How to obtain a permanent free SSL certificate from Let's Encrypt in Docker

1. Cause

The official cerbot is too annoying. It is not recommended to use the acme.sh which is even worse than the wild growth. Here we introduce how to run cerbot in docker to obtain a permanent free SSL certificate from Let's Encrypt.

2. Model Selection

The cerbot certificate will not automatically refresh the date, but acme.sh has this function, which automatically detects expired domain names and renews them at 0:00 am every day.

Choosing docker to run cerbot is to minimize the configuration and meaningless programs in the server for easy management. For example, we don't need to install Python 2.7, git, and pip required by Let's Encrypt on the host machine, the container will configure itself

Original article https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker

3. Pull the image

$ docker pull neilpang/acme.sh

Run docker command in dns mode

$ docker run --rm -it \
 -v "$(pwd)/out":/acme.sh \
 -e Ali_Key="xxxxxx" \
 -e Ali_Secret="xxxx" \
 neilpang/acme.sh --issue --dns dns_ali -d domain.cn -d *.domain.cn

After success, the certificate will be saved in the out folder. You can also specify the path by modifying the first line "$(pwd)/out" above to the path you want to save it.

4. Note

--dns dns_ali

You need to choose according to the DNS mode of your domain name. Obviously, this is Alibaba. So the first two configurations are Ali_Key and Ali_Secret

Ali_Key, Ali_Secret

Need to be obtained from Alibaba Cloud backend

If you don't know the DNS mode of your domain name, you can find it here https://github.com/acmesh-official/acme.sh/wiki/dnsapi

How to obtain the DNS mode and related configuration of a domain name, you can directly contact the customer service of your domain name

Take Tencent as an example

$ docker run --rm -it \
 -v "$(pwd)/out":/acme.sh \
 -e DP_Id="xxxxxx" \
 -e DP_Key="xxxx" \
 neilpang/acme.sh --issue --dns dns_dp -d domain.cn -d *.domain.cn

Tencent acquired DNSPod, so it is dns_dp

At first I thought it was TX_Id, TX_Key, dns_tx, etc.

After searching around, I found that my Alibaba server was working properly, but there was nothing wrong with the steps.

So I asked the company to get the domain name account, and then I asked Tencent customer service to find out about this

Of course, this has nothing to do with Tencent, the company that cheated on me is to blame

I have nothing to do with this

5. Commands

The command of docker run --rm is known to everyone. Just exit after running it. This can execute a hammer to automatically update the ssh certificate.

Method 1

Don't use docker run --rm, just use docker run

The advantage is that it is simple, but the disadvantage is that a container is used exclusively for this purpose, which is a waste of resources.

Method 2

The scheduled task runs docker run --rm, and the original example is

#run cron job
docker run --rm -it \
 -v "$(pwd)/out":/acme.sh \
 --net=host \
 neilpang/acme.sh --cron

In fact, --cron is the crontab parameter of Linux, and the specific usage is not cumbersome.

If you like to use crontab, use crontab

If you don't like it, please read the second part of the blog.

Method 3

Tie this thing to the docker daemon, after all, the daemon must be running, so it is not a waste of resources

This is the recommended approach for acme.sh

Same example with original text

$ docker run --rm -itd \
 -v "$(pwd)/out":/acme.sh \
 --net=host \
 --name=acme.sh \
 neilpang/acme.sh daemon

6. Final Result

$ docker run --rm -itd \
 -v "$(pwd)/out":/acme.sh \
 -e DP_Id="xxxxxx" \
 -e DP_Key="xxxx" \
 neilpang/acme.sh --issue --dns dns_dp -d domain.cn -d *.domain.cn daemon

This is the end of this article about how to obtain a permanent free SSL certificate from Let's Encrypt in Docker. For more information about how to obtain a permanent free SSL certificate from Let's Encrypt in Docker, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!