π I need a (root) TLS certificate, NOW!
Often I need a TLS certificate and I want it quickly and I donβt want the hassle of thinking about it after setting it up once. The obvious solution therefore is to use Docker:
# compose.yml
services:
acmesh-daemon:
image: neilpang/acme.sh
volumes:
- "/data/my_service_acme.sh:/acme.sh"
command: daemon
restart: always
env_file: ./.env
Specify any required tokens in the .env
file:
CF_Token=...
Then create the certificates:
# start and run forever:
docker compose up -d
# register an account
docker compose exec acmesh-daemon --register-account -m your_email@address.com
# i need a new cert!
docker compose exec acmesh-daemon --issue --dns dns_cf -d example.com -d www.example.com
Your certs will appear in the data directory (mount this wherever you need it):
# e.g. /data/acme.sh/mx2.revolt.wtf_ecc/mx2.revolt.wtf.key
root:/data/acme.sh# ls -la
total 24
drwxr-xr-x 4 root root 4096 Jul 8 2023 .
drwxr-xr-x 31 root root 4096 Jan 20 00:43 ..
-rw-r--r-- 1 root root 227 May 1 00:38 account.conf
drwxr-xr-x 3 root root 4096 Jul 8 2023 ca
-rw-r--r-- 1 root root 1304 May 1 00:38 http.header
drwxr-xr-x 2 root root 4096 Jul 8 2023 mx2.revolt.wtf_ecc
root:/data/acme.sh# ls -la mx2.revolt.wtf_ecc/
total 40
drwxr-xr-x 2 root root 4096 Jul 8 2023 .
drwxr-xr-x 4 root root 4096 Jul 8 2023 ..
-rw-r--r-- 1 root root 2668 Mar 6 00:42 ca.cer
-rw-r--r-- 1 root root 4112 Mar 6 00:42 fullchain.cer
-rw-r--r-- 1 root root 1444 Mar 6 00:42 mx2.revolt.wtf.cer
-rw-r--r-- 1 root root 558 Mar 6 00:42 mx2.revolt.wtf.conf
-rw-r--r-- 1 root root 465 Mar 6 00:38 mx2.revolt.wtf.csr
-rw-r--r-- 1 root root 187 Mar 6 00:38 mx2.revolt.wtf.csr.conf
-rw------- 1 root root 227 Jul 8 2023 mx2.revolt.wtf.key
root:/data/acme.sh#
I want to use it withβ¦
A web server�
Just use Caddy2, it has automatic TLS certificates.
Maddy
Configure mount /data/maddy_acme.sh:/etc/maddy/certs
and then config file:
$(hostname) = mx2.revolt.wtf
$(cert_folder) = /etc/maddy/certs/$(hostname)_ecc
tls file $(cert_folder)/fullchain.cer $(cert_folder)/$(hostname).key