webroot support

2016-09-21 19:35:19 -04:00 · 2016-09-21 19:35:19 -04:00 · d4b3dbabab
parent 9a06ba637f
commit d4b3dbabab
3 changed files with 32 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@ This image will renew your certificates every 2 months, and place the lastest on
 ## Setup

 In docker-compose.yml, change the environment variables:
+- WEBROOT: set this variable to the webroot path if you want to use the webroot plugin. Leave to use the standalone webserver.
 - DOMAINS: a space separated list of domains for which you want to generate certificates.
 - EMAIL: where you will receive updates from letsencrypt.
 - CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
@ -82,6 +83,10 @@ Certbot github: https://github.com/certbot/certbot

 # Changelog

+### 0.3
+- Add support for webroot mode.
+- Run certbot once with all domains.
+
 ### 0.2
 - Upgraded to use certbot client
 - Changed image to use alpine linux
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,6 +8,7 @@ services:
      - ./certs:/certs
    restart: always
    environment:
+      - WEBROOT=""
      - DOMAINS=domain1.com domain2.com
      - EMAIL=webmaster@domain1.com
      - CONCAT=true
--- a/scripts/run_certbot.sh
+++ b/scripts/run_certbot.sh
@ -1,14 +1,27 @@
+echo "Running certbot for domains $DOMAINS"
+
+# build arg string
+args=""
+if [ $WEBROOT ]
+then
+  args=" --webroot -w $WEBROOT"
+else
+  args=" --standalone --standalone-supported-challenges
+  http-01"
+fi
+
 for d in $DOMAINS
 do
- echo "Running certbot for $d"
- certbot --standalone --standalone-supported-challenges\
-  http-01 --agree-tos --renew-by-default\
- --text --server https://acme-v01.api.letsencrypt.org/directory\
-  --email $EMAIL -d $d certonly
- ec=$?
- echo "certbot exit code $ec"
- if [ $ec -eq 0 ]
- then
+  args=$args" -d $d"
+done
+
+certbot --agree-tos --renew-by-default\
+--text --server https://acme-v01.api.letsencrypt.org/directory\
+--email $EMAIL certonly $args
+ec=$?
+echo "certbot exit code $ec"
+if [ $ec -eq 0 ]
+then
  if $CONCAT
  then
    # concat the full chain with the private key (e.g. for haproxy)
@ -18,5 +31,7 @@ do
    cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
    cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
  fi
- fi
-done
+  echo "Success! Your new certificates are in /certs/"
+else
+  echo "Cerbot failed. Check the logs for details."
+fi