## 使用阿里云 DNS 实现 Certbot 自动续签证书的 Docker 镜像

### 构建镜像

```shell
cd derper
git clone https://github.com/hotwa/certbot-dns-aliyun
cd certbot-dns-aliyun
docker build -t hotwa/certbot:latest .
```

### 手动续期

1. 续期证书
适用于你已经用 certbot/letsencrypt 申请过，想自动脚本化续期的场景。

```shell
docker run --rm \
  -e REGION=YOUR_REGEION \
  -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
  -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
  -e DOMAIN=YOUR_DOMAIN \
  -e EMAIL=YOUR_NOTIFICATION_EMAIL \
  -e CRON_SCHEDULE="0 0 * * *" \
  -v "$PWD/letsencrypt:/etc/letsencrypt" \
  -v "$PWD/certs:/app/certs" \
  -v "$PWD/logs:/var/log/certbot" \
  hotwa/derper-certbot:latest \
  certbot renew \
    --manual \
    --preferred-challenges dns \
    --manual-auth-hook "alidns" \
    --manual-cleanup-hook "alidns clean" \
    --deploy-hook "/app/scripts/webhook.sh" \
    --no-random-sleep-on-renew \
    -v
```

2. 首次申请证书
适用于第一次为一个新域名/通配符域名申请 SSL 证书

```shell
docker run --rm \
  -e REGION=YOUR_REGEION \
  -e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
  -e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
  -e DOMAIN=YOUR_DOMAIN \
  -e EMAIL=YOUR_NOTIFICATION_EMAIL \   // 证书刷新通知邮箱
  -e CRON_SCHEDULE="0 0 * * *" \   // 自定义证书刷新间隔
  -v "$PWD/derper/letsencrypt:/etc/letsencrypt" \
  -v "$PWD/derper/certs:/app/certs" \
  -v "$PWD/derper/logs:/var/log/certbot" \
  hotwa/derper-certbot:latest \
  certbot certonly \
    -d "*.headscale.jmsu.top" \
    --manual \
    --preferred-challenges dns \
    --manual-auth-hook "alidns" \
    --manual-cleanup-hook "alidns clean" \
    --email your@email.com \
    --agree-tos \
    --non-interactive \
    -v
```