Skip to content

tmzane/porkcron

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

15 Commits
.github/workflows
.github/workflows
ย 
ย 
docker
docker
ย 
ย 
nginx
nginx
ย 
ย 
systemd
systemd
ย 
ย 
.env.example
.env.example
ย 
ย 
LICENSE
LICENSE
ย 
ย 
Makefile
Makefile
ย 
ย 
README.md
README.md
ย 
ย 
porkcron.py
porkcron.py
ย 
ย 
pyproject.toml
pyproject.toml
ย 
ย 

Repository files navigation

porkcron

Automatically renew SSL certificate for your Porkbun domain.

๐Ÿ“Œ About

porkcron is a simple alternative to certbot. If you own a domain registered by Porkbun, they offer you a free SSL certificate issued by Let's Encrypt. So instead of getting it from scratch yourself, you can periodically download the certificate using the Porkbun API. porkcron is designed to automate this process. It can be run as a systemd timer or in a Docker container.

๐Ÿ“ฆ Install

First, you need to generate the API keys following this guide. Do not forget to enable the API access for your domain!

When you're ready, clone the repository somewhere on your server:

git clone https://github.com/tmzane/porkcron

Take a look at the .env.example file. It contains all the environment variables used by porkcron. Rename it to .env and fill it with the values you got earlier.

Name Description Required Default
DOMAIN your Porkbun domain(s) yes -
API_KEY your Porkbun API key yes -
SECRET_KEY your Porkbun API secret key yes -
API_URL the Porkbun API address no https://api.porkbun.com/api/json/v3
CERTIFICATE_PATH the path to save the certificate to no /etc/porkcron/{domain}/certificate.pem
PRIVATE_KEY_PATH the path to save the private key to no /etc/porkcron/{domain}/private_key.pem

Note the {domain} placeholder in the paths. It will be automatically replaced with your domain. You can use the placeholder in non-default paths as well.

porkcron can also work with multiple domains at once. You can set DOMAIN to a comma-separated list of domains. In this case, both CERTIFICATE_PATH and PRIVATE_KEY_PATH must contain the {domain} placeholder.

Once you have filled in all the values, you can proceed to choosing the installation method.

Using systemd

Run the following commands:

cd systemd
chmod +x install.sh
./install.sh

This will install the script in /usr/local/bin and enable the timer. The first run will be triggered immediately, check the log to make sure it was successful:

systemctl status porkcron.service

Using Docker

Run the following commands:

cd docker
docker compose up

This will create the porkcron container and download the certificate bundle into the ssl volume.

Changing the run schedule

By default, the script is run once per week, which is plenty since the certificate is valid for 3 months. You can change the schedule by modifying systemd/porkcron.timer (for systemd) or docker/crontab (for Docker).

Configuring a web server

This repository contains an example for the nginx web server, but you can use porkcron with the one of your choice. See Mozilla's SSL config generator for a quick start.

For nginx, see nginx/nginx.conf for a minimal SSL-ready config. You should modify it for your needs.

If you're using systemd, copy the modified config to /etc/nginx/conf.d and reload nginx. Then uncomment the ExecStartPost line in systemd/porkcron.service.

If you're using Docker, just uncomment the nginx section in docker/compose.yml.

Finally, reinstall porkcron to apply the changes and try hitting https://your.domain. The rest is up to you, happy hacking!

About

๐Ÿ” Automatically renew SSL certificate for your Porkbun domain

Topics

python letsencrypt docker nginx ssl cron systemd porkbun

Resources

Readme

License

MPL-2.0 license
Activity

Stars

45 stars

Watchers

2 watching

Forks

11 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages