Overview
This node issues SSL/TLS certificates using the ACME protocol, which automates domain validation and certificate issuance. It supports DNS-based domain validation through two DNS providers: 阿里云DNS (Aliyun DNS) and Dnspod DNS. The node is useful for automating the process of obtaining trusted certificates from Let's Encrypt or compatible ACME certificate authorities, especially in workflows that require secure HTTPS setup or automated certificate renewal.
Typical use cases include:
- Automatically issuing certificates for web servers or APIs.
- Integrating certificate issuance into CI/CD pipelines.
- Managing certificates for multiple domains with DNS validation.
Properties
| Name | Meaning |
|---|---|
| Operation | The action to perform; here it supports "Issue Certificate" to obtain a new SSL/TLS certificate. |
| DNS Provider | The DNS provider used for domain validation. Options: 阿里云DNS (aliyun), Dnspod DNS (dnspod). |
| Credential to Connect With (阿里云DNS) | API credentials for 阿里云DNS, required if 阿里云DNS is selected as DNS provider. |
| Credential to Connect With (Dnspod DNS) | API credentials for Dnspod DNS, required if Dnspod DNS is selected as DNS provider. |
| Domain | The domain name for which the certificate will be issued (e.g., example.com). |
| Email address used for ACME account registration and notifications. | |
| Use Staging Environment | Boolean flag to indicate whether to use Let's Encrypt's staging environment for testing. |
| Private Key Size | Size of the private key in bits. Options: 2048 Bits, 4096 Bits. |
| Key Type | Cryptographic key type. Options: RSA, ECDSA (EC). |
| EC Curve | Elliptic curve used for ECDSA keys. Options: P-256, P-384, P-521. Only shown if Key Type is ECDSA. |
Output
The node outputs JSON data containing details about the issued certificate:
domain: The domain name for which the certificate was issued.email: The email address registered with the ACME server.dnsProvider: The DNS provider used for domain validation.staging: Whether the staging environment was used.certificate: An object containing:privateKey: The private key corresponding to the certificate.certificate: The issued certificate in PEM format.chain: The certificate chain.fullChain: The full certificate chain including the issued certificate.validFrom: ISO string representing the start date of certificate validity.validTo: ISO string representing the expiration date of the certificate.issuer: Information about the certificate issuer.subject: Subject information of the certificate.serialNumber: Serial number of the certificate.
If an error occurs and the node is configured to continue on failure, the output JSON will contain an error field with the error message.
Dependencies
- Requires valid API credentials for either 阿里云DNS or Dnspod DNS depending on the chosen DNS provider.
- Uses an internal ACME client implementation to interact with ACME servers such as Let's Encrypt.
- No additional external services beyond the DNS providers and ACME server are needed.
- The node expects proper configuration of these credentials within n8n.
Troubleshooting
- Missing or invalid DNS API credentials: The node throws errors if the required DNS provider credentials are not configured or incomplete. Ensure that all necessary fields (e.g., access keys, tokens, region) are correctly set.
- Unsupported DNS provider: If a DNS provider other than 阿里云DNS or Dnspod DNS is selected, the node will throw an error indicating unsupported provider.
- Domain validation failures: Issues with DNS propagation or incorrect DNS provider credentials can cause domain validation to fail.
- Certificate issuance errors: Problems with ACME server communication or rate limits may cause errors.
- To resolve errors, verify credentials, domain ownership, and network connectivity. Using the staging environment can help test configurations without hitting production rate limits.