Fabio/docker-letsencrypt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added support for duckdns wildcard ssl

Browse source
This commit is contained in:
Maksim 2019-12-07 03:58:17 +11:00
parent 5fa74d8dd3
commit 3db0ed793e
3 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -6,6 +6,9 @@ Variables:
* `DUCKDNS_TOKEN`: Duck DNS Account Token * `DUCKDNS_TOKEN`: Duck DNS Account Token
* `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`) * `DUCKDNS_DOMAIN`: Full Duck DNS domain (e.g. `test.duckdns.org`)
* `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications * `LETSENCRYPT_EMAIL`: Email used for certificate renewal notifications
* `LETSENCRYPT_WILDCARD`: `true` or `false`, indicating whether the SSL certificate should be for all subdomains of `DUCKDNS_DOMAIN` (i.e. `*.test.duckdns.org`), or just the main domain (i.e. `test.duckdns.org`)
**Note:** The format of `DUCKDNS_DOMAIN` should be the same regardless of the value of `LETSENCRYPT_WILDCARD`.
Volumes: Volumes:
* `<certs>:/etc/letsencrypt`: A named or hosted volume which allows SSL certificates to persist and be accessed by other containers * `<certs>:/etc/letsencrypt`: A named or hosted volume which allows SSL certificates to persist and be accessed by other containers

6
scripts/cert.sh
View file

@ -3,10 +3,8 @@
# Initial check for certificates # Initial check for certificates
certbot certonly --manual --preferred-challenges dns --manual-auth-hook \ certbot certonly --manual --preferred-challenges dns --manual-auth-hook \
/scripts/auth.sh --manual-cleanup-hook /scripts/cleanup.sh \ /scripts/auth.sh --manual-cleanup-hook /scripts/cleanup.sh \
-m "${LETSENCRYPT_EMAIL}" --no-eff-email -d "${DUCKDNS_DOMAIN}" \ -m "${LETSENCRYPT_EMAIL}" --no-eff-email -d "${LETSENCRYPT_DOMAIN}" \
--agree-tos --manual-public-ip-logging-ok << EOF --agree-tos --manual-public-ip-logging-ok --keep
1
EOF
# Basic check for successful certificate generation # Basic check for successful certificate generation
if [ ! -d "/etc/letsencrypt/live" ]; then if [ ! -d "/etc/letsencrypt/live" ]; then

18
scripts/start.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN, LETSENCRYPT_EMAIL # Check variables DUCKDNS_TOKEN, DUCKDNS_DOMAIN, LETSENCRYPT_EMAIL, LETSENCRYPT_WILDCARD
if [ -z "$DUCKDNS_TOKEN" ]; then if [ -z "$DUCKDNS_TOKEN" ]; then
echo ERROR: Variable DUCKDNS_TOKEN is unset echo ERROR: Variable DUCKDNS_TOKEN is unset
exit 1 exit 1
@ -16,10 +16,26 @@ if [ -z "$LETSENCRYPT_EMAIL" ]; then
exit 1 exit 1
fi fi
if [ -z "$LETSENCRYPT_WILDCARD" ]; then
echo ERROR: Variable LETSENCRYPT_WILDCARD is unset
exit 1
fi
# Set certificate url based on LETSENCRYPT_WILDCARD value
if [ "$LETSENCRYPT_WILDCARD" = "true" ]; then
export LETSENCRYPT_DOMAIN=*.${DUCKDNS_DOMAIN}
elif [ "$LETSENCRYPT_WILDCARD" = "false" ]; then
export LETSENCRYPT_DOMAIN=${DUCKDNS_DOMAIN}
else
echo ERROR: Invalid value for LETSENCRYPT_WILDCARD
exit 1
fi
# Print variables # Print variables
echo DUCKDNS_TOKEN: $DUCKDNS_TOKEN echo DUCKDNS_TOKEN: $DUCKDNS_TOKEN
echo DUCKDNS_DOMAIN: $DUCKDNS_DOMAIN echo DUCKDNS_DOMAIN: $DUCKDNS_DOMAIN
echo LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL echo LETSENCRYPT_EMAIL: $LETSENCRYPT_EMAIL
echo LETSENCRYPT_WILDCARD: $LETSENCRYPT_WILDCARD
# Start automatic ssl certificate generation # Start automatic ssl certificate generation
/bin/sh /scripts/cert.sh /bin/sh /scripts/cert.sh