commit 066eb808cc27465dd50e2df2940c1e22499b3124 Author: redxef Date: Thu Oct 29 16:38:49 2020 +0100 Init commit. diff --git a/certbot-auth b/certbot-auth new file mode 100755 index 0000000..2edc969 --- /dev/null +++ b/certbot-auth @@ -0,0 +1,9 @@ +#!/usr/bin/env sh + +set -x + +baseurl='https://www.duckdns.org/update?domains=%s&token=%s&txt=%s' +result="$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_VALIDATION" | curl -K -)" +# give some time for the record to update +sleep 120 +test "$result" = 'OK' diff --git a/certbot-cleanup b/certbot-cleanup new file mode 100755 index 0000000..63c8fd0 --- /dev/null +++ b/certbot-cleanup @@ -0,0 +1,6 @@ +#!/usr/bin/env sh + +set -x + +baseurl='https://www.duckdns.org/update?domains=%s&token=%s&txt=&clear=True%s' +test "$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_VALIDATION" | curl -K -)" = 'OK' diff --git a/certbot-duckdns b/certbot-duckdns new file mode 100755 index 0000000..11ed797 --- /dev/null +++ b/certbot-duckdns @@ -0,0 +1,12 @@ +#!/usr/bin/env sh + +set -x + +certbot certonly --manual --preferred-challenges dns-01 --keep \ + --email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org,*.$DUCKDNS_DOMAIN.duckdns.org" \ + --agree-tos --no-eff-email --manual-public-ip-logging-ok \ + --manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup + +logfile=/var/log/duckdns.log +baseurl='https://www.duckdns.org/update?domains=%s&token=%s&txt=%s' +printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$txt" | curl -o "$logfile" -K - diff --git a/certbot-duckdns.Dockerfile b/certbot-duckdns.Dockerfile new file mode 100644 index 0000000..02f0a26 --- /dev/null +++ b/certbot-duckdns.Dockerfile @@ -0,0 +1,11 @@ +FROM alpine:latest + +RUN apk update && apk upgrade +RUN apk add curl certbot openssl + +RUN mkdir /etc/cron.d +COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/ +COPY etc/cron.d/* /etc/cron.d/ + +ENTRYPOINT ["start-certbot-duckdns.sh"] +CMD [] diff --git a/duckdns b/duckdns new file mode 100755 index 0000000..82c8db3 --- /dev/null +++ b/duckdns @@ -0,0 +1,7 @@ +#!/usr/bin/env sh + +set -x + +logfile=/var/log/duckdns.log +baseurl='https://www.duckdns.org/update?domains=%s&token=%s&ip=' +printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" | curl -o "$logfile" -K - diff --git a/etc/cron.d/certbot b/etc/cron.d/certbot new file mode 100644 index 0000000..726d111 --- /dev/null +++ b/etc/cron.d/certbot @@ -0,0 +1,3 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +* */12 * * * root sh -c 'sleep \$RANDOM && certbot-duckdns' diff --git a/etc/cron.d/duckdns b/etc/cron.d/duckdns new file mode 100644 index 0000000..1ef2cea --- /dev/null +++ b/etc/cron.d/duckdns @@ -0,0 +1,3 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +*/5 * * * * root duckdns >/dev/null 2>&1 diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..de29c0f --- /dev/null +++ b/readme.md @@ -0,0 +1,9 @@ +# Certbot with duckdns wildcard certificate + +Just run it with the correct environment variables and enjoy. + +## ENV Variables + +- DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org +- DUCKDNS_TOKEN: Your duckdns api tokne +- LE_EMAIL: Your email for certificate related notifications diff --git a/start-certbot-duckdns.sh b/start-certbot-duckdns.sh new file mode 100755 index 0000000..d095594 --- /dev/null +++ b/start-certbot-duckdns.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh + +set -x + +dhparamfile='/etc/letsencrypt/ssl-dhparams.pem' +ssl_includefile='/etc/letsencrypt/options-ssl-nginx.conf' + +echo "Updating duckdns record" +duckdns +echo "Acquiering letsencrypt certificates" +certbot-duckdns +echo "Starting crond" +exec crond -f