Automatically renew SSL certificate for your Porkbun domain.
porkcron
is a simple alternative to certbot.
If you own a domain registered by Porkbun,
they offer you a free SSL certificate issued by Let's Encrypt.
So instead of getting it from scratch yourself,
you can periodically download the certificate using the Porkbun API.
porkcron
is designed to automate this process.
It can be run as a systemd timer or in a Docker container.
First, you need to generate the API keys following this guide. Do not forget to enable the API access for your domain!
When you're ready, clone the repository somewhere on your server:
git clone https://github.com/tmzane/porkcron
Take a look at the .env.example
file.
It contains all the environment variables used by porkcron
.
Rename it to .env
and fill it with the values you got earlier.
Name | Description | Required | Default |
---|---|---|---|
DOMAIN | your Porkbun domain | yes | - |
API_KEY | your Porkbun API key | yes | - |
SECRET_KEY | your Porkbun API secret key | yes | - |
API_URL | the Porkbun API address | no | https://api.porkbun.com/api/json/v3 |
CERTIFICATE_PATH | the path to save the certificate to | no | /etc/porkcron/certificate.pem |
PRIVATE_KEY_PATH | the path to save the private key to | no | /etc/porkcron/private_key.pem |
Now you need to choose the installation method.
Run the following commands:
cd systemd
chmod +x install.sh
./install.sh
This will install the script in /usr/local/bin
and enable the timer.
The first run will be triggered immediately, check the log to make sure it was successful:
systemctl status porkcron.service
Run the following commands:
cd docker
docker compose up
This will create the porkcron
container and download the certificate bundle into the ssl
volume.
By default, the script is run once per week,
which is plenty since the certificate is valid for 3 months.
You can change the schedule by modifying systemd/porkcron.timer
(for systemd) or docker/crontab
(for Docker).
This repository contains an example for the nginx web server,
but you can use porkcron
with the one of your choice.
See Mozilla's SSL config generator for a quick start.
For nginx, see nginx/nginx.conf
for a minimal SSL-ready config.
You should modify it for your needs.
If you're using systemd, copy the modified config to /etc/nginx/conf.d
and reload nginx.
Then uncomment the ExecStartPost
line in systemd/porkcron.service
.
If you're using Docker, just uncomment the nginx
section in docker/compose.yml
.
Finally, reinstall porkcron
to apply the changes and try hitting https://your.domain
.
The rest is up to you, happy hacking!