Skip to content

๐Ÿ” Automatically renew SSL certificate for your Porkbun domain

License

Notifications You must be signed in to change notification settings

tmzane/porkcron

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

14 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

porkcron

Automatically renew SSL certificate for your Porkbun domain.

๐Ÿ“Œ About

porkcron is a simple alternative to certbot. If you own a domain registered by Porkbun, they offer you a free SSL certificate issued by Let's Encrypt. So instead of getting it from scratch yourself, you can periodically download the certificate using the Porkbun API. porkcron is designed to automate this process. It can be run as a systemd timer or in a Docker container.

๐Ÿ“ฆ Install

First, you need to generate the API keys following this guide. Do not forget to enable the API access for your domain!

When you're ready, clone the repository somewhere on your server:

git clone https://github.com/tmzane/porkcron

Take a look at the .env.example file. It contains all the environment variables used by porkcron. Rename it to .env and fill it with the values you got earlier.

Name Description Required Default
DOMAIN your Porkbun domain yes -
API_KEY your Porkbun API key yes -
SECRET_KEY your Porkbun API secret key yes -
API_URL the Porkbun API address no https://api.porkbun.com/api/json/v3
CERTIFICATE_PATH the path to save the certificate to no /etc/porkcron/certificate.pem
PRIVATE_KEY_PATH the path to save the private key to no /etc/porkcron/private_key.pem

Now you need to choose the installation method.

Using systemd

Run the following commands:

cd systemd
chmod +x install.sh
./install.sh

This will install the script in /usr/local/bin and enable the timer. The first run will be triggered immediately, check the log to make sure it was successful:

systemctl status porkcron.service

Using Docker

Run the following commands:

cd docker
docker compose up

This will create the porkcron container and download the certificate bundle into the ssl volume.

Changing the run schedule

By default, the script is run once per week, which is plenty since the certificate is valid for 3 months. You can change the schedule by modifying systemd/porkcron.timer (for systemd) or docker/crontab (for Docker).

Configuring a web server

This repository contains an example for the nginx web server, but you can use porkcron with the one of your choice. See Mozilla's SSL config generator for a quick start.

For nginx, see nginx/nginx.conf for a minimal SSL-ready config. You should modify it for your needs.

If you're using systemd, copy the modified config to /etc/nginx/conf.d and reload nginx. Then uncomment the ExecStartPost line in systemd/porkcron.service.

If you're using Docker, just uncomment the nginx section in docker/compose.yml.

Finally, reinstall porkcron to apply the changes and try hitting https://your.domain. The rest is up to you, happy hacking!