Skip to content

letsencrypt docker image for automatically apply or renew cert for domains hosted on aliyun cdn

Notifications You must be signed in to change notification settings

kemono-games/letsencrypt-aliyun-cdn

 
 

Repository files navigation

letsencrypt-aliyun-cdn

中文文档

Automatically apply and renew certificates for domains hosted on aliyun cdn. It is based on xenolf/lego and ali-sdk/aliyun-cdn-sdk, thanks for their great works!

Features

  • Letsencrypt certificates only. It is free!
  • Apply for certs automatically. Auto renew certs 10 days before it is expired.
  • Support a lot of DNS providers such as dnspod、Route 53、vultr、digitalocean. DNS Providers Full List

Usage

$ docker pull registry.ap-southeast-1.aliyuncs.com/kemono/cert-manager
$ docker run -e ACCESS_KEY_ID='ACCESS KEY for your aliyun account' \
  -e ACCESS_SECRET='ACCESS SECRET for your aliyun account' \
  -e DOMAINS='example.com,cdn1.example.com,cdn2.example.com' \
  -e EMAIL='[email protected]' \
  -e DNS_TYPE='dnspod' \
  -e DNSPOD_API_KEY='xxx' \
  registry.ap-southeast-1.aliyuncs.com/kemono/cert-manager

RAM policy needed for this operation:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cdn:DescribeCdnCertificateDetail",
        "cdn:SetDomainServerCertificate",
        "cdn:DescribeDomainCertificateInfo"
      ],
      "Resource": "*"
    }
  ],
  "Version": "1"
}

Environment Viarables

  • ACCESS_KEY_ID: ACCESS KEY for aliyun account, we suggest you to use ram account for minimum privileges.
  • ACCESS_SECRET: ACCESS SECRET for aliyun account.
  • DOMAINS: The domains need to apply for free certs. These domains must be using aliyun CDN services already. Multiple domains should be separeted by comma, and they must use the same DNS provider.
  • DNS_TYPE: The DNS provider used by the domains above.
  • According to the DNS provider you use, you need to set different environment viarables for proper API token:
    • dnspod:
      • DNSPOD_API_KEY: The format is id,token, eg: 1235,abcdefghigj
    • digitalocean:
      • DO_AUTH_TOKEN:The API token you applied at DO admin console.
  • CERT_PATH: The path to store certs. Default is /project_root/certificates.
  • FORCE_UPDATE: Force update certs even if they are not expired. Default is false.

FAQ

Request Certificate failed using dnspod

There's an error in log like this: Post "https://dnsapi.cn/Domain.List": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

If you encounter this error, please specify DNSPOD_HTTP_TIMEOUT environment variable in your docker env list. Use a value larger than 15 will solve this problem.

Links

About

letsencrypt docker image for automatically apply or renew cert for domains hosted on aliyun cdn

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 90.2%
  • Dockerfile 9.0%
  • Shell 0.8%