ACME.sh Certificate Renewal Cookbook for func.truewatch.com

Certificate Information

Aliyun API credentials are already configured in your .acme.sh/account.conf:
- API Key and Secret are already set up

Navigate to the acme.sh directory:
bash
```
cd ~/.acme.sh
```
Renew the certificate:
bash
```
./acme.sh --renew -d func.truewatch.com -d '*.func.truewatch.com' --force
```
- The --force flag is optional but ensures renewal regardless of expiration time
- The configuration will automatically use your Aliyun DNS (dns_ali) settings

Verify the renewal was successful:

bash

./acme.sh --info -d func.truewatch.com

Or check the certificate expiry date:

bash

openssl x509 -in ~/.acme.sh/func.truewatch.com_ecc/func.truewatch.com.cer -noout -dates

Deploy the renewed certificate:
- the cert is loaded in the configmap for automata service
- go to configmap/guance-automata-cfg -n guance-automata, replace the cert of the key server.crt
- ping the automata developer, who's responsible for pushing this new cert to all the automata func instances

If the renewal fails, check the log file at: /Users/zilizhang/.acme.sh/acme.sh.log
Ensure your Aliyun API credentials are still valid
If the error is Aliyun SignatureNonceUsed, check the issurance cookbook to see how to avoid it