Fabio/docker-letsencrypt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for --preferred-chain

Browse source
This commit is contained in:
Maksim Stojkovic 2022-08-20 23:49:03 +10:00
parent d954db1708
commit cf44f020b8
3 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -6,7 +6,7 @@ LABEL maintainer="Maksim Stojkovic <https://github.com/maksimstojkovic>" \
org.label-schema.vcs-url="https://github.com/maksimstojkovic/docker-letsencrypt" org.label-schema.vcs-url="https://github.com/maksimstojkovic/docker-letsencrypt"
# Install tools required # Install tools required
RUN apk --no-cache add certbot curl RUN apk --no-cache add bash certbot curl
# Copy scripts # Copy scripts
WORKDIR /scripts WORKDIR /scripts
@ -14,4 +14,4 @@ COPY ./scripts /scripts
RUN chmod -R +x /scripts RUN chmod -R +x /scripts
# Image starting command # Image starting command
CMD ["/bin/sh", "/scripts/start.sh"] CMD ["/bin/bash", "/scripts/start.sh"]

1
README.md
View file

@ -15,6 +15,7 @@ Automatically generates Let's Encrypt certificates using a lightweight Docker co
* `LETSENCRYPT_DOMAIN`: Domain to generate SSL cert for. By default the SSL certificate is generated for `DUCKDNS_DOMAIN` (optional) * `LETSENCRYPT_DOMAIN`: Domain to generate SSL cert for. By default the SSL certificate is generated for `DUCKDNS_DOMAIN` (optional)
* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for subdomains *only* of `LETSENCRYPT_DOMAIN` (i.e. `*.test.duckdns.org`), or for the main domain *only* (i.e. `test.duckdns.org`) (optional, default: `false`) * `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for subdomains *only* of `LETSENCRYPT_DOMAIN` (i.e. `*.test.duckdns.org`), or for the main domain *only* (i.e. `test.duckdns.org`) (optional, default: `false`)
* `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications (optional) * `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications (optional)
* `LETSENCRYPT_CHAIN`: Preferred certificate chain (e.g. `ISRG Root X1`, see [https://letsencrypt.org/certificates](https://letsencrypt.org/certificates/) for more details) (optional)
* `TESTING`: `true` or `false`, indicating whether a staging SSL certificate should be generated or not (optional, default: `false`) * `TESTING`: `true` or `false`, indicating whether a staging SSL certificate should be generated or not (optional, default: `false`)
* `UID`: User ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root) * `UID`: User ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)
* `GID`: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root) * `GID`: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: `0` - root)

17
scripts/start.sh
View file

@ -30,6 +30,12 @@ else
LETSENCRYPT_WILDCARD="false" LETSENCRYPT_WILDCARD="false"
fi fi
# Set default preferred chain if no value specified
if [ -z "$LETSENCRYPT_CHAIN" ]; then
"INFO: LETSENCRYPT_CHAIN is unset, using default chain"
LETSENCRYPT_CHAIN="default"
fi
# Set user and group ID's for files # Set user and group ID's for files
if [ -z "$UID" ]; then if [ -z "$UID" ]; then
echo "INFO: No UID specified, using root UID of 0" echo "INFO: No UID specified, using root UID of 0"
@ -47,6 +53,7 @@ echo "DUCKDNS_DOMAIN: $DUCKDNS_DOMAIN"
echo "LETSENCRYPT_DOMAIN: $LETSENCRYPT_DOMAIN" echo "LETSENCRYPT_DOMAIN: $LETSENCRYPT_DOMAIN"
echo "LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL" echo "LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL"
echo "LETSENCRYPT_WILDCARD: $LETSENCRYPT_WILDCARD" echo "LETSENCRYPT_WILDCARD: $LETSENCRYPT_WILDCARD"
echo "LETSENCRYPT_CHAIN: $LETSENCRYPT_CHAIN"
echo "TESTING: $TESTING" echo "TESTING: $TESTING"
echo "UID: $UID" echo "UID: $UID"
echo "GID: $GID" echo "GID: $GID"
@ -57,6 +64,12 @@ else
EMAIL_PARAM="-m $LETSENCRYPT_EMAIL --no-eff-email" EMAIL_PARAM="-m $LETSENCRYPT_EMAIL --no-eff-email"
fi fi
if [ "$LETSENCRYPT_CHAIN" = "default" ]; then
unset CHAIN_PARAM
else
CHAIN_PARAM=( --preferred-chain "$LETSENCRYPT_CHAIN" )
fi
if [ "$TESTING" = "true" ]; then if [ "$TESTING" = "true" ]; then
echo "INFO: Generating staging certificate" echo "INFO: Generating staging certificate"
TEST_PARAM="--test-cert" TEST_PARAM="--test-cert"
@ -67,14 +80,14 @@ fi
echo "certbot certonly --manual --preferred-challenges dns \ echo "certbot certonly --manual --preferred-challenges dns \
--manual-auth-hook /scripts/auth.sh \ --manual-auth-hook /scripts/auth.sh \
--manual-cleanup-hook /scripts/cleanup.sh \ --manual-cleanup-hook /scripts/cleanup.sh \
$EMAIL_PARAM -d $LETSENCRYPT_DOMAIN \ ${CHAIN_PARAM[@]} $EMAIL_PARAM -d $LETSENCRYPT_DOMAIN \
--agree-tos --manual-public-ip-logging-ok --keep $TEST_PARAM" --agree-tos --manual-public-ip-logging-ok --keep $TEST_PARAM"
# Create certificates # Create certificates
certbot certonly --manual --preferred-challenges dns \ certbot certonly --manual --preferred-challenges dns \
--manual-auth-hook /scripts/auth.sh \ --manual-auth-hook /scripts/auth.sh \
--manual-cleanup-hook /scripts/cleanup.sh \ --manual-cleanup-hook /scripts/cleanup.sh \
$EMAIL_PARAM -d $LETSENCRYPT_DOMAIN \ "${CHAIN_PARAM[@]}" $EMAIL_PARAM -d $LETSENCRYPT_DOMAIN \
--agree-tos --manual-public-ip-logging-ok --keep $TEST_PARAM --agree-tos --manual-public-ip-logging-ok --keep $TEST_PARAM
chown -R $UID:$GID /etc/letsencrypt chown -R $UID:$GID /etc/letsencrypt