数据加密>> desec-hook-certbot-docker>> 返回
项目作者: arctic-alpaca

项目描述 :
A docker container to automatically renew certificates with the desec.io certbot hook.
高级语言: Shell
项目地址: git://github.com/arctic-alpaca/desec-hook-certbot-docker.git
创建时间: 2021-01-21T12:20:16Z
项目社区:https://github.com/arctic-alpaca/desec-hook-certbot-docker
开源协议:MIT License
下载


:warning: The dedyn.io certbot hook has been archived in favor of the certbot plugin. This repo was based on the cerbot hook and should no longer be used. :warning:

desec-hook-certbot-docker

A (unofficial) docker container to automatically renew certificates with the desec.io certbot hook via dns challenge.

Usage

Notes

PLEASE BE AWARE THAT A COMPROMISED, VALID DESEC.IO TOKEN CAN PUT YOUR DOMAINS AT RISK. HARDCODING A TOKEN LIKE IN THIS CONTAINER ISN’T RECOMMENDED UNTIL SCOPED TOKENS ARE FULLY IMPLEMENTED!

I’m using this container to get a wildcard certificate with a raspberry pi in my local network. Don’t deploy this container directly to the internet.

Build

Clone this repo and inside the project folder:
sudo docker image build -t desec-hook-certbot-docker .

RUN

  1.   docker run \
  2.     -d \
  3.     --restart unless-stopped \
  4.     -v "/etc/letsencrypt:/etc/letsencrypt" \
  5.     -v "/var/log/letsencrypt:/var/log/letsencrypt" \
  6.     -e "TZ=Europe/Berlin" \
  7.     --env "DEDYN_TOKEN={DEDYN_TOKEN}" \
  8.     --env "DEDYN_NAME={DEDYN_NAME}" \
  9.     --env "DOMAINS={DOMAINS}" \
  10.     --env "DOMAIN_EMAIL={DOMAIN_EMAIL}" \
  11.     certbot-test
  • Volumes and timezone (TZ) can be configured as you wish. Timezone is used for cron renewal.
  • {DEDYN_TOKEN} a dedyn/desec token that’s valid for the planned runtime of the container.
  • {DEDYN_NAME} The domain you want a certificate for, “yourdomain.dedyn.io” or “example.com” depending on whether you use managed dns or dyndns.
  • {DOMAINS} The domains you want a certificate for, seperated by space.
  • {DOMAIN_EMAIL} An email address where you can be reached to supply to Let’s Encrypt.

Cron

The crontab file can be configured to run the renewal check at any time. Currently 04:00 (at night) is the default.

Example

  1.   docker run \
  2.     -d \
  3.     --restart unless-stopped \
  4.     -v "/etc/letsencrypt:/etc/letsencrypt" \
  5.     -v "/var/log/letsencrypt:/var/log/letsencrypt" \
  6.     -e "TZ=Europe/Berlin" \
  7.     --env "DEDYN_TOKEN=abcxyzabcxyzabcxyz" \
  8.     --env "DEDYN_NAME=example.com" \
  9.     --env "DOMAINS=example.com *.example.com" \
  10.     --env "DOMAIN_EMAIL=me@example.com" \
  11.     certbot-test

Note, the email doesn’t need to be the same domain. You can use gmail or whatever you want.

More info