first commit

README.md

@@ -0,0 +1,65 @@
+## 使用阿里云 DNS 实现 Certbot 自动续签证书的 Docker 镜像
+
+### 构建镜像
+
+```shell
+cd derper
+git clone https://github.com/hotwa/certbot-dns-aliyun
+cd certbot-dns-aliyun
+docker build -t hotwa/certbot:latest .
+```
+
+### 手动续期
+
+1. 续期证书
+适用于你已经用 certbot/letsencrypt 申请过，想自动脚本化续期的场景。
+
+```shell
+docker run --rm \
+  -e REGION=YOUR_REGEION \
+  -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
+  -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
+  -e DOMAIN=YOUR_DOMAIN \
+  -e EMAIL=YOUR_NOTIFICATION_EMAIL \
+  -e CRON_SCHEDULE="0 0 * * *" \
+  -v "$PWD/letsencrypt:/etc/letsencrypt" \
+  -v "$PWD/certs:/app/certs" \
+  -v "$PWD/logs:/var/log/certbot" \
+  hotwa/derper-certbot:latest \
+  certbot renew \
+    --manual \
+    --preferred-challenges dns \
+    --manual-auth-hook "alidns" \
+    --manual-cleanup-hook "alidns clean" \
+    --deploy-hook "/app/scripts/webhook.sh" \
+    --no-random-sleep-on-renew \
+    -v
+```
+
+2. 首次申请证书
+适用于第一次为一个新域名/通配符域名申请 SSL 证书
+
+```shell
+docker run --rm \
+  -e REGION=YOUR_REGEION \
+  -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
+  -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
+  -e DOMAIN=YOUR_DOMAIN \
+  -e EMAIL=YOUR_NOTIFICATION_EMAIL \   // 证书刷新通知邮箱
+  -e CRON_SCHEDULE="0 0 * * *" \   // 自定义证书刷新间隔
+  -v "$PWD/derper/letsencrypt:/etc/letsencrypt" \
+  -v "$PWD/derper/certs:/app/certs" \
+  -v "$PWD/derper/logs:/var/log/certbot" \
+  hotwa/derper-certbot:latest \
+  certbot certonly \
+    -d "*.headscale.jmsu.top" \
+    --manual \
+    --preferred-challenges dns \
+    --manual-auth-hook "alidns" \
+    --manual-cleanup-hook "alidns clean" \
+    --email your@email.com \
+    --agree-tos \
+    --non-interactive \
+    -v
+```
+