https://github.com/daxingplay/letsencrypt-aliyun-cdn
letsencrypt docker image for automatically apply or renew cert for domains hosted on aliyun cdn
https://github.com/daxingplay/letsencrypt-aliyun-cdn
aliyun aliyun-cdn docker docker-image letsencrypt
Last synced: about 1 year ago
JSON representation
letsencrypt docker image for automatically apply or renew cert for domains hosted on aliyun cdn
- Host: GitHub
- URL: https://github.com/daxingplay/letsencrypt-aliyun-cdn
- Owner: daxingplay
- Created: 2017-03-04T08:59:35.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-02-09T15:16:15.000Z (over 3 years ago)
- Last Synced: 2023-03-12T10:22:52.620Z (over 3 years ago)
- Topics: aliyun, aliyun-cdn, docker, docker-image, letsencrypt
- Language: JavaScript
- Size: 252 KB
- Stars: 12
- Watchers: 2
- Forks: 0
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# letsencrypt-aliyun-cdn
[](https://hub.docker.com/r/daxingplay/letsencrypt-aliyun-cdn/) [](https://hub.docker.com/r/daxingplay/letsencrypt-aliyun-cdn/) [](https://hub.docker.com/r/daxingplay/letsencrypt-aliyun-cdn/) [](https://imagelayers.io/?images=daxingplay/letsencrypt-aliyun-cdn:latest 'Get your own badge on imagelayers.io') [](https://microbadger.com/images/daxingplay/letsencrypt-aliyun-cdn "Get your own image badge on microbadger.com") [](https://microbadger.com/images/daxingplay/letsencrypt-aliyun-cdn "Get your own version badge on microbadger.com")
[中文文档](README.zh.md)
Automatically apply and renew certificates for domains hosted on aliyun cdn. It is based on [xenolf/lego](https://github.com/xenolf/lego) and [ali-sdk/aliyun-cdn-sdk](https://github.com/ali-sdk/aliyun-cdn-sdk), thanks for their great works!
## Features
* Letsencrypt certificates only. It is free!
* Apply for certs automatically. Auto renew certs 10 days before it is expired.
* Support a lot of DNS providers such as dnspod、Route 53、vultr、digitalocean. [DNS Providers Full List](https://github.com/xenolf/lego/tree/master/providers/dns)
## Usage
```bash
$ docker pull daxingplay/letsencrypt-aliyun-cdn
$ docker run -e ACCESS_KEY_ID='ACCESS KEY for your aliyun account' \
-e ACCESS_SECRET='ACCESS SECRET for your aliyun account' \
-e DOMAINS='example.com,cdn1.example.com,cdn2.example.com' \
-e EMAIL='admin@example.com' \
-e DNS_TYPE='dnspod' \
-e DNSPOD_API_KEY='xxx' \
daxingplay/letsencrypt-aliyun-cdn
```
RAM policy needed for this operation:
```json
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"cdn:DescribeCdnCertificateDetail",
"cdn:SetDomainServerCertificate",
"cdn:DescribeDomainCertificateInfo"
],
"Resource": "*"
}
],
"Version": "1"
}
```
## Environment Viarables
* `ACCESS_KEY_ID`: ACCESS KEY for aliyun account, we suggest you to use ram account for minimum privileges.
* `ACCESS_SECRET`: ACCESS SECRET for aliyun account.
* `DOMAINS`: The domains need to apply for free certs. These domains must be using aliyun CDN services already. Multiple domains should be separeted by comma, and they must use the same DNS provider.
* `DNS_TYPE`: The DNS provider used by the domains above.
* According to the DNS provider you use, you need to set different environment viarables for proper API token:
* dnspod:
* `DNSPOD_API_KEY`: The format is `id,token`, eg: `1235,abcdefghigj`
* digitalocean:
* `DO_AUTH_TOKEN`:The API token you applied at DO admin console.
## FAQ
### Request Certificate failed using dnspod
There's an error in log like this: Post "https://dnsapi.cn/Domain.List": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
If you encounter this error, please specify `DNSPOD_HTTP_TIMEOUT` environment variable in your docker env list. Use a value larger than 15 will solve this problem.
## Links
- [CDN API docs](https://help.aliyun.com/document_detail/27148.html?spm=5176.doc27148.6.603.5Tehoi)