insert
✍️ Blog🌱 Digital Garden

πŸ” I need a (root) TLS certificate, NOW!

Often I need a TLS certificate and I want it quickly and I don’t want the hassle of thinking about it after setting it up once. The obvious solution therefore is to use Docker:

# compose.yml
services:
  acmesh-daemon:
    image: neilpang/acme.sh
    volumes:
      - "/data/my_service_acme.sh:/acme.sh"
    command: daemon
    restart: always
    env_file: ./.env

Specify any required tokens in the .env file:

CF_Token=...

Then create the certificates:

# start and run forever:
docker compose up -d

# register an account
docker compose exec acmesh-daemon --register-account -m your_email@address.com

# i need a new cert!
docker compose exec acmesh-daemon --issue --dns dns_cf -d example.com -d www.example.com

Your certs will appear in the data directory (mount this wherever you need it):

# e.g. /data/acme.sh/mx2.revolt.wtf_ecc/mx2.revolt.wtf.key
root:/data/acme.sh# ls -la
total 24
drwxr-xr-x  4 root root 4096 Jul  8  2023 .
drwxr-xr-x 31 root root 4096 Jan 20 00:43 ..
-rw-r--r--  1 root root  227 May  1 00:38 account.conf
drwxr-xr-x  3 root root 4096 Jul  8  2023 ca
-rw-r--r--  1 root root 1304 May  1 00:38 http.header
drwxr-xr-x  2 root root 4096 Jul  8  2023 mx2.revolt.wtf_ecc
root:/data/acme.sh# ls -la mx2.revolt.wtf_ecc/
total 40
drwxr-xr-x 2 root root 4096 Jul  8  2023 .
drwxr-xr-x 4 root root 4096 Jul  8  2023 ..
-rw-r--r-- 1 root root 2668 Mar  6 00:42 ca.cer
-rw-r--r-- 1 root root 4112 Mar  6 00:42 fullchain.cer
-rw-r--r-- 1 root root 1444 Mar  6 00:42 mx2.revolt.wtf.cer
-rw-r--r-- 1 root root  558 Mar  6 00:42 mx2.revolt.wtf.conf
-rw-r--r-- 1 root root  465 Mar  6 00:38 mx2.revolt.wtf.csr
-rw-r--r-- 1 root root  187 Mar  6 00:38 mx2.revolt.wtf.csr.conf
-rw------- 1 root root  227 Jul  8  2023 mx2.revolt.wtf.key
root:/data/acme.sh#

I want to use it with…

A web server…?

Just use Caddy2, it has automatic TLS certificates.

Maddy

Configure mount /data/maddy_acme.sh:/etc/maddy/certs and then config file:

$(hostname) = mx2.revolt.wtf

$(cert_folder) = /etc/maddy/certs/$(hostname)_ecc
tls file $(cert_folder)/fullchain.cer $(cert_folder)/$(hostname).key
Mutant Standard emoji 2020.04 Dzuk http://mutant.tech/ πŸ‡ͺπŸ‡Ί πŸ‡¬πŸ‡§ πŸ‡΅πŸ‡±
© 2025 · Built using Astro