# Let's Encrypt for DuckDNS e Dynu

compilare l'immagine

```bash
sudo docker build . -t duckdns_dynu/letsencrypt
```
settare tutti i parametri del docker-compose

```docker compose
services:
  letsencrypt:
    image: duckdns_dynu/letsencrypt
    container_name: duckdns_dynu_letsencrypt
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
    environment:
      - DUCKDNS_TOKEN=0f26cf40-9ded-48b6-8612-5830327aac90
      - DUCKDNS_DOMAIN=patachina.duckdns.org
      - DUCKDNS_DOMAIN2=patachina2.duckdns.org
      - DYNU_DOMAIN=patachina.casacam.net
      - DYNU_DOMAIN2=patachina2.casacam.net
      - DYNU_API_KEY=3465V4Va6732ZWf7b5V55gYg6ZU55W4Y
      - EMAIL=fabio.micheluz@gmail.com
      - LETSENCRYPT_DOMAIN= #optional
      - LETSENCRYPT_WILDCARD=true #optional
      - LETSENCRYPT_EMAIL= #optional
      - TESTING=false #optional
      - UID=0 #optional
      - GID=0 #optional
      - DUCKDNS_DELAY= #optional
    restart: unless-stopped
```
nel folder /etc/letsencrypt/live/ le directory con tutte le key suddivise per domain

accesso consentito solo come root (sudo -s)
```bash
ls /etc/letsencrypt2/live/

patachina2.casacam.net  patachina2.duckdns.org  patachina.casacam.net  patachina.duckdns.org
```

# Let's Encrypt for Duck DNS

github originale (https://github.com/maksimstojkovic/docker-letsencrypt)

Automatically generates Let's Encrypt certificates using a lightweight Docker container without requiring any ports to be exposed for DNS challenges.

## Environment Variables

* `DUCKDNS_TOKEN`: Duck DNS account token (obtained from [Duck DNS](https://www.duckdns.org)) (*required*)
* `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`) (*required*)
* `LETSENCRYPT_DOMAIN`: Domain to generate SSL cert for. By default the SSL certificate is generated for `DUCKDNS_DOMAIN` (optional)
* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for subdomains *only* of `LETSENCRYPT_DOMAIN` (i.e. `*.test.duckdns.org`), or for the main domain *only* (i.e. `test.duckdns.org`) (optional, default: `false`)
* `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications (optional)
* `LETSENCRYPT_CHAIN`: Preferred certificate chain (e.g. `ISRG Root X1`, see [https://letsencrypt.org/certificates](https://letsencrypt.org/certificates/) for more details) (optional)
* `TESTING`: `true` or `false`, indicating whether a staging SSL certificate should be generated or not (optional, default: `false`)
* `UID`: User ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)
* `GID`: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)

## Notes

* The `DUCKDNS_DOMAIN` should already be pointing to the server with a dynamic IP. The [maksimstojkovic/duckdns](https://github.com/maksimstojkovic/docker-duckdns) image can be used to automatically update the IP address.
* The format of `DUCKDNS_DOMAIN` should be `<subdomain>.duckdns.org`, regardless of the value of `LETSENCRYPT_WILDCARD`.
* To use `LETSENCRYPT_DOMAIN` feature, the following DNS records need to be created for ACME authentication (records should not be proxied):

| Type  | Name                                   | Value                              | Condition                         |
|-------|----------------------------------------|------------------------------------|-----------------------------------|
| CNAME | `*.<LETSENCRYPT_DOMAIN>`               | `<DUCKDNS_DOMAIN>`                 | `LETSENCRYPT_WILDCARD` == `true`  |
| CNAME | `<LETSENCRYPT_DOMAIN>`                 | `<DUCKDNS_DOMAIN>`                 | `LETSENCRYPT_WILDCARD` == `false` |
| CNAME | `_acme-challenge.<LETSENCRYPT_DOMAIN>` | `_acme-challenge.<DUCKDNS_DOMAIN>` |                                   |

## Volumes

* `<certs>:/etc/letsencrypt`: A named or host volume which allows SSL certificates to persist and be accessed by other containers

**Note:** To use the `<certs>` host volume in another container, mount it as read-only for those containers. The `<certs>` host volume should be read-write enabled for the Letsencrypt container.

# Let's Encrypt for Dynu

git originale (https://github.com/aney1/certbot-domainvalidation-dynu)

This repository contains everything needed to create and renew LetsEncrypt certificates (incl. wildcard certificates) on Dynu (https://www.dynu.com/).
This should work on every machine that can run docker (I'm using it on a QNAP NAS).
If you already have certbot installed you can also just use the scripts in the scripts folder, without docker.

## Usage with docker-compose:
You will need Docker and Docker-Compose:

https://docs.docker.com/install/
https://docs.docker.com/compose/install/

docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up

Cronjob to run it twice daily (like recomended by Certbot, certificates are only renewed when needed):

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up