shihaam/gen-ssl-letsencrypt-cf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c4303cf4d01d24c1e50e12dfe807a3318d6d57e
gen-ssl-letsencrypt-cf/README.md
Shihaam Abdul Rahman 9c4303cf4d update readme
2025-08-09 16:04:39 +05:00

143 lines
3.8 KiB
Markdown
Raw Blame History

# Generate Free SSL Certificates
This Docker container generates free SSL certificates using Let's Encrypt with the Cloudflare DNS plugin. \
It supports wildcard certificates and multiple domains per certificate.
## Prerequisites
- Docker and Docker Compose installed
- Domains managed through Cloudflare DNS
- Cloudflare Global API Key or API Token with Zone:Read and DNS:Edit permissions
## How to Use
### 1. Set up environment file
Generate `.env` file [View example](/raw/branch/main/.env.example)
**Example .env file:**
```env
CLOUDFLARE_EMAIL=user@example.com
CLOUDFLARE_API_KEY=your_global_api_key_here
CERTBOT_EMAIL=admin@example.com
DOMAINS=example.com,*.example.com,api.example.com
```
**Environment Variables:**
- `CLOUDFLARE_EMAIL=` - Your Cloudflare account email address
- `CLOUDFLARE_API_KEY=` - Get from [Cloudflare Dashboard > Profile > API Tokens](https://dash.cloudflare.com/profile/api-tokens)
- Use either Global API Key or create a custom token with `Zone:Read` and `DNS:Edit` permissions
- `CERTBOT_EMAIL=` - Email for Let's Encrypt notifications (certificate expiry warnings)
- `DOMAINS=` - Comma-separated list of domains for the certificate
- Supports wildcards: `*.example.com,example.com`
- Multiple domains: `example.com,api.example.com,*.sub.example.com`
### 2. Create Docker Compose file
Save the following as `compose.yml`:
```yml
services:
certgen:
image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
hostname: certgen
volumes:
- ./certs:/etc/letsencrypt/archive
env_file: .env
restart: no
# certgen2:
# image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
# hostname: certgen2
# volumes:
# - ./certs:/etc/letsencrypt/archive
# env_file: .env_account2
# restart: no
```
- You can uncomment 2nd service to genereate certs for domain in another account.
### 3. Generate certificates
Run the container:
```bash
docker compose up
```
The container will:
- Validate your Cloudflare credentials
- Create DNS TXT records for domain validation
- Generate and download certificates
- Clean up DNS records
- Exit automatically when complete
### 4. Access your certificates
Certificates are saved in the `certs/` directory:
```
certs/
├── omegatechsolution.org
│   ├── cert1.pem
│   ├── chain1.pem
│   ├── fullchain1.pem
│   └── privkey1.pem
└── sar.sh
├── cert1.pem
├── chain1.pem
├── fullchain1.pem
└── privkey1.pem
```
Note: The folder name is the first domain in the array, Certs will be valid for all domains.
**For web servers:**
- **Nginx**: Use `fullchain.pem` + `privkey.pem`
- **Apache**: Use `cert.pem` + `chain.pem` + `privkey.pem`
## Multiple Accounts/Certificate Sets
To generate certificates for multiple Cloudflare accounts or different domain sets:
1. Create additional environment files:
```bash
cp .env .env_account2
# Edit .env_account2 with different credentials/domains
```
2. Uncomment and modify the second service in `compose.yml`
3. Run specific services:
```bash
# Generate for primary account
docker compose up certgen
# Generate for secondary account
docker compose up certgen2
# Generate for all accounts
docker compose up
```
## Certificate Renewal
Certificates are valid for 90 days. To renew:
1. Run the same `docker compose up` command
2. Let's Encrypt will automatically renew certificates expiring within 30 days
## Troubleshooting
**Common Issues:**
- **"Invalid credentials"**: Verify your Cloudflare email and API key
- **"Domain not found"**: Ensure domains are managed by your Cloudflare account
- **"Rate limited"**: Let's Encrypt has rate limits (50 certificates per week per domain)
## Supported Features
- ✅ Wildcard certificates (`*.example.com`)
- ✅ Multiple domains per certificate
- ✅ Multiple Cloudflare accounts
- ✅ Automatic DNS validation
- ✅ Certificate renewal
Reference in New Issue View Git Blame Copy Permalink