curl https://get.acme.sh | sh -s email=me@domain.tld
docker-compose.yaml
image: nginx:latest
container_name: nginx
volumes:
- ./etc-nginx-certs/:/etc/nginx/certs/
- ./tmp-acme_challenge:/tmp/acme_challenge
- ./default.conf:/etc/nginx/conf.d/default.conf
default.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
root /tmp/acme_challenge;
}
ssl_certificate /etc/nginx/certs/domain.tld.crt;
ssl_certificate_key /etc/nginx/certs/domain.tld.key;
# issue Let's Encrypt
acme.sh --issue --server letsencrypt -d domain.tld -d www.domain.tld -w /home/user/docker/nginx/tmp-acme_challenge --home /home/user/docker/nginx/acme.sh
# issue ZeroSSL
acme.sh --register-account -m me@domain.tld --issue -d domain.tld -d www.domain.tld -w /home/user/docker/nginx/tmp-acme_challenge --home /home/user/docker/nginx/acme.sh
# install cert
acme.sh --install-cert -d domain.tld --home /home/user/docker/nginx/acme.sh --key-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.key --fullchain-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.crt --reloadcmd "docker exec nginx /etc/init.d/nginx reload"
# renew cert
acme.sh --cron --home /home/user/docker/nginx/acme.sh
reference
- https://github.com/acmesh-official/acme.sh