add argument to create 1 certificate per domain
This commit is contained in:
parent
50c94dc81f
commit
b621ba06ed
|
@ -2,6 +2,7 @@ FROM python:2-alpine
|
|||
MAINTAINER Henri Dwyer <henri@dwyer.io>
|
||||
|
||||
VOLUME /certs
|
||||
VOLUME /etc/letsencrypt
|
||||
EXPOSE 80
|
||||
|
||||
RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\
|
||||
|
|
|
@ -11,7 +11,8 @@ In docker-compose.yml, change the environment variables:
|
|||
- WEBROOT: set this variable to the webroot path if you want to use the webroot plugin. Leave to use the standalone webserver.
|
||||
- DOMAINS: a space separated list of domains for which you want to generate certificates.
|
||||
- EMAIL: where you will receive updates from letsencrypt.
|
||||
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
|
||||
- CONCAT: true or false, whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
|
||||
- SEPARATE: true or false, whether you want one certificate per domain or one certificate valid for all domains.
|
||||
|
||||
## Running
|
||||
|
||||
|
|
|
@ -12,3 +12,4 @@ services:
|
|||
- DOMAINS=domain1.com domain2.com
|
||||
- EMAIL=webmaster@domain1.com
|
||||
- CONCAT=true
|
||||
- SEPARATE=true
|
||||
|
|
|
@ -1,34 +1,23 @@
|
|||
echo "Running certbot for domains $DOMAINS"
|
||||
|
||||
# build arg string
|
||||
args=""
|
||||
if [ $WEBROOT ]
|
||||
then
|
||||
args=" --webroot -w $WEBROOT"
|
||||
else
|
||||
args=" --standalone --standalone-supported-challenges
|
||||
http-01"
|
||||
fi
|
||||
get_certificate() {
|
||||
# Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
|
||||
# The certificate will be named after the first domain in the list
|
||||
# To work, the following variables must be set:
|
||||
# - CERT_DOMAINS : comma separated list of domains
|
||||
# - EMAIL
|
||||
# - CONCAT
|
||||
# - args
|
||||
|
||||
if $DEBUG
|
||||
then
|
||||
args=$args" --debug"
|
||||
fi
|
||||
|
||||
for d in $DOMAINS
|
||||
do
|
||||
args=$args" -d $d"
|
||||
done
|
||||
|
||||
certbot certonly --agree-tos --renew-by-default \
|
||||
local d=${CERT_DOMAINS//,*/} # read first domain
|
||||
echo "Getting certificate for $CERT_DOMAINS"
|
||||
certbot certonly --agree-tos --renew-by-default -n \
|
||||
--text --server https://acme-v01.api.letsencrypt.org/directory \
|
||||
--email $EMAIL $args
|
||||
--email $EMAIL -d $CERT_DOMAINS $args
|
||||
ec=$?
|
||||
echo "certbot exit code $ec"
|
||||
if [ $ec -eq 0 ]
|
||||
then
|
||||
for d in $DOMAINS
|
||||
do
|
||||
if $CONCAT
|
||||
then
|
||||
# concat the full chain with the private key (e.g. for haproxy)
|
||||
|
@ -38,8 +27,33 @@ then
|
|||
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
|
||||
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
|
||||
fi
|
||||
done
|
||||
echo "Success! Your new certificates are in /certs/"
|
||||
echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs"
|
||||
else
|
||||
echo "Cerbot failed. Check the logs for details."
|
||||
echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
|
||||
fi
|
||||
}
|
||||
|
||||
args=""
|
||||
if [ $WEBROOT ]
|
||||
then
|
||||
args=" --webroot -w $WEBROOT"
|
||||
else
|
||||
args=" --standalone --standalone-supported-challenges http-01"
|
||||
fi
|
||||
|
||||
if $DEBUG
|
||||
then
|
||||
args=$args" --debug"
|
||||
fi
|
||||
|
||||
if $SEPARATE
|
||||
then
|
||||
for d in $DOMAINS
|
||||
do
|
||||
CERT_DOMAINS=$d
|
||||
get_certificate
|
||||
done
|
||||
else
|
||||
CERT_DOMAINS=${DOMAINS// /,}
|
||||
get_certificate
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue