diff --git a/README.md b/README.md index c75a1a4..eca044c 100755 --- a/README.md +++ b/README.md @@ -6,6 +6,9 @@ Variables: * `DUCKDNS_TOKEN`: Duck DNS Account Token * `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`) * `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications +* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for all subdomains of `DUCKDNS_DOMAIN` (i.e. `*.test.duckdns.org`), or just the main domain (i.e. `test.duckdns.org`) + +**Note:** The format of `DUCKDNS_DOMAIN` should be the same regardless of the value of `LETSENCRYPT_WILDCARD`. Volumes: * `:/etc/letsencrypt`: A named or hosted volume which allows SSL certificates to persist and be accessed by other containers diff --git a/scripts/cert.sh b/scripts/cert.sh index fae7a90..c16c719 100755 --- a/scripts/cert.sh +++ b/scripts/cert.sh @@ -3,10 +3,8 @@ # Initial check for certificates certbot certonly --manual --preferred-challenges dns --manual-auth-hook \ /scripts/auth.sh --manual-cleanup-hook /scripts/cleanup.sh \ - -m "${LETSENCRYPT_EMAIL}" --no-eff-email -d "${DUCKDNS_DOMAIN}" \ - --agree-tos --manual-public-ip-logging-ok << EOF -1 -EOF + -m "${LETSENCRYPT_EMAIL}" --no-eff-email -d "${LETSENCRYPT_DOMAIN}" \ + --agree-tos --manual-public-ip-logging-ok --keep # Basic check for successful certificate generation if [ ! -d "/etc/letsencrypt/live" ]; then diff --git a/scripts/start.sh b/scripts/start.sh index 9269ef4..fe0fbe2 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN, LETSENCRYPT_EMAIL +# Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN, LETSENCRYPT_EMAIL, LETSENCRYPT_WILDCARD if [ -z "$DUCKDNS_TOKEN" ]; then echo ERROR: Variable DUCKDNS_TOKEN is unset exit 1 @@ -16,10 +16,26 @@ if [ -z "$LETSENCRYPT_EMAIL" ]; then exit 1 fi +if [ -z "$LETSENCRYPT_WILDCARD" ]; then + echo ERROR: Variable LETSENCRYPT_WILDCARD is unset + exit 1 +fi + +# Set certificate url based on LETSENCRYPT_WILDCARD value +if [ "$LETSENCRYPT_WILDCARD" = "true" ]; then + export LETSENCRYPT_DOMAIN=*.${DUCKDNS_DOMAIN} +elif [ "$LETSENCRYPT_WILDCARD" = "false" ]; then + export LETSENCRYPT_DOMAIN=${DUCKDNS_DOMAIN} +else + echo ERROR: Invalid value for LETSENCRYPT_WILDCARD + exit 1 +fi + # Print variables echo DUCKDNS_TOKEN: $DUCKDNS_TOKEN echo DUCKDNS_DOMAIN: $DUCKDNS_DOMAIN echo LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL +echo LETSENCRYPT_WILDCARD: $LETSENCRYPT_WILDCARD # Start automatic ssl certificate generation /bin/sh /scripts/cert.sh