From a13a79b230c65a2d64931f024f44262c8de2a1c5 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Fri, 3 Jul 2026 09:32:28 +0200 Subject: [PATCH] fix(docker): start crond and persist acme.sh state so cert renewal works The image shipped busybox crond but the entrypoint never started it, and the acme.sh crontab entry vanished on every container recreation, so certificates issued via the panel's SSL menu silently expired after 90 days. The entrypoint now re-registers the acme.sh cron job and starts crond when acme.sh is installed, and docker-compose gains an acme volume so renewal state survives recreation. Closes #5116 --- DockerEntrypoint.sh | 9 +++++++++ docker-compose.yml | 3 +++ 2 files changed, 12 insertions(+) diff --git a/DockerEntrypoint.sh b/DockerEntrypoint.sh index 79779a219..5b2a1372c 100644 --- a/DockerEntrypoint.sh +++ b/DockerEntrypoint.sh @@ -69,5 +69,14 @@ EOF fail2ban-client -x start fi +# Certificate auto-renewal: acme.sh (installed by the panel's SSL menu) relies +# on a root crontab entry, but the crontab is lost when the container is +# recreated and crond was never started. Re-register the job and run crond so +# renewals actually fire; mount /root/.acme.sh as a volume to keep acme state. +if [ -f /root/.acme.sh/acme.sh ]; then + /root/.acme.sh/acme.sh --install-cronjob >/dev/null 2>&1 + crond +fi + # Run x-ui exec /app/x-ui diff --git a/docker-compose.yml b/docker-compose.yml index 1081fa598..a4c88c004 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,9 @@ services: volumes: - $PWD/db/:/etc/x-ui/ - $PWD/cert/:/root/cert/ + # Persists acme.sh state so certificate auto-renewal survives container + # recreation (the entrypoint re-registers the renewal cron job from it). + - $PWD/acme/:/root/.acme.sh/ environment: XRAY_VMESS_AEAD_FORCED: "false" XUI_ENABLE_FAIL2BAN: "true"