Automatically Applying Domain Certificates Using acme.sh (Synology Docker)
This article explains how to use the Docker image acme.sh to achieve automatic domain certificate application and renewal.
acme.sh can generate free certificates from letsencrypt, supports Docker deployment, and offers two domain validation methods: HTTP and DNS. These methods include manual, automatic DNS, and DNS alias modes to accommodate various environments and requirements. It can simultaneously apply and merge multiple single-domain and wildcard certificates, automatically renew certificates, and deploy them to projects.
Preparing DNS API
In this article, we will use Tencent Cloud as an example to apply for the DNS API. For other DNS providers, please refer to the official documentation dnsapi.
First, open DNSPOD, click on your profile picture in the upper right corner, and select "Key Management."
Next, create a new key and copy the ID and Token.
Deployment on Synology Docker
This tutorial covers Docker's daemon mode, where a container runs continuously to automatically renew certificates upon expiration.
Creating Configuration Folder
First, create the /docker/acme.sh
folder and manually create the account.conf
file:
Next, edit this file and manually add the following lines:
Then, save and close the file.
Downloading the Image and Configuring the Container
Open Synology Docker Suite, download the neilpang/acme.sh
image, double-click to start, and access "Advanced Settings."
On the "Volume" page, configure the mounted folders by clicking "Add Folder" and select the local path to docker/acme.sh
, and set the mount path to /acme.sh
(default, do not change):
On the "Network" page, check "Use the same network as Docker Host."
Next, switch to the "Environment" page and enter the daemon
command in the "Command" field:
Then create and run the container. Double-click on the running container, switch to the "Terminal" page, click "Start with Command," enter sh
, and confirm.
To enable automatic updates, enter the following command:
Then, to apply for a certificate, enter the following command:
Here, dns_dp
represents Tencent Cloud DNSPod. If you are using Alibaba Cloud, please use dns_ali
. For Cloudflare, use dns_cf
. For other providers, refer to the official documentation dnsapi. Additionally, *.wiki-power.com
represents the application for a wildcard domain certificate. If you need to apply for multiple domains simultaneously, you can follow this format:
acme.sh --issue --dns dns_dp -d aaa.com -d *.aaa.com -d bbb.com -d *.bbb.com -d ccc.com -d *.ccc.com
In daemon mode, acme.sh will automatically renew certificates every 60 days.
Generating Certificates
If everything goes smoothly, you can find the domain.cer
and domain.key
files inside the folder named after your domain in docker/acme.sh
. These are the certificate and key files that you can copy to wherever you need to use them.
References and Acknowledgments
Original: https://wiki-power.com/ This post is protected by CC BY-NC-SA 4.0 agreement, should be reproduced with attribution.
This post is translated using ChatGPT, please feedback if any omissions.