Skip to content

Instantly share code, notes, and snippets.

@williamdes

williamdes/ACME-SH-docker-compose.md

Forked from Dreamacro/ACMESH.md
Last active August 26, 2024 14:23
Show Gist options
  • Save williamdes/a8f15c7acaa71cd4437c4a903784f0e1 to your computer and use it in GitHub Desktop.
Save williamdes/a8f15c7acaa71cd4437c4a903784f0e1 to your computer and use it in GitHub Desktop.
Download ZIP
acme.sh using docker-compose
Raw
ACME-SH-docker-compose.md

How to use

$ docker compose -f acmesh.yaml up -d

.env

ACME_HOME_DIR=./acme.sh

# CloudFlare
#CF_API_EMAIL
#CF_API_KEY

# DNSPod
#DP_ID
#DP_KEY

# CloudFlare
#CX_KEY
#CX_SECRET
Raw
acme.sh-docker.sh
#!/bin/sh
# https://hub.docker.com/r/neilpang/acme.sh/dockerfile
if [ ! -f /acme.sh/account.conf ]; then
echo 'First startup'
acme.sh --update-account --accountemail ${ACME_SH_EMAIL}
echo 'Asking for certificates'
acme.sh --issue \
-d "${DOMAIN_NAME}" -d "*.${DOMAIN_NAME}" \
--dns "${DNS_API}"
fi
echo 'Listing certs'
acme.sh --list
# Keep the container running
# /entry.sh daemon
# New method
crond -n -s -m off
Raw
acmesh.yaml
version: '2'
services:
acme:
image: neilpang/acme.sh:latest
volumes:
- ./acme.sh-docker.sh:/acme.sh-docker.sh:ro
- ${ACME_HOME_DIR:-./acme.sh}:/acme.sh
environment:
# CloudFlare
CF_Key: ${CF_API_KEY}
CF_Email: ${CF_API_EMAIL}
# From: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
DNS_API: "dns_cf"
DOMAIN_NAME: "example.com"
ACME_SH_EMAIL: "[email protected]"
command: sh ./acme.sh-docker.sh
container_name: acme
@cellulosa
Copy link

cellulosa commented Apr 16, 2023
edited
Loading

heya thanks for the gist!

When I try and deploy the cert with acme.sh --deploy -d example.com --deploy-hook docker I get this error:

[Sun Apr 16 21:36:21 UTC 2023] The domain 'example.com' seems to have a ECC cert already, lets use ecc cert.
[Sun Apr 16 21:36:21 UTC 2023] /var/run/docker.sock is not available
[Sun Apr 16 21:36:21 UTC 2023] Error deploy for domain:example.com
[Sun Apr 16 21:36:21 UTC 2023] Deploy error.

Solved, I was missing the additional values, as per instructions. Many thanks again!

So this is what I'm using now:

if [ ! -f /acme.sh/account.conf ]; then
    echo 'First startup'
    echo 'Registering account with email address'
    acme.sh  --register-account -m ${ACME_SH_EMAIL} --server zerossl
    echo 'Issuing certificates'
    acme.sh --server zerossl --issue -d "${DOMAIN_NAME}" -d *."${DOMAIN_NAME}" --dns "${DNS_API}"
    echo 'Deploying certificates'
    acme.sh --deploy -d ${ACME_SH_EMAIL}  --deploy-hook docker

fi

@cougz
Copy link

cougz commented Jan 4, 2024

wouldn't the correct export variable be CF_Token instead of CF_Key ? At least that did it for me after changing to Let's Encrypt.

@williamdes
Copy link
Author

williamdes commented Jan 4, 2024
edited
Loading

wouldn't the correct export variable be CF_Token instead of CF_Key ? At least that did it for me after changing to Let's Encrypt.

I am using zerossl but do not have this issue, how did you configure CloudFlare ?
A scoped token ?

I pushed some updates to the gist today.
See my working source: https://github.com/wdes/mails.wdes.eu/tree/fc4c71397977cf1958a3eef1783828363732c4a7/scripts
And the docker compose part: https://github.com/wdes/mails.wdes.eu/blob/fc4c71397977cf1958a3eef1783828363732c4a7/docker-compose.yml#L283-L321

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment