Free SSL Docker acme.sh: Wildcard & Auto-Renew Synology 7.2

## 1. Introduction This video demonstrates the process of installing the Docker version of acme.sh, ultimately achieving wildcard SSL certificate application and automatic renewal. Disclaimer: Released with DP_IT video, free to use, any resale or commercial activities are prohibited. If someone sold this to you, please request a refund. Website: https://dpit.lib00.com ## 2. Resource Links Used in the Video > 20250621 - Due to continuous link deletions on Baidu Pan, it's too time-consuming to keep replacing links, so it will no longer be used. Thank you for your understanding. > Quark Netdisk may delete Docker image files. If deleted, please use other cloud storage services. > Download addresses for various resource libraries used: Quark Netdisk: https://pan.quark.cn/s/ff0e0c9115b5 Xunlei Cloud Drive: https://pan.xunlei.com/s/VOTGLeztW5qnBigrABO5F2SGA1?pwd=djcz UC Netdisk: https://drive.uc.cn/s/5f87d04161ba4 Google drive: https://drive.google.com/drive/folders/1DXkGgBuG7SudSbprE32D1GZ_KRM9Q7ww?usp=sharing ## 3. Commands Used in the Video > Parameters for different DNS providers can be found in this document -> https://github.com/acmesh-official/acme.sh/wiki/dnsapi > 3.1 acme.sh v3.1.0 docker container creation command - DNSPod docker run -itd \ --net=host \ --name=dpit_acme \ -v "/volume1/docker/ee_acme_3.1.0":/acme.sh \ -e DP_Id="123456" \ -e DP_Key="aaaAAAAbbbBBBB" \ -e TZ=Asia/Shanghai \ neilpang/acme.sh:3.1.0 daemon > 3.1 acme.sh v3.1.0 docker container creation command - Aliyun docker run -itd \ --net=host \ --name=dpit_acme \ -v "/volume1/docker/ee_acme_3.1.0":/acme.sh \ -e Ali_Key="123456" \ -e Ali_Secret="aaaAAAAbbbBBBB" \ -e TZ=Asia/Shanghai \ neilpang/acme.sh:3.1.0 daemon > 3.1 acme.sh v3.1.0 docker container creation command - CloudFlare docker run -itd \ --net=host \ --name=dpit_acme \ -v "/volume1/docker/ee_acme_3.1.0":/acme.sh \ -e CF_Key="123456" \ -e CF_Email="aaaAAAAbbbBBBB" \ -e TZ=Asia/Shanghai \ neilpang/acme.sh:3.1.0 daemon > 3.2 Initial certificate application //Use dns_dp for DNSPod, dns_ali for Aliyun, dns_cf for CF docker exec dpit_acme \ --issue \ --dns dns_dp \ -d lib00.com \ -d *.lib00.com \ --server letsencrypt > 3.3 Force certificate renewal //Use dns_dp for DNSPod, dns_ali for Aliyun, dns_cf for CF docker exec dpit_acme \ --renew \ --dns dns_dp \ -d lib00.com \ -d *.lib00.com \ --force \ --server letsencrypt > 3.4 Display all docker containers docker ps -a > 3.5 Enter docker container docker exec -it container_ID sh > 3.6 Check current Linux time date > 3.7 View acme automatic certificate renewal crontab -l > 3.8 Exit docker container exit

# Free SSL Docker acme.sh: Wildcard & Auto-Renew Synology 7.2 ## 📋 Overview This comprehensive tutorial demonstrates how to deploy ACME.sh in Docker on Synology NAS 7.2 to obtain free, perpetual SSL certificates. Unlike traditional solutions (e.g., Tencent Cloud SSL), this method supports **wildcard domains** and **automatic renewal**, eliminating manual certificate management hassles. --- ## 🎯 Key Advantages - **Permanently Free**: Powered by Let's Encrypt, completely cost-free - **Wildcard Support**: Single application covers root domain and all subdomains (*.domain.com) - **Auto-Renewal**: Certificates renew automatically before expiration - **Dockerized**: Zero system impact, removable anytime without affecting NAS stability - **Simple Operation**: Only two Docker commands required for complete setup --- ## 📝 Prerequisites ### 1. Required Materials - **Domain Name**: SSL certificates bind to domains - **DNSPod API Token**: Requires both ID and Token (alternative DNS providers supported) - **Docker Image**: ACME.sh version 3.1.0 (latest release as of November 30, 2024) ### 2. Image Download & Import Multiple download sources provided (Quark Cloud