This is the fastest and most convenient way to deploy acme2certifier. After installation, acme2certifier will run inside a minimal Ubuntu 20.04 container, using either Apache2 or Nginx as the web server.
acme2certifier requires persistent storage for:
- Database:
acme_srv.db - CA Handler:
ca_handler.py - Configuration File:
acme_srv.cfg
By default, these files are stored in the data/ folder and mounted inside the container at:
/var/www/acme2certifier/volume
The data folder path can be modified in docker-compose.yml to match your setup.
By default, acme2certifier runs on:
- HTTP: Port 22280
- HTTPS: Port 22443 (optional)
To expose these services externally, map ports 80 and 443 accordingly.
The .env file allows customization, including:
- Branch Selection:
masterordevel - Context:
wsgiordjango - Web Server:
apache2ornginx
Example .env file:
COMPOSE_PROJECT_NAME=acme2certifier
BRANCH=master
CONTEXT=wsgi
WEBSERVER=apache2cd ~/acme2certifier/examples/Docker
docker-compose build --no-cacheExpected output:
Building srv
Step 1/17 : FROM ubuntu:20.04
---> 1d622ef86b13
Step 2/17 : LABEL maintainer="grindelsack@gmail.com"
---> Running in 03f043052bc9
Removing intermediate container 03f043052bc9
...Containers default to UTC, which can make log correlation difficult. To set a custom timezone, create a docker-compose.override.yml file:
version: '3.2'
services:
acme-srv:
environment:
TZ: "Your/Timezone"docker-compose up -dIf you modify .env, rebuild the image:
docker-compose build --no-cacheDuring startup, the entry-point script checks for missing configuration files in data/:
- Configuration file:
acme_srv.cfg - Stub handler:
skeleton_ca_handler.py
For Django-based deployments, a project-specific settings.py will also be created in data/.
Check if the container is running:
docker-compose psExpected output:
Name Command State Ports
-------------------------------------------------------------------------------------------------------------
acme2certifier_srv_1 /docker-entrypoint.sh /usr ... Up 0.0.0.0:22443->443/tcp, 0.0.0.0:22280->80/tcp
Test the ACME directory endpoint:
docker run -it --rm --network acme curlimages/curl http://acme-srv/directory | python -m json.toolExpected output:
{
"6a01d6abe3a84de2831d24aa5451b3a2": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "http://acme2certifier_srv_1/acme_srv/key-change",
"meta": {
"author": "grindsa <grindelsack@gmail.com>",
"home": "https://github.com/grindsa/acme2certifier",
"name": "acme2certifier",
"version": "0.9-dev"
},
"newAccount": "http://acme2certifier_srv_1/acme_srv/newaccount",
"newAuthz": "http://acme2certifier_srv_1/acme_srv/new-authz",
"newNonce": "http://acme2certifier_srv_1/acme_srv/newnonce",
"newOrder": "http://acme2certifier_srv_1/acme_srv/neworders",
"revokeCert": "http://acme2certifier_srv_1/acme_srv/revokecert"
}If you modify acme_srv.cfg, ca_handler.py, or settings.py, restart the container:
docker-compose restartUse your preferred ACME client. If enrollment fails:
- Check the CA handler configuration.
- Review logs.
- Enable debug mode in acme2certifier.
To enable TLS support, place acme2certifier.pem in the volume. It must contain:
- Private key
- End-entity certificate
- Intermediate CA certificates (from leaf to root; do not include the root CA)
Example:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
End-entity certificate data
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA certificate(s)
-----END CERTIFICATE-----
For Nginx, place the following files in the volume:
acme2certifier_cert.pem– Certificate fileacme2certifier_key.pem– Private key
Both must be in PEM format.
You can run the container manually with:
docker run -d -p 80:22280 -p 443:22443 --rm --name=a2c-srv -v "/home/grindsa/docker/a2c/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:apache2-wsgiThis will:
- Map internal port 22280 to external port 80.
- Map internal port 22443 to external port 443.
- Mount the
data/directory for persistent storage.