alternative domain merge prep

Added note about proxied DNS records to README.md
Updated CNAME record docs
Adjusted format of docker-compose.yml variables
Re-ordered README.md variables to match docker-compose.yml
Added DNS record conditions to README.md
Added duckdns container to docker-compose.yml
Added default value checks to start.sh

README.md

@@ -12,22 +12,24 @@ Automatically generates Let's Encrypt certificates using a lightweight Docker co
 
 * `DUCKDNS_TOKEN`: Duck DNS account token (obtained from [Duck DNS](https://www.duckdns.org)) (*required*)
 * `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`) (*required*)
+* `LETSENCRYPT_DOMAIN`: Domain to generate SSL cert for. By default the SSL certificate is generated for `DUCKDNS_DOMAIN` (optional)
+* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for subdomains *only* of `LETSENCRYPT_DOMAIN` (i.e. `*.test.duckdns.org`), or for the main domain *only* (i.e. `test.duckdns.org`) (optional, default: `false`)
 * `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications (optional)
-* `LETSENCRYPT_DOMAIN`: Domain to generate SSL cert for. By default SSL certificate is generated for `DUCKDNS_DOMAIN` (optional)
-* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for subdomains *only* of `DUCKDNS_DOMAIN` (i.e. `*.test.duckdns.org`), or for the main domain *only* (i.e. `test.duckdns.org`) (optional, default: `false`)
 * `TESTING`: `true` or `false`, indicating whether a staging SSL certificate should be generated or not (optional, default: `false`)
 * `UID`: User ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)
 * `GID`: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)
 
 ## Notes
 
-* The format of `DUCKDNS_DOMAIN` should be the same regardless of the value of `LETSENCRYPT_WILDCARD`.
+* The `DUCKDNS_DOMAIN` should already be pointing to the server with a dynamic IP. The [maksimstojkovic/duckdns](https://github.com/maksimstojkovic/docker-duckdns) image can be used to automatically update the IP address.
+* The format of `DUCKDNS_DOMAIN` should be `<subdomain>.duckdns.org`, regardless of the value of `LETSENCRYPT_WILDCARD`.
+* To use `LETSENCRYPT_DOMAIN` feature, the following DNS records need to be created for ACME authentication (records should not be proxied):
 
-* In order to use `LETSENCRYPT_DOMAIN` feature, the following DNS records need to be created for ACME authentication
-```
-   <LETSENCRYPT_DOMAIN> CNAME -> <DUCKDNS_DOMAIN>
-   _acme-challenge.<<LETSENCRYPT_DOMAIN> CNAME -> _acme-challenge.<DUCKDNS_DOMAIN>
-```
+| Type  | Name                                   | Value                              | Condition                         |
+|-------|----------------------------------------|------------------------------------|-----------------------------------|
+| CNAME | `*.<LETSENCRYPT_DOMAIN>`               | `<DUCKDNS_DOMAIN>`                 | `LETSENCRYPT_WILDCARD` == `true`  |
+| CNAME | `<LETSENCRYPT_DOMAIN>`                 | `<DUCKDNS_DOMAIN>`                 | `LETSENCRYPT_WILDCARD` == `false` |
+| CNAME | `_acme-challenge.<LETSENCRYPT_DOMAIN>` | `_acme-challenge.<DUCKDNS_DOMAIN>` |                                   |
 
 ## Volumes
 

docker-compose.yml

@@ -1,18 +1,27 @@
 version: '2.4'
 
 services:
-  duckdns-letsencrypt:
-    build: .
+  duckdns:
+    image: maksimstojkovic/duckdns
+    container_name: duckdns
+    environment:
+      - DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
+      - DUCKDNS_DOMAIN=test.duckdns.org
+      - DUCKDNS_DELAY=5 #optional
     restart: unless-stopped
+
+  letsencrypt:
+    image: maksimstojkovic/letsencrypt
+    container_name: letsencrypt
     volumes:
       - ./certs:/etc/letsencrypt
     environment:
-      # mandatory
-      - "DUCKDNS_TOKEN=<your-duckdns-token>"
-      - "DUCKDNS_DOMAIN=<your-duckdns-domain>"
-      # optional
-      # - "LETSENCRYPT_DOMAIN=<alternative-domain>"
-      # - "LETSENCRYPT_EMAIL=<email-address>"
-      # - "LETSENCRYPT_WILDCARD=false"
-      # - "TESTING=false"
-
+      - DUCKDNS_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
+      - DUCKDNS_DOMAIN=test.duckdns.org
+      - LETSENCRYPT_DOMAIN= #optional
+      - LETSENCRYPT_WILDCARD=false #optional
+      - LETSENCRYPT_EMAIL= #optional
+      - TESTING=false #optional
+      - UID=0 #optional
+      - GID=0 #optional
+    restart: unless-stopped

scripts/start.sh

@@ -1,24 +1,24 @@
 #!/bin/sh
 
 # Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN
-if [ -z "$DUCKDNS_TOKEN" ]; then
-  echo "ERROR: Variable DUCKDNS_TOKEN is unset"
+if [ -z "$DUCKDNS_TOKEN" ] || [ "$DUCKDNS_TOKEN" = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" ]; then
+  echo "ERROR: Variable DUCKDNS_TOKEN is unset or still its default value"
   exit 1
 fi
 
 if [ -z "$DUCKDNS_DOMAIN" ]; then
-  echo "ERROR: Variable DUCKDNS_DOMAIN is unset"
+  echo "ERROR: Variable DUCKDNS_DOMAIN is unset or still its default value"
   exit 1
 fi
 
 # Print email notice if applicable
 if [ -z "$LETSENCRYPT_EMAIL" ]; then
-  echo "INFO: You will not receive SSL certificate expiration notices"
+  echo "WARNING: You will not receive SSL certificate expiration notices"
 fi
 
 # Set LETSENCRYPT_DOMAIN to DUCKDNS_DOMAIN if not specified
 if [ -z "$LETSENCRYPT_DOMAIN" ]; then
-  echo "INFO: No LETSENCRYPT_DOMAIN, using DUCKDNS_DOMAIN"
+  echo "INFO: LETSENCRYPT_DOMAIN is unset, using DUCKDNS_DOMAIN"
   LETSENCRYPT_DOMAIN=$DUCKDNS_DOMAIN
 fi