All questions

Introduction to using the erassl tool

Last Update Date: 2026-04-08

Tool Introduction

erassl is an automated SSL certificate management tool from ERANET, helping you easily manage SSL certificates. It provides two core functions: certificate application, issuance, and deployment. The tool features a simple design, a user-friendly command-line interface, and is suitable for various server environments. It supports Windows and Linux systems.

1. Adding a Certificate to eraSSL Management

Before adding a certificate, you need to obtain a certificate token. Certificate tokens can be obtained from the ERANET certificate management console.

Execute the erassl add command and enter the token as prompted.

2. Applying for a Certificate

When issuing certificates using erassl, both file verification and DNS verification are supported. It supports numerous DNS service providers, including ERANET, Alibaba Cloud, Baidu Cloud, Huawei Cloud, AWS Route 53, Cloudflare, CloudNS DNS, Volcano Engine DNS, and Tencent Cloud.

When applying for a certificate for the first time, you need to add an application verification configuration as prompted.

3. Deploying Certificates

When deploying certificates using erassl, it supports deploying certificates to local archives as well as to interfaces of cloud service providers such as BT Panel, cloud servers, and CDNs.

The first time you deploy a certificate, you need to follow the prompts to add deployment configurations.

4. Automatic Certificate Renewal and Deployment

erassl supports automatic certificate renewal and deployment. You can set up scheduled tasks to automatically apply for and deploy new certificates before they expire.

Main Functions

erassl provides the following core functions:

  • Add Certificate: Add a new SSL certificate configuration using a certificate token.

  • View Certificate: View detailed information about a certificate.

  • Delete Certificate: Delete an unwanted certificate configuration.

  • List Certificates: View a list of all managed certificates.

  • Request Certificate: Request the issuance of a certificate.

  • Deploy Certificate: Deploy a certificate to the target server.

  • Renew Certificate: Automate the certificate application and deployment process.

  • Version Information: View the tool version.

Installation Method

  1. Download the erassl tool to your server: erassl-linux erassl-win

  2. Unzip the downloaded compressed package: unzip erassl.zip

  3. Grant execute permissions: chmod +x erassl

  4. Move the tool to the system PATH directory for easy global use: mv erassl /usr/local/bin/

## Usage Guide

1. View Help Information

When you use the erassl tool for the first time, you can view basic help information using the following command:

erassl help

Example Output:

Usage: erassl COMMAND [options]

Automated SSL Certificate Management Tool

Commands:

add Add a certificate using a token

show View certificate details

delete Delete a certificate configuration

list List all managed certificates

apply Apply for a certificate

deploy Deploy a certificate

renew Renew a certificate

help Print this help message

version Print version information

Run erassl COMMAND -help' to view detailed information about the command.

2. Adding a Certificate

To add a new SSL certificate configuration, use the add command:

erassl add

After execution, the system will prompt you to enter the certificate token. Enter it and press Enter to complete the addition.

3. Viewing Certificate Details

To view detailed information about a certificate, use the show command and specify the certificate ID:

erassl show ID

The ID is the certificate’s unique identifier, which can be obtained using the list command.

4. Delete Certificate Configuration

To delete an unwanted certificate configuration, use the delete command:

erassl delete ID

5. List All Certificates

To view a list of all managed certificates, use the list command:

erassl list

6. Apply for a Certificate

To apply for a new SSL certificate, use the apply command:

erassl apply ID [options]

Option descriptions:

  • -reset: Resets the verification configuration

  • -force: Forces certificate application, regardless of certificate expiration

If the certificate validity period is greater than 30 days, it will not be reapplied by default; the -force option must be used to force the application.

You can also use all instead of a specific certificate ID to apply for all certificates in bulk:

erassl apply all

7. Deploying Certificates

To deploy a certificate to the target server, use the deploy command:

erassl deploy ID

Similarly, you can use all to deploy all certificates in bulk:

erassl deploy all

8. Renewing Certificates

Renewing a certificate is a combined operation, including applying for a new certificate and deploying the certificate:

erassl renew ID

You can also use all to renew all certificates in bulk:

erassl renew all

9. Checking Version Information

To check the version information of the autossl tool, use the version command:

erassl version

Operation Examples

Example 1: Add a New Certificate

$ erassl add
Please enter the certificate token:
your-certificate-token
# The system will display information about the successfully added certificate.

Example 2: Apply for a Certificate

# Apply for a certificate with a specified ID
$ erassl apply 1

# Force certificate application (even if it hasn't expired)
$ erassl apply 1 -force

# Reset verification configuration and apply for a certificate
$ erassl apply 1 -reset

Example 3: Renew a Certificate

# Renew a certificate with a specified ID
$ erassl renew 1

# Batch renew all certificates
$ erassl renew all

Notes

  1. The certificate token is an important identifier for adding and managing certificates. Please keep it safe.

    1. When applying for a certificate, ensure your domain name resolution and server configuration are correct to pass domain verification.

  3. Regularly renew expiring certificates using the renew command to avoid service disruptions due to certificate expiration.

  4. For batch operations, the system will automatically skip unconfigured certificates and display corresponding prompts.

  5. erassl will generate data and logs directories in the working directory to store certificate configuration and runtime logs, respectively. Ensure you have sufficient permissions to create and write to these directories.

Summary

erassl is a comprehensive and easy-to-use SSL certificate management tool that provides full lifecycle certificate management through a command-line interface. It supports not only single certificate management but also batch operations, greatly improving certificate management efficiency.

We hope this article has been helpful in using erassl. If you encounter any problems during use, please refer to the tool’s help documentation or contact technical support.