webroot support
This commit is contained in:
parent
9a06ba637f
commit
d4b3dbabab
|
@ -8,6 +8,7 @@ This image will renew your certificates every 2 months, and place the lastest on
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
In docker-compose.yml, change the environment variables:
|
In docker-compose.yml, change the environment variables:
|
||||||
|
- WEBROOT: set this variable to the webroot path if you want to use the webroot plugin. Leave to use the standalone webserver.
|
||||||
- DOMAINS: a space separated list of domains for which you want to generate certificates.
|
- DOMAINS: a space separated list of domains for which you want to generate certificates.
|
||||||
- EMAIL: where you will receive updates from letsencrypt.
|
- EMAIL: where you will receive updates from letsencrypt.
|
||||||
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
|
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
|
||||||
|
@ -82,6 +83,10 @@ Certbot github: https://github.com/certbot/certbot
|
||||||
|
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
### 0.3
|
||||||
|
- Add support for webroot mode.
|
||||||
|
- Run certbot once with all domains.
|
||||||
|
|
||||||
### 0.2
|
### 0.2
|
||||||
- Upgraded to use certbot client
|
- Upgraded to use certbot client
|
||||||
- Changed image to use alpine linux
|
- Changed image to use alpine linux
|
||||||
|
|
|
@ -8,6 +8,7 @@ services:
|
||||||
- ./certs:/certs
|
- ./certs:/certs
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
|
- WEBROOT=""
|
||||||
- DOMAINS=domain1.com domain2.com
|
- DOMAINS=domain1.com domain2.com
|
||||||
- EMAIL=webmaster@domain1.com
|
- EMAIL=webmaster@domain1.com
|
||||||
- CONCAT=true
|
- CONCAT=true
|
||||||
|
|
|
@ -1,14 +1,27 @@
|
||||||
|
echo "Running certbot for domains $DOMAINS"
|
||||||
|
|
||||||
|
# build arg string
|
||||||
|
args=""
|
||||||
|
if [ $WEBROOT ]
|
||||||
|
then
|
||||||
|
args=" --webroot -w $WEBROOT"
|
||||||
|
else
|
||||||
|
args=" --standalone --standalone-supported-challenges
|
||||||
|
http-01"
|
||||||
|
fi
|
||||||
|
|
||||||
for d in $DOMAINS
|
for d in $DOMAINS
|
||||||
do
|
do
|
||||||
echo "Running certbot for $d"
|
args=$args" -d $d"
|
||||||
certbot --standalone --standalone-supported-challenges\
|
done
|
||||||
http-01 --agree-tos --renew-by-default\
|
|
||||||
--text --server https://acme-v01.api.letsencrypt.org/directory\
|
certbot --agree-tos --renew-by-default\
|
||||||
--email $EMAIL -d $d certonly
|
--text --server https://acme-v01.api.letsencrypt.org/directory\
|
||||||
ec=$?
|
--email $EMAIL certonly $args
|
||||||
echo "certbot exit code $ec"
|
ec=$?
|
||||||
if [ $ec -eq 0 ]
|
echo "certbot exit code $ec"
|
||||||
then
|
if [ $ec -eq 0 ]
|
||||||
|
then
|
||||||
if $CONCAT
|
if $CONCAT
|
||||||
then
|
then
|
||||||
# concat the full chain with the private key (e.g. for haproxy)
|
# concat the full chain with the private key (e.g. for haproxy)
|
||||||
|
@ -18,5 +31,7 @@ do
|
||||||
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
|
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
|
||||||
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
|
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
|
||||||
fi
|
fi
|
||||||
fi
|
echo "Success! Your new certificates are in /certs/"
|
||||||
done
|
else
|
||||||
|
echo "Cerbot failed. Check the logs for details."
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue