commit 06c9d049ac31ab784056e9445b97bb339e67998b Author: mm644706215 Date: Fri Aug 1 23:41:51 2025 +0800 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..75bf0b7 --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ +## 使用阿里云 DNS 实现 Certbot 自动续签证书的 Docker 镜像 + +### 构建镜像 + +```shell +cd derper +git clone https://github.com/hotwa/certbot-dns-aliyun +cd certbot-dns-aliyun +docker build -t hotwa/certbot:latest . +``` + +### 手动续期 + +1. 续期证书 +适用于你已经用 certbot/letsencrypt 申请过,想自动脚本化续期的场景。 + +```shell +docker run --rm \ + -e REGION=YOUR_REGEION \ + -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \ + -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \ + -e DOMAIN=YOUR_DOMAIN \ + -e EMAIL=YOUR_NOTIFICATION_EMAIL \ + -e CRON_SCHEDULE="0 0 * * *" \ + -v "$PWD/letsencrypt:/etc/letsencrypt" \ + -v "$PWD/certs:/app/certs" \ + -v "$PWD/logs:/var/log/certbot" \ + hotwa/derper-certbot:latest \ + certbot renew \ + --manual \ + --preferred-challenges dns \ + --manual-auth-hook "alidns" \ + --manual-cleanup-hook "alidns clean" \ + --deploy-hook "/app/scripts/webhook.sh" \ + --no-random-sleep-on-renew \ + -v +``` + +2. 首次申请证书 +适用于第一次为一个新域名/通配符域名申请 SSL 证书 + +```shell +docker run --rm \ + -e REGION=YOUR_REGEION \ + -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \ + -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \ + -e DOMAIN=YOUR_DOMAIN \ + -e EMAIL=YOUR_NOTIFICATION_EMAIL \ // 证书刷新通知邮箱 + -e CRON_SCHEDULE="0 0 * * *" \ // 自定义证书刷新间隔 + -v "$PWD/derper/letsencrypt:/etc/letsencrypt" \ + -v "$PWD/derper/certs:/app/certs" \ + -v "$PWD/derper/logs:/var/log/certbot" \ + hotwa/derper-certbot:latest \ + certbot certonly \ + -d "*.headscale.jmsu.top" \ + --manual \ + --preferred-challenges dns \ + --manual-auth-hook "alidns" \ + --manual-cleanup-hook "alidns clean" \ + --email your@email.com \ + --agree-tos \ + --non-interactive \ + -v +``` +