Initial commit.

This commit is contained in:
redxef 2022-06-24 16:22:19 +02:00
commit 11f75d5f44
Signed by: redxef
GPG key ID: 7DAC3AA211CBD921
8 changed files with 111 additions and 0 deletions

2
.dockerignore Normal file
View file

@ -0,0 +1,2 @@
.dockerignore
example/

18
Dockerfile Normal file
View file

@ -0,0 +1,18 @@
FROM alpine:latest
RUN apk --no-cache add \
certbot \
openssl \
netcat-openbsd \
python3 \
py3-pip \
&& python3 -m pip install certbot-dns-ovh
RUN mkdir -p /etc/periodic/12h
COPY start.sh certbot-ovh.sh /usr/local/bin/
COPY certbot-ovh.ini.tmpl /etc/certbot-ovh.ini.tmpl
COPY periodic/12h/certbot /etc/periodic/12h
VOLUME [ "/etc/letsencrypt/" ]
ENTRYPOINT [ "/bin/sh", "-c" ]
CMD [ "start.sh" ]

4
certbot-ovh.ini.tmpl Normal file
View file

@ -0,0 +1,4 @@
dns_ovh_endpoint =
dns_ovh_application_key =
dns_ovh_application_secret =
dns_ovh_consumer_key =

19
certbot-ovh.sh Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env sh
yes_options="
1
y
t
"
if [ -n "$CERTBOT_OVH_AGREE_TOS" ] && echo "$yes_options" | grep -wiq "$CERTBOT_OVH_AGREE_TOS"; then
agree_tos=--agree-tos
else
agree_tos=
fi
# shellcheck disable=SC2086
certbot certonly --preferred-challenges dns-01 --keep \
--email="$CERTBOT_OVH_LE_EMAIL" --domains="$CERTBOT_OVH_DOMAINS" \
--no-eff-email --manual-public-ip-logging-ok \
--dns-ovh --dns-ovh-credentials /etc/certbot-ovh.ini $agree_tos

4
example/certbot-ovh.ini Normal file
View file

@ -0,0 +1,4 @@
dns_ovh_endpoint = ovh-ca
dns_ovh_application_key =
dns_ovh_application_secret =
dns_ovh_consumer_key =

View file

@ -0,0 +1,15 @@
version: '3.3'
services:
certbot:
restart: unless-stopped
image: redxef/certbot-ovh
build:
context: ../
environment:
- CERTBOT_OVH_AGREE_TOS=1
- CERTBOT_OVH_LE_EMAIL=<your_email>
- CERTBOT_OVH_DOMAINS=yourdomain.tld,*.yourdomain.tld
volumes:
- ./certbot-ovh.ini:/etc/certbot-ovh.ini

1
periodic/12h/certbot Normal file
View file

@ -0,0 +1 @@
sleep "$RANDOM" && exec certbot-ovh.sh

48
start.sh Executable file
View file

@ -0,0 +1,48 @@
#!/usr/bin/env sh
pids=""
run_prog() {
"$@" &
pids="$! $pids"
}
trap_sig() {
printf '%s' "$pids" | while IFS= read -r pid; do
echo "pid=$pid"
# shellcheck disable=2086
kill -s $1 $pid
done
}
trap 'trap_sig TERM' TERM
if [ ! -f "/etc/certbot-ovh.ini" ]; then
echo "No certbot ovh configuration file found" >&2
echo "Please mount it at /etc/certbot-ovh.ini" >&2
echo "Example config at /etc/certbot-ovh.ini.tmpl" >&2
exit 1
fi
if [ -z "$CERTBOT_OVH_LE_EMAIL" ]; then
echo "Please provide the lets encrypt email address" >&2
echo "Specify CERTBOT_OVH_LE_EMAIL=<your_email>" >&2
exit 2
fi
if [ -z "$CERTBOT_OVH_DOMAINS" ]; then
echo "Please provide the domains for this certificate" >&2
echo "Example: CERTBOT_OVH_DOMAINS=domain1.tld,*.domain1.tld"
exit 3
fi
echo "Writing crond config" >&2
printf '*\t*/12\t*\t*\t*\trun-parts /etc/periodic/12h\n' >> /etc/crontabs/root
crontab -l
run_prog crond -l 0 -fc /etc/crontabs/
echo "Starting certbot" >&2
run_prog certbot-ovh.sh
# shellcheck disable=2086
wait $pids