Automatically renew SSL certificate for your Porkbun domain.
porkcron is a simple alternative to certbot.
If you own a domain registered by Porkbun,
they offer you a free SSL certificate issued by Let's Encrypt.
So instead of getting it from scratch yourself,
you can periodically download the certificate using the Porkbun API.
porkcron is designed to automate this process.
It can be run as a systemd timer or in a Docker container.
First, you need to generate the API keys following this guide. Do not forget to enable the API access for your domain!
When you're ready, clone the repository somewhere on your server:
git clone https://github.com/tmzane/porkcronTake a look at the .env.example file.
It contains all the environment variables used by porkcron.
Rename it to .env and fill it with the values you got earlier.
| Name | Description | Required | Default |
|---|---|---|---|
| DOMAIN | your Porkbun domain | yes | - |
| API_KEY | your Porkbun API key | yes | - |
| SECRET_KEY | your Porkbun API secret key | yes | - |
| API_URL | the Porkbun API address | no | https://api.porkbun.com/api/json/v3 |
| CERTIFICATE_PATH | the path to save the certificate to | no | /etc/porkcron/certificate.pem |
| PRIVATE_KEY_PATH | the path to save the private key to | no | /etc/porkcron/private_key.pem |
| PKCS12_PASSWORD | Setting a password will enable PKCS12 export | no | - |
| PKCS12_FRIENDLY_NAME | PKCS12 friendly name. | no | porkcron |
| PKCS12_PATH | The path to save the PKCS12 blob to. | no | /etc/porkcron/pkcs12.p12 |
Now you need to choose the installation method.
Run the following commands:
cd systemd
chmod +x install.sh
./install.shThis will install the script in /usr/local/bin and enable the timer.
The first run will be triggered immediately, check the log to make sure it was successful:
systemctl status porkcron.serviceRun the following commands:
cd docker
docker compose upThis will create the porkcron container and download the certificate bundle into the ssl volume.
By default, the script is run once per week,
which is plenty since the certificate is valid for 3 months.
You can change the schedule by modifying systemd/porkcron.timer (for systemd) or docker/crontab (for Docker).
This repository contains an example for the nginx web server,
but you can use porkcron with the one of your choice.
See Mozilla's SSL config generator for a quick start.
For nginx, see nginx/nginx.conf for a minimal SSL-ready config.
You should modify it for your needs.
If you're using systemd, copy the modified config to /etc/nginx/conf.d and reload nginx.
Then uncomment the ExecStartPost line in systemd/porkcron.service.
If you're using Docker, just uncomment the nginx section in docker/compose.yml.
Finally, reinstall porkcron to apply the changes and try hitting https://your.domain.
The rest is up to you, happy hacking!