webroot support

This commit is contained in:
Henri Dwyer 2016-09-21 19:35:19 -04:00
parent 9a06ba637f
commit d4b3dbabab
3 changed files with 32 additions and 11 deletions

View File

@ -8,6 +8,7 @@ This image will renew your certificates every 2 months, and place the lastest on
## Setup ## Setup
In docker-compose.yml, change the environment variables: In docker-compose.yml, change the environment variables:
- WEBROOT: set this variable to the webroot path if you want to use the webroot plugin. Leave to use the standalone webserver.
- DOMAINS: a space separated list of domains for which you want to generate certificates. - DOMAINS: a space separated list of domains for which you want to generate certificates.
- EMAIL: where you will receive updates from letsencrypt. - EMAIL: where you will receive updates from letsencrypt.
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache). - CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
@ -82,6 +83,10 @@ Certbot github: https://github.com/certbot/certbot
# Changelog # Changelog
### 0.3
- Add support for webroot mode.
- Run certbot once with all domains.
### 0.2 ### 0.2
- Upgraded to use certbot client - Upgraded to use certbot client
- Changed image to use alpine linux - Changed image to use alpine linux

View File

@ -8,6 +8,7 @@ services:
- ./certs:/certs - ./certs:/certs
restart: always restart: always
environment: environment:
- WEBROOT=""
- DOMAINS=domain1.com domain2.com - DOMAINS=domain1.com domain2.com
- EMAIL=webmaster@domain1.com - EMAIL=webmaster@domain1.com
- CONCAT=true - CONCAT=true

View File

@ -1,14 +1,27 @@
echo "Running certbot for domains $DOMAINS"
# build arg string
args=""
if [ $WEBROOT ]
then
args=" --webroot -w $WEBROOT"
else
args=" --standalone --standalone-supported-challenges
http-01"
fi
for d in $DOMAINS for d in $DOMAINS
do do
echo "Running certbot for $d" args=$args" -d $d"
certbot --standalone --standalone-supported-challenges\ done
http-01 --agree-tos --renew-by-default\
--text --server https://acme-v01.api.letsencrypt.org/directory\ certbot --agree-tos --renew-by-default\
--email $EMAIL -d $d certonly --text --server https://acme-v01.api.letsencrypt.org/directory\
ec=$? --email $EMAIL certonly $args
echo "certbot exit code $ec" ec=$?
if [ $ec -eq 0 ] echo "certbot exit code $ec"
then if [ $ec -eq 0 ]
then
if $CONCAT if $CONCAT
then then
# concat the full chain with the private key (e.g. for haproxy) # concat the full chain with the private key (e.g. for haproxy)
@ -18,5 +31,7 @@ do
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
fi fi
fi echo "Success! Your new certificates are in /certs/"
done else
echo "Cerbot failed. Check the logs for details."
fi