SafelineAPI

Small CLI to request and upsert TLS certificates (DNS-01) with multiple DNS provider backends. This repo now includes Cloudflare DNS provider support via the lego provider.

Prerequisites

• Go toolchain (only required to build from source)
• A SafeLine API token (set in config.json)
• Cloudflare API token (scoped) or Global API key + account email

Quick start

1. Copy config.example.json to config.json and fill in your values.

2. Build (optional):

cd C:\Users\samge\coding\SafelineAPI-1
go build -o safelineApi.exe ./cmd/safelineApi

3. Run:

# using built binary
.\safelineApi.exe

# or directly with go
go run ./cmd/safelineApi -- -t "<SafeLineApiToken>" -D "Cloudflare" -e "you@example.com"

Configuration notes

• The main configuration file is config.json in the project root.
• To use Cloudflare for DNS-01, set ApplyCert.DNSProviderConfig.DNSProvider to Cloudflare and set ApplyCert.DNSProviderConfig.Cloudflare.APIToken to a scoped API token with Zone:DNS:Edit permission.
• If you must use the global API key, set Cloudflare.APIKey and Cloudflare.Email instead (less secure).

Docs

• See docs/CONFIGURATION.md for detailed configuration and troubleshooting steps.
• See docs/cloudflare.md for a short Cloudflare-specific guide.

Security

• Prefer scoped API tokens over global keys.
• Keep config.json out of source control; use environment variables or secret management in production.

Need anything else?

• I can add a small PowerShell script to run the app with environment variable support or create a release artifact (Windows exe) if you'd like.

Linux usage (systemd)

Most users run this on a Linux host. Below are recommended steps to install and run SafelineAPI as a service.

1. Build on the target machine (or cross-compile):

cd /opt
git clone <your-repo-url> safelineapi
cd safelineapi
go build -o safelineApi ./cmd/safelineApi

2. Place your config.json in /opt/safelineapi/config.json (or edit accordingly). You can use config.example.json as a starting point.

3. Install systemd unit (example unit available at contrib/safelineapi.service):

sudo cp contrib/safelineapi.service /etc/systemd/system/
sudo useradd --system --no-create-home safeline || true
sudo chown -R safeline:safeline /opt/safelineapi
sudo systemctl daemon-reload
sudo systemctl enable --now safelineapi.service
sudo journalctl -u safelineapi.service -f

4. Alternatively run with the provided helper script (uses environment variables or builds if missing):

chmod +x scripts/run.sh
SAFELINE_API_TOKEN="..." DNS_PROVIDER=Cloudflare CONTACT_EMAIL="you@example.com" ./scripts/run.sh

Notes

• The contrib/safelineapi.service unit assumes files live in /opt/safelineapi and the binary is /opt/safelineapi/safelineApi. Adjust paths to fit your setup.
• For production, run the service as a dedicated unprivileged user and keep config.json permissions restricted.