证书自动续签工具 certimate
GitHub仓库usual2970/certimate: 开源的SSL证书管理工具,可以帮助你自动申请、部署SSL证书,并在证书即将过期时自动续期。
安装部署
二进制部署
从 GitHub Releases 页面下载预先编译好的二进制可执行文件压缩包,解压缩后在终端中执行:
./certimate serve浏览器中访问 http://127.0.0.1:8090。
初始的管理员账号及密码:
账号:
admin@certimate.fun密码:
1234567890
即刻使用 Certimate。
设置开机自启动
利用 systemd 来管理开机自启动项。
在
/etc/systemd/system/目录下创建服务文件:
sudo vi /etc/systemd/system/certimate.service
编写服务配置:
[Unit]
Description=Certimate
After=network.target
[Service]
# 请将以下路径替换为你的实际安装路径
WorkingDirectory=/usr/sbin/certimate/
ExecStart=/usr/sbin/certimate/certimate serve
Restart=on-failure
User=root
PrivateTmp=true
[Install]
WantedBy=multi-user.target
启用并启动服务
# 加载项生效
sudo systemctl daemon-reload
# 启用服务
sudo systemctl enable --now certimate.service
docker部署
docker run
# 拉取镜像
docker pull usual2970/certimate:latest
# 启动容器
docker run -d \
--name certimate_server \
--restart unless-stopped \
-p 8090:8090 \
-v /etc/localtime:/etc/localtime:ro \
-v /etc/timezone:/etc/timezone:ro \
-v $(pwd)/data:/app/pb_data \
usual2970/certimate:latestdocker compose
mkdir -p ~/.certimate && \
cd ~/.certimate && \
curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && \
docker compose up -d自定义修改yaml文件
services:
certimate:
image: usual2970/certimate:latest
container_name: certimate_server
ports:
- 8090:8090
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- certimate-data:/app/pb_data
restart: unless-stopped
volumes:
certimate-data:kubernetes部署
apiVersion: v1
kind:PersistentVolumeClaim
metadata:
name:certimate-data-pvc
namespace:prod-devops-tools
labels:
app_name:prod-certimate
spec:
accessModes:
-ReadWriteOnce
resources:
requests:
storage:20Gi
storageClassName:prod-cbs# 指定存储类型
---
apiVersion:v1
kind:Secret
metadata:
name:prod-certimate-secret
namespace:prod-devops-tools
data:
CERTIMATE_ADMIN_USERNAME:ZGV2b3BzQHhp*********Y29t
CERTIMATE_ADMIN_PASSWORD:bkRMWFBGUWR2*********DhaUXc=
---
apiVersion:apps/v1
kind:Deployment
metadata:
name:prod-certimate-server
namespace:prod-devops-tools
labels:
app_name:prod-certimate
spec:
replicas:1
selector:
matchLabels:
app_name:prod-certimate
template:
metadata:
labels:
app_name:prod-certimate
spec:
containers:
-name:certimate
image:usual2970/certimate:v0.3.15
ports:
-containerPort:8090
volumeMounts:
-name:timezone-config
mountPath:/etc/localtime# 时区挂载
readOnly:true
-name:tz-config
mountPath:/etc/timezone# 时区挂载
readOnly:true
-name:data-storage
mountPath:/app/pb_data# 数据持久化
env:
-name:CERTIMATE_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name:prod-certimate-secret
key:CERTIMATE_ADMIN_USERNAME
-name:CERTIMATE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name:prod-certimate-secret
key:CERTIMATE_ADMIN_PASSWORD
volumes:
-name:timezone-config
hostPath:
path:/etc/localtime
-name:tz-config
hostPath:
path:/etc/timezone
-name:data-storage
persistentVolumeClaim:
claimName:certimate-data-pvc
---
# certimate-service.yaml
apiVersion:v1
kind:Service
metadata:
name:prod-certimate
namespace:prod-devops-tools
labels:
app_name:prod-certimate
spec:
selector:
app_name:prod-certimate
ports:
-protocol:TCP
port:8090
targetPort:8090
type:ClusterIP
---
apiVersion:networking.k8s.io/v1
kind:Ingress
metadata:
name:prod-certimate-ingress
namespace:prod-devops-tools
spec:
ingressClassName:nginx-intranet-direct
rules:
-host:certimate.dyz.xyz
http:
paths:
# 静态资源优先匹配(关键修改)
-path:/
pathType:Prefix
backend:
service:
name:prod-certimate
port:
number:8090
