Issue SSL certificate with acme.sh's DNS API mode.
You probably want to use this action in a private repo, to upload your issued SSL certificate to repo.
jobs:
issue-ssl-certificate:
name: Issue SSL certificate
runs-on: ubuntu-latest
steps:
- uses: Menci/acme@v1
with:
version: 3.0.2
# Register your account and try issue a certificate with DNS API mode
# Then fill with the output of `tar cz ca account.conf | base64 -w0` running in your `~/.acme.sh`
account-tar: ${{ secrets.ACME_SH_ACCOUNT_TAR }}
domains: example.com example.net example.org example.edu
domains-file: ''
append-wildcard: true
arguments: --dns dns_cf --challenge-alias example.com
arguments-file: ''
output-fullchain: output/fullchain.pem
output-key: output/key.pem
output-pfx: output/certificate.pfx
output-pfx-password: qwq
# uninstall: true # Uninstall acme.sh after this action by defaultIf you issue a certificate with too many domains with DNS alias mode. The TXT records' length will likely exceed the DNS provider's limit and fails (acmesh-official/acme.sh#3748). To workaround this, this action will run acme.sh multiple times and issue a smaller certificate each time (so we can verify a smaller amount of domains each time). The result certificate will be fine.
You can deploy your newly issued SSL certificate to Azure Web App with the Deploy SSL certificate to Azure Web App action.
You can deploy your newly issued SSL certificate to Aliyun Certificates Service and Aliyun CDN with the Deploy SSL certificate to Aliyun action.