4.7 KiB
Let's Encrypt for DuckDNS e Dynu
compilare l'immagine
sudo docker build . -t duckdns_dynu/letsencrypt
settare tutti i parametri del docker-compose
services:
letsencrypt:
image: duckdns_dynu/letsencrypt
container_name: duckdns_dynu_letsencrypt
volumes:
- /etc/letsencrypt:/etc/letsencrypt
environment:
- DUCKDNS_TOKEN=0f26cf40-9ded-48b6-8612-5830327aac90
- DUCKDNS_DOMAIN=patachina.duckdns.org
- DUCKDNS_DOMAIN2=patachina2.duckdns.org
- DYNU_DOMAIN=patachina.casacam.net
- DYNU_DOMAIN2=patachina2.casacam.net
- DYNU_API_KEY=3465V4Va6732ZWf7b5V55gYg6ZU55W4Y
- EMAIL=fabio.micheluz@gmail.com
- LETSENCRYPT_DOMAIN= #optional
- LETSENCRYPT_WILDCARD=true #optional
- LETSENCRYPT_EMAIL= #optional
- TESTING=false #optional
- UID=0 #optional
- GID=0 #optional
- DUCKDNS_DELAY= #optional
restart: unless-stopped
Let's Encrypt for Duck DNS
github originale (https://github.com/maksimstojkovic/docker-letsencrypt)
Automatically generates Let's Encrypt certificates using a lightweight Docker container without requiring any ports to be exposed for DNS challenges.
Environment Variables
DUCKDNS_TOKEN: Duck DNS account token (obtained from Duck DNS) (required)DUCKDNS_DOMAIN: Full Duck DNS domain (e.g.test.duckdns.org) (required)LETSENCRYPT_DOMAIN: Domain to generate SSL cert for. By default the SSL certificate is generated forDUCKDNS_DOMAIN(optional)LETSENCRYPT_WILDCARD:trueorfalse, indicating whether the SSL certificate should be for subdomains only ofLETSENCRYPT_DOMAIN(i.e.*.test.duckdns.org), or for the main domain only (i.e.test.duckdns.org) (optional, default:false)LETSENCRYPT_EMAIL: Email used for certificate renewal notifications (optional)LETSENCRYPT_CHAIN: Preferred certificate chain (e.g.ISRG Root X1, see https://letsencrypt.org/certificates for more details) (optional)TESTING:trueorfalse, indicating whether a staging SSL certificate should be generated or not (optional, default:false)UID: User ID to apply to Let's Encrypt files generated (optional, recommended, default:0- root)GID: Group ID to apply to Let's Encrypt files generated (optional, recommended, default:0- root)
Notes
- The
DUCKDNS_DOMAINshould already be pointing to the server with a dynamic IP. The maksimstojkovic/duckdns image can be used to automatically update the IP address. - The format of
DUCKDNS_DOMAINshould be<subdomain>.duckdns.org, regardless of the value ofLETSENCRYPT_WILDCARD. - To use
LETSENCRYPT_DOMAINfeature, the following DNS records need to be created for ACME authentication (records should not be proxied):
| Type | Name | Value | Condition |
|---|---|---|---|
| CNAME | *.<LETSENCRYPT_DOMAIN> |
<DUCKDNS_DOMAIN> |
LETSENCRYPT_WILDCARD == true |
| CNAME | <LETSENCRYPT_DOMAIN> |
<DUCKDNS_DOMAIN> |
LETSENCRYPT_WILDCARD == false |
| CNAME | _acme-challenge.<LETSENCRYPT_DOMAIN> |
_acme-challenge.<DUCKDNS_DOMAIN> |
Volumes
<certs>:/etc/letsencrypt: A named or host volume which allows SSL certificates to persist and be accessed by other containers
Note: To use the <certs> host volume in another container, mount it as read-only for those containers. The <certs> host volume should be read-write enabled for the Letsencrypt container.
Let's Encrypt for Dynu
git originale (https://github.com/aney1/certbot-domainvalidation-dynu)
This repository contains everything needed to create and renew LetsEncrypt certificates (incl. wildcard certificates) on Dynu (https://www.dynu.com/). This should work on every machine that can run docker (I'm using it on a QNAP NAS). If you already have certbot installed you can also just use the scripts in the scripts folder, without docker.
Usage with docker-compose:
You will need Docker and Docker-Compose:
https://docs.docker.com/install/ https://docs.docker.com/compose/install/
docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up
Cronjob to run it twice daily (like recomended by Certbot, certificates are only renewed when needed):
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && docker-compose -f <PATH_TO_FILES>/certbot/docker-compose.yml up