jdcloud-acme-hook

JDCloud acme.sh deploy hook

issue domain with acme.sh

acme.sh --issue -d example.com -d *.example.com --dns dns_jd --keylength 2048

configuration

Create /etc/jdcloud-acme-hook.toml with your JD Cloud credentials. You can configure multiple services per account:

[[Accounts]]
Name="my-account-name"  # Replace with your account identifier

[Accounts.CDN]
AK="YOUR_ACCESS_KEY_HERE"      # Replace with your actual access key
SK="YOUR_SECRET_KEY_HERE"      # Replace with your actual secret key
Region="cn-north-1"        # Specify your region

You can configure multiple accounts by adding additional [[Accounts]] sections. Each service (CDN) is optional and will only be used if configured.

⚠️ Security Warning: Never commit real credentials to version control. Store this file securely with appropriate permissions (e.g., chmod 600 /etc/jdcloud-acme-hook.toml).

deploy script

Create ~/.acme.sh/deploy/jdcloud_acme_hook.sh:

#!/bin/bash

# acme.sh automatically calls functions ending with _deploy
jdcloud_acme_hook_deploy() {
  # 1. Define paths
  # $domain is the current domain provided by acme.sh (example.com)
  # $CERT_HOME is the acme.sh installation root directory (usually /root/.acme.sh)

  REAL_FULLCHAIN="$CERT_HOME/$domain/fullchain.cer"
  REAL_KEY="$CERT_HOME/$domain/$domain.key"

  # 2. Print debug info to ensure we can see the paths in logs
  _info "Resolved FULLCHAIN_PATH: $REAL_FULLCHAIN"
  _info "Resolved CERT_KEY_PATH: $REAL_KEY"

  # 3. Verify that files actually exist
  if [ ! -f "$REAL_FULLCHAIN" ] || [ ! -f "$REAL_KEY" ]; then
    _err "Critical Error: Certificate files not found in RSA directory!"
    return 1
  fi

  # 4. Explicitly export variables so the Go subprocess can read them
  export CERT_KEY_PATH="$REAL_KEY"
  export FULLCHAIN_PATH="$REAL_FULLCHAIN"
  export CERT_DOMAIN="$domain" # acme.sh's internal domain variable is $domain

  _info "Starting upload to JD Cloud services (CDN)..."
  /usr/local/bin/jdcloud-acme-hook -c /etc/jdcloud-acme-hook.toml certificate
  if [ $? -eq 0 ]; then
    _info "JDCloud Certificate Deployment Success."
    return 0
  else
    _err "JDCloud Certificate Deployment Failed."
    return 1
  fi

Make sure the script is executable:

chmod +x ~/.acme.sh/deploy/jdcloud_acme_hook.sh

deploy command

acme.sh --deploy -d example.com --deploy-hook jdcloud_acme_hook

command-line usage

You can also run the tool directly to update certificates:

jdcloud-acme-hook -c /etc/jdcloud-acme-hook.toml certificate

This will:

1. Load certificate information from environment variables (set by acme.sh)
2. Deploy the certificate to CDN domains if CDN configuration is present

services supported

This hook supports deploying certificates to:

• CDN: Content Delivery Network SSL certificates

The service will automatically determine which services to deploy to based on your configuration file.

troubleshooting

Common Issues

1. Permission denied errors

   • Ensure your configuration file has proper permissions: chmod 600 /etc/jdcloud-acme-hook.toml
   • Verify that the jdcloud-acme-hook binary is executable: chmod +x /usr/local/bin/jdcloud-acme-hook

2. Invalid credentials errors

   • Double-check your Access Key (AK) and Secret Key (SK) are correct
   • Verify the region is properly set for each service
   • Ensure your JD Cloud account has necessary permissions for each service

3. Certificate not found errors

   • Verify that the environment variables CERT_KEY_PATH, FULLCHAIN_PATH, and CERT_DOMAIN are properly set
   • Check that acme.sh generates certificate files in the expected location

4. Service-specific deployment failures

   • Some services may require additional permissions beyond basic access keys
   • Verify that the domain is properly registered with the respective service (CDN, SLB, etc.)

Debugging Tips

• Enable detailed logging by setting the SLOG_LEVEL environment variable to debug
• Check the JD Cloud console to confirm successful certificate uploads
• Verify service-specific configurations (domain binding, listeners, etc.) are properly set up in JD Cloud console