1. Cause
The official cerbot is too annoying. It is not recommended to use it as well as growing wildly. Here we introduce docker to run cerbot to get Let's Encrypt permanent free SSL certificate
2. Selection
Cerbot's certificate will not automatically refresh the date, but it comes with this function. Expired domain names are automatically detected and renewed at 0:00 a.m. every day.
The purpose of choosing docker to run cerbot is to enable the server to have as few configurations and meaningless programs as possible for easy management. For example, we don't need to install Python 2.7, git, and pip that Let's Encrypt requires, so we configure the container ourselves.
original/acmesh-official//wiki/-in-docker
3. Pull the mirror
$ docker pull neilpang/
Run the docker command with dns mode
$ docker run --rm -it \ -v "$(pwd)/out":/ \ -e Ali_Key="xxxxxx" \ -e Ali_Secret="xxxx" \ neilpang/ --issue --dns dns_ali -d -d *.
After success, the certificate will be saved in the out folder. You can also specify the path. Modify the first line "$(pwd)/out" above and change it to the path you want to save.
4. Pay attention
--dns dns_ali
To select based on the dns mode of your domain name, obviously this is Alibaba. So the first two configurations are Ali_Key, Ali_Secret
Ali_Key,Ali_Secret
Need to get it from Alibaba Cloud background
If you don't know the dns mode of your domain name, you can search here/acmesh-official//wiki/dnsapi
How to obtain the domain name's dns mode and related configuration, you can directly find your domain name's customer service
Using Tencent as an example
$ docker run --rm -it \ -v "$(pwd)/out":/ \ -e DP_Id="xxxxxx" \ -e DP_Key="xxxx" \ neilpang/ --issue --dns dns_dp -d -d *.
Tencent has acquired DNSPod, so it is dns_dp
At first I thought it was TX_Id, TX_Key, dns_tx and so on
After searching around, I found that my Alibaba server was used normally, but the steps were fine
So I asked the company to get the domain name account and asked Tencent customer service to find out about this
Of course, this has nothing to do with Tencent, and the company is even more damaging.
I've done nothing
V. Order
Docker run --rm's command is understood and exits after running. This way, you can execute a hammer to automatically update the ssh certificate.
Method 1
If you don't docker run --rm, just docker run
Simple advantages, but disadvantages are a container that is a waste of resources.
Method 2
Timed task run docker run --rm, the original examples are available
#run cron job docker run --rm -it \ -v "$(pwd)/out":/ \ --net=host \ neilpang/ --cron
In fact --cron is a crontab parameter of linux, and the specific usage is no longer cumbersome.
If you like crontab, use crontab
If you don't like it, look at the second one in the blog post
Method 3
Binding this thing with the docker daemon, after all, the daemon must be opened, and it is not a waste of resources.
This is the recommended way
Examples with the same original text
$ docker run --rm -itd \ -v "$(pwd)/out":/ \ --net=host \ --name= \ neilpang/ daemon
6. Final result
$ docker run --rm -itd \ -v "$(pwd)/out":/ \ -e DP_Id="xxxxxx" \ -e DP_Key="xxxx" \ neilpang/ --issue --dns dns_dp -d -d *. daemon
This article about this article about how docker gets Let's Encrypt permanent free SSL certificate. This is the end of this article. For more related contents of docker how to get Let's Encrypt permanent free SSL certificate, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!