Drive, etc.), available in two formats: - `.tar` file (uncompressed, ready-to-use, larger size) - `.tar.gz` file (compressed, requires extraction, smaller size) **Import Steps**: 1. Upload image file to Synology (recommended path: `docker/ee_image`) 2. Open Container Manager → Image → Action → Add → From File 3. Select uploaded image to complete import ### 3. Create Working Directory Create folder under Docker directory (example: `ee_acme_3.1.0`) and record full path (starting with `/volume1`) --- ## 🚀 Deployment Process ### Step 1: Create Docker Container SSH into NAS, switch to root user, then run container creation command: ```bash docker run -d \ --name DPIT_ACME \ -v /volume1/docker/ee_acme_3.1.0:/acme.sh \ -e DP_Id="Your_DNSPod_ID" \ -e DP_Key="Your_DNSPod_Token" \ -e TZ=Asia/Shanghai \ --restart=always \ neilpang/acme.sh:3.1.0 daemon ``` **Key Parameter Explanation**: - `--name`: Container name (customizable, must match in subsequent commands) - `-v`: Volume mount (use full path of created working directory) - `-e DP_Id` & `-e DP_Key`: DNSPod API credentials - `daemon`: Enables daemon process for auto-renewal ### Step 2: Initial Certificate Application Execute certificate issuance command: ```bash docker exec DPIT_ACME \ --issue \ --dns dns_dp \ -d lib00.com \ -d *.lib00.com \ --server letsencrypt ``` **Parameter Breakdown**: - `--dns dns_dp`: Specifies DNSPod provider (modify for other providers) - `-d`: Domain specification (recommend both root and wildcard) - `--server letsencrypt`: Uses Let's Encrypt certificate service Upon success, certificate files save to `domain_ecc` subfolder in working directory. --- ## 🔄 Auto-Renewal Mechanism Built-in Cron Job checks certificate status daily at 5:36 AM: - Auto-triggers renewal when 15 days remain until expiration - New certificates automatically replace old files - Update logs viewable in Container Manager logs **Manual Force Renewal Command** (for testing/emergencies): ```bash docker exec DPIT_ACME \ --renew \ --dns dns_dp \ -d lib00.com \ --force \ --server letsencrypt ``` --- ## 💡 Technical Highlights 1. **Containerized Deployment**: Docker isolation ensures certificate management doesn't pollute system environment 2. **Daemon Mode**: `daemon` parameter keeps container running for scheduled tasks 3. **Path Mapping**: Volume mounting enables persistent certificate storage 4. **Version Pinning**: Using specific image version (3.1.0) ensures deployment stability --- ## 📂 Certificate File Location Certificate storage path: `/volume1/docker/ee_acme_3.1.0/domain_ecc/` Main files include: - Certificate file (.cer) - Private key file (.key) - Full certificate chain (fullchain.cer) - CA certificate (ca.cer) --- ## 🔮 Coming Next Next video preview: **How to integrate obtained SSL certificates into Synology system**, achieving closed-loop automation where Synology web services automatically use latest certificates. --- ## 🎓 Use Cases - Personal NAS users requiring HTTPS secure access - Self-hosted websites needing SSL certificates - Development/testing environments requiring valid certificates - Scenarios managing multiple subdomains - Tech enthusiasts pursuing automated DevOps --- ## 📌 Important Notes - Cloud drive links may expire, download image files promptly - When modifying container name/paths, update all related commands synchronously - Ensure DNSPod API permissions configured correctly - Certificates valid for 3 months, but auto-renewal completes updates before expiration --- ## 🔗 Resources Complete documentation and command reference: dpit.lib00.com (search "SSL" for tutorial) --- ## SEO Keywords Free SSL Certificate, Docker ACME, Synology SSL, Wildcard Certificate, Auto-Renewal, Let's Encrypt, Synology 7.2 Tutorial, DNSPod API, Containerized Deployment, NAS Security, HTTPS Configuration, Certificate Management, acme.sh Tutorial