使用阿里云 DNS 实现 Certbot 自动续签证书的 Docker 镜像
构建镜像
cd derper
git clone https://github.com/hotwa/certbot-dns-aliyun
cd certbot-dns-aliyun
docker build -t hotwa/certbot:latest .
手动续期
- 续期证书 适用于你已经用 certbot/letsencrypt 申请过,想自动脚本化续期的场景。
docker run --rm \
-e REGION=YOUR_REGEION \
-e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
-e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
-e DOMAIN=YOUR_DOMAIN \
-e EMAIL=YOUR_NOTIFICATION_EMAIL \
-e CRON_SCHEDULE="0 0 * * *" \
-v "$PWD/letsencrypt:/etc/letsencrypt" \
-v "$PWD/certs:/app/certs" \
-v "$PWD/logs:/var/log/certbot" \
hotwa/derper-certbot:latest \
certbot renew \
--manual \
--preferred-challenges dns \
--manual-auth-hook "alidns" \
--manual-cleanup-hook "alidns clean" \
--deploy-hook "/app/scripts/webhook.sh" \
--no-random-sleep-on-renew \
-v
- 首次申请证书 适用于第一次为一个新域名/通配符域名申请 SSL 证书
docker run --rm \
-e REGION=YOUR_REGEION \
-e ACCESS_KEY_ID=YOUR_ACCESS_KEY \
-e ACCESS_KEY_SECRET=YOUR_ACCESS_SECRET \
-e DOMAIN=YOUR_DOMAIN \
-e EMAIL=YOUR_NOTIFICATION_EMAIL \ // 证书刷新通知邮箱
-e CRON_SCHEDULE="0 0 * * *" \ // 自定义证书刷新间隔
-v "$PWD/derper/letsencrypt:/etc/letsencrypt" \
-v "$PWD/derper/certs:/app/certs" \
-v "$PWD/derper/logs:/var/log/certbot" \
hotwa/derper-certbot:latest \
certbot certonly \
-d "*.headscale.jmsu.top" \
--manual \
--preferred-challenges dns \
--manual-auth-hook "alidns" \
--manual-cleanup-hook "alidns clean" \
--email your@email.com \
--agree-tos \
--non-interactive \
-v