production-ready pure Bash Let's Encrypt certificate automation with Marzban, Pasarguard, and manual deployment.

No Python required — works on any Linux server with Bash.

Features

  • Certificate issuance via certbot or acme.sh (auto-detected)
  • Single domain, SAN (multiple domains), and wildcard (*.example.com)
  • DNS challenge for wildcards with pluggable DNS providers (Cloudflare first)
  • Panel integration: Marzban, Pasarguard, or manual/custom path
  • Interactive CLI with numeric panel selection (1/2/3)
  • Manual renewal via autossl renew (no background service)
  • Expiration checker, logging, dry-run mode
  • Backup existing certificates before overwrite

Quick Install

# One-liner
bash <(curl -Ls https://raw.githubusercontent.com/AmirKenzo/Auto-SSL-Domain/main/scripts/install.sh)

# Or clone and install
git clone https://github.com/AmirKenzo/Auto-SSL-Domain.git
cd Auto-SSL-Domain
sudo bash scripts/install.sh

Usage Examples

Interactive issuance (default)

sudo autossl
sudo autossl issue

Single domain

sudo autossl issue
# Enter: example.com
# Choice [1-3]: 1   (Marzban)

Multiple domains (SAN)

sudo autossl issue
# Enter: example.com www.example.com api.example.com

Normal domains — no API key (HTTP, default)

Port 80 must be free. No Cloudflare token needed.

sudo autossl issue
# Enter: example.com www.example.com

Wildcard — manual DNS (no API key)

sudo autossl issue
# Enter: *.example.com example.com
# Add TXT record when prompted, then press Enter

Wildcard — automatic DNS (optional Cloudflare API)

export CF_Token="your_cloudflare_api_token"
sudo autossl issue
# Enter: *.example.com example.com

Force DNS challenge for normal domains

sudo autossl --dns issue
# Manual TXT if no API key, automatic if CF_Token is set

Dry-run

sudo autossl --dry-run issue

Force backend

sudo autossl --backend certbot issue
sudo autossl --backend acme.sh issue

List certificates

sudo autossl list

Shows all certs, domains (SAN), panel path, expiry date and days remaining.

Renew & check

sudo autossl renew
sudo autossl renew -d example.com
sudo autossl check
sudo autossl check -d example.com --warn-days 14

Update & uninstall

sudo autossl update       # pull latest from GitHub
sudo autossl uninstall    # remove tool (asks before deleting config)

Deployment Paths

Panel Path
Marzban /var/lib/marzban/certs/<domain>/
Pasarguard /var/lib/pasarguard/certs/<domain>/
None /etc/autossl/certs/<domain>/ or custom

Each domain folder:

fullchain.pem
privkey.pem

Cloudflare API (optional)

Never required. Without API key, DNS challenges use manual TXT records.

Set API key only if you want automatic DNS:

export CF_Token="your_api_token"
# or edit /etc/autossl/cloudflare.ini (uncomment and set token)

Manual Renewal

sudo autossl renew
sudo autossl renew -d example.com

Project Structure

autossl.sh
lib/
├── common.sh
├── domain.sh
├── dns.sh
├── issuer.sh
├── deploy.sh
├── backup.sh
├── panels.sh
├── state.sh
├── expiration.sh
└── renewal.sh
scripts/install.sh

Adding a DNS Provider

  1. Add detect_dns_yourprovider() in lib/dns.sh
  2. Call it from detect_dns_provider()

Logs & State

Path Purpose
/var/log/autossl/autossl.log Main log
/etc/autossl/state/<domain>.conf Per-domain state

Requirements

  • Linux (Debian/Ubuntu, RHEL, Arch, …)
  • Bash 4+ (pre-installed on all Linux servers)
  • certbot or acme.sh
  • openssl, curl, socat, dig
  • Root/sudo access

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages