Fabio/docker-letsencrypt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
📜 Automatic SSL Certificate Generation for Duck DNS Domains
42 commits 2 branches 0 tags 79 KiB
Shell 89.9%
Dockerfile 10.1%
Find a file
Maksim Stojkovic 1a22ead6fa
Merge pull request #8 from oguh43/patch-1 
add missing echo
2022-11-27 17:38:58 +11:00
.github/workflows updated buildx tasks for faster builds 2021-10-07 05:54:11 +11:00
scripts add missing echo 2022-11-25 17:46:39 +01:00
.dockerignore Updated ignore files 2022-08-20 22:03:09 +10:00
.gitignore Updated ignore files 2022-08-20 22:03:09 +10:00
docker-compose.yml alternative domain merge prep 2021-10-07 05:30:20 +11:00
Dockerfile Added support for --preferred-chain 2022-08-20 23:49:03 +10:00
LICENSE resolved bug with email input 2021-08-18 19:11:48 +10:00
README.md Added support for --preferred-chain 2022-08-20 23:49:03 +10:00

README.md

Let's Encrypt for Duck DNS

Build Status Docker Pulls Docker Stars Docker Image Size (latest by date) Docker Image Version (latest by date)

Automatically generates Let's Encrypt certificates using a lightweight Docker container without requiring any ports to be exposed for DNS challenges.

Environment Variables

  • DUCKDNS_TOKEN: Duck DNS account token (obtained from Duck DNS) (required)
  • DUCKDNS_DOMAIN: Full Duck DNS domain (e.g. test.duckdns.org) (required)
  • LETSENCRYPT_DOMAIN: Domain to generate SSL cert for. By default the SSL certificate is generated for DUCKDNS_DOMAIN (optional)
  • LETSENCRYPT_WILDCARD: true or false, indicating whether the SSL certificate should be for subdomains only of LETSENCRYPT_DOMAIN (i.e. *.test.duckdns.org), or for the main domain only (i.e. test.duckdns.org) (optional, default: false)
  • LETSENCRYPT_EMAIL: Email used for certificate renewal notifications (optional)
  • LETSENCRYPT_CHAIN: Preferred certificate chain (e.g. ISRG Root X1, see https://letsencrypt.org/certificates for more details) (optional)
  • TESTING: true or false, indicating whether a staging SSL certificate should be generated or not (optional, default: false)
  • UID: User ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)
  • GID: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)

Notes

  • The DUCKDNS_DOMAIN should already be pointing to the server with a dynamic IP. The maksimstojkovic/duckdns image can be used to automatically update the IP address.
  • The format of DUCKDNS_DOMAIN should be <subdomain>.duckdns.org, regardless of the value of LETSENCRYPT_WILDCARD.
  • To use LETSENCRYPT_DOMAIN feature, the following DNS records need to be created for ACME authentication (records should not be proxied):
Type Name Value Condition
CNAME *.<LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == true
CNAME <LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == false
CNAME _acme-challenge.<LETSENCRYPT_DOMAIN> _acme-challenge.<DUCKDNS_DOMAIN>

Volumes

  • <certs>:/etc/letsencrypt: A named or host volume which allows SSL certificates to persist and be accessed by other containers

Note: To use the <certs> host volume in another container, mount it as read-only for those containers. The <certs> host volume should be read-write enabled for the Letsencrypt container.