All questions

EraSSL tool automatically deploys certificates.

Last Update Date: 2026-04-09

This tool currently supports deployment to 1Panel websites, SSH deployment, Qiniu Cloud CDN, Qiniu Cloud OSS, Huawei Cloud CDN, BT Panel, local deployment, Volcano CDN, Baidu Cloud CDN, Tencent Cloud CDN, Tencent Cloud COS, Tencent Cloud EdgeOne, Tencent Cloud WAF, Alibaba Cloud CDN, Alibaba Cloud ESA, Alibaba Cloud OSS, and Alibaba Cloud WAF.

I. Automatic Service Deployment using erassl in a Linux Environment

You must first refer to the documentation on automatic certificate issuance using autossl (click to view). After adding and applying for certificates in erassl, you can use the autossl tool for automatic deployment.

erassl deploy 1

This document uses deployment to Qiniu Cloud, local command prompt, and BT Panel as examples, as shown in the image below. For other services, please refer to the command examples in AutoSSL:

Reference command:

erassl deploy 1
{"provider": "localhost","keyPath": "/etc/nginx/ssl/example.com.key","certPath": "/etc/nginx/ssl/example.com.crt","beforeCmd": "cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak","afterCmd": "nginx -s reload"}

{"provider": "btpanel-site","url": "http://127.0.0.1:8888","api_key": "asgasgh21241mgd","siteName": "now.cn"}

{"provider":"qiniu-oss","access_key":"1234","access_secret":"sdgsdhsh","domain":"now.cn"}

erassl deploy certificate_id. Multiple deployment targets can be added, each ending with a space after the next one.

The first example adds a local command line. keypath is the path to the old certificate key, certpath is the path to the old certificate’s CRT file, beforecmd is the command to be executed beforehand, and aftercmd is the command to be executed afterward. This configuration automatically replaces the old certificate and restarts Nginx. Apache works similarly.

The second example uses BT Panel. url is the BT Panel address, apikey is the BT Panel key, and siteName is the BT Panel website domain. The IP address of the tool must be whitelisted by BT Panel.

The third example is adding a certificate for Qiniu storage. access_secret is the key generated by the Qiniu website, and domain is the bound domain name.

Other services are similar to the example; apply for an API key from your service provider and then fill it into this tool. After configuration once, the erassl tool will record historical configuration information, eliminating the need for further configuration. If you need to modify the previous configuration, you can use erassl deploy certificate_id -reset to restart the configuration.

II. Configuring Automatic Issuance and Deployment via Scheduled Tasks

  1. Prerequisites: The first time, you need to manually add the certificate token to erassl according to the documentation on automatic certificate issuance and deployment, and then configure issuance and deployment. erassl will record this configuration information.

  2. The certificate must have sufficient validity period purchased in the ERANET backend for erassl to automatically issue certificates.

  3. Run in scheduled tasks, which can be done once a month. Currently, if the certificate is less than 30 days old, it will automatically apply for re-issuance and deployment.

crontab -e
# # # # #/1 erassl apply 1 && erassl deploy 1