Initial commit.
This commit is contained in:
commit
11f75d5f44
8 changed files with 111 additions and 0 deletions
2
.dockerignore
Normal file
2
.dockerignore
Normal file
|
@ -0,0 +1,2 @@
|
|||
.dockerignore
|
||||
example/
|
18
Dockerfile
Normal file
18
Dockerfile
Normal file
|
@ -0,0 +1,18 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN apk --no-cache add \
|
||||
certbot \
|
||||
openssl \
|
||||
netcat-openbsd \
|
||||
python3 \
|
||||
py3-pip \
|
||||
&& python3 -m pip install certbot-dns-ovh
|
||||
|
||||
RUN mkdir -p /etc/periodic/12h
|
||||
COPY start.sh certbot-ovh.sh /usr/local/bin/
|
||||
COPY certbot-ovh.ini.tmpl /etc/certbot-ovh.ini.tmpl
|
||||
COPY periodic/12h/certbot /etc/periodic/12h
|
||||
|
||||
VOLUME [ "/etc/letsencrypt/" ]
|
||||
ENTRYPOINT [ "/bin/sh", "-c" ]
|
||||
CMD [ "start.sh" ]
|
4
certbot-ovh.ini.tmpl
Normal file
4
certbot-ovh.ini.tmpl
Normal file
|
@ -0,0 +1,4 @@
|
|||
dns_ovh_endpoint =
|
||||
dns_ovh_application_key =
|
||||
dns_ovh_application_secret =
|
||||
dns_ovh_consumer_key =
|
19
certbot-ovh.sh
Executable file
19
certbot-ovh.sh
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
yes_options="
|
||||
1
|
||||
y
|
||||
t
|
||||
"
|
||||
|
||||
if [ -n "$CERTBOT_OVH_AGREE_TOS" ] && echo "$yes_options" | grep -wiq "$CERTBOT_OVH_AGREE_TOS"; then
|
||||
agree_tos=--agree-tos
|
||||
else
|
||||
agree_tos=
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
certbot certonly --preferred-challenges dns-01 --keep \
|
||||
--email="$CERTBOT_OVH_LE_EMAIL" --domains="$CERTBOT_OVH_DOMAINS" \
|
||||
--no-eff-email --manual-public-ip-logging-ok \
|
||||
--dns-ovh --dns-ovh-credentials /etc/certbot-ovh.ini $agree_tos
|
4
example/certbot-ovh.ini
Normal file
4
example/certbot-ovh.ini
Normal file
|
@ -0,0 +1,4 @@
|
|||
dns_ovh_endpoint = ovh-ca
|
||||
dns_ovh_application_key =
|
||||
dns_ovh_application_secret =
|
||||
dns_ovh_consumer_key =
|
15
example/docker-compose.yaml
Normal file
15
example/docker-compose.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
version: '3.3'
|
||||
services:
|
||||
certbot:
|
||||
restart: unless-stopped
|
||||
image: redxef/certbot-ovh
|
||||
build:
|
||||
context: ../
|
||||
environment:
|
||||
- CERTBOT_OVH_AGREE_TOS=1
|
||||
- CERTBOT_OVH_LE_EMAIL=<your_email>
|
||||
- CERTBOT_OVH_DOMAINS=yourdomain.tld,*.yourdomain.tld
|
||||
volumes:
|
||||
- ./certbot-ovh.ini:/etc/certbot-ovh.ini
|
||||
|
||||
|
1
periodic/12h/certbot
Normal file
1
periodic/12h/certbot
Normal file
|
@ -0,0 +1 @@
|
|||
sleep "$RANDOM" && exec certbot-ovh.sh
|
48
start.sh
Executable file
48
start.sh
Executable file
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
pids=""
|
||||
|
||||
run_prog() {
|
||||
"$@" &
|
||||
pids="$! $pids"
|
||||
}
|
||||
|
||||
trap_sig() {
|
||||
printf '%s' "$pids" | while IFS= read -r pid; do
|
||||
echo "pid=$pid"
|
||||
# shellcheck disable=2086
|
||||
kill -s $1 $pid
|
||||
done
|
||||
}
|
||||
|
||||
trap 'trap_sig TERM' TERM
|
||||
|
||||
if [ ! -f "/etc/certbot-ovh.ini" ]; then
|
||||
echo "No certbot ovh configuration file found" >&2
|
||||
echo "Please mount it at /etc/certbot-ovh.ini" >&2
|
||||
echo "Example config at /etc/certbot-ovh.ini.tmpl" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$CERTBOT_OVH_LE_EMAIL" ]; then
|
||||
echo "Please provide the lets encrypt email address" >&2
|
||||
echo "Specify CERTBOT_OVH_LE_EMAIL=<your_email>" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
if [ -z "$CERTBOT_OVH_DOMAINS" ]; then
|
||||
echo "Please provide the domains for this certificate" >&2
|
||||
echo "Example: CERTBOT_OVH_DOMAINS=domain1.tld,*.domain1.tld"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
echo "Writing crond config" >&2
|
||||
printf '*\t*/12\t*\t*\t*\trun-parts /etc/periodic/12h\n' >> /etc/crontabs/root
|
||||
crontab -l
|
||||
|
||||
run_prog crond -l 0 -fc /etc/crontabs/
|
||||
|
||||
echo "Starting certbot" >&2
|
||||
run_prog certbot-ovh.sh
|
||||
# shellcheck disable=2086
|
||||
wait $pids
|
Loading…
Reference in a new issue