commit 11f75d5f44055f2136e7d64bde445d42274c10ab Author: redxef Date: Fri Jun 24 16:22:19 2022 +0200 Initial commit. diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c966681 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +.dockerignore +example/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5ec0976 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:latest + +RUN apk --no-cache add \ + certbot \ + openssl \ + netcat-openbsd \ + python3 \ + py3-pip \ + && python3 -m pip install certbot-dns-ovh + +RUN mkdir -p /etc/periodic/12h +COPY start.sh certbot-ovh.sh /usr/local/bin/ +COPY certbot-ovh.ini.tmpl /etc/certbot-ovh.ini.tmpl +COPY periodic/12h/certbot /etc/periodic/12h + +VOLUME [ "/etc/letsencrypt/" ] +ENTRYPOINT [ "/bin/sh", "-c" ] +CMD [ "start.sh" ] diff --git a/certbot-ovh.ini.tmpl b/certbot-ovh.ini.tmpl new file mode 100644 index 0000000..17ed8d5 --- /dev/null +++ b/certbot-ovh.ini.tmpl @@ -0,0 +1,4 @@ +dns_ovh_endpoint = +dns_ovh_application_key = +dns_ovh_application_secret = +dns_ovh_consumer_key = diff --git a/certbot-ovh.sh b/certbot-ovh.sh new file mode 100755 index 0000000..cfe651c --- /dev/null +++ b/certbot-ovh.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env sh + +yes_options=" +1 +y +t +" + +if [ -n "$CERTBOT_OVH_AGREE_TOS" ] && echo "$yes_options" | grep -wiq "$CERTBOT_OVH_AGREE_TOS"; then + agree_tos=--agree-tos +else + agree_tos= +fi + +# shellcheck disable=SC2086 +certbot certonly --preferred-challenges dns-01 --keep \ + --email="$CERTBOT_OVH_LE_EMAIL" --domains="$CERTBOT_OVH_DOMAINS" \ + --no-eff-email --manual-public-ip-logging-ok \ + --dns-ovh --dns-ovh-credentials /etc/certbot-ovh.ini $agree_tos diff --git a/example/certbot-ovh.ini b/example/certbot-ovh.ini new file mode 100644 index 0000000..a333b2c --- /dev/null +++ b/example/certbot-ovh.ini @@ -0,0 +1,4 @@ +dns_ovh_endpoint = ovh-ca +dns_ovh_application_key = +dns_ovh_application_secret = +dns_ovh_consumer_key = diff --git a/example/docker-compose.yaml b/example/docker-compose.yaml new file mode 100644 index 0000000..7fca5f3 --- /dev/null +++ b/example/docker-compose.yaml @@ -0,0 +1,15 @@ +version: '3.3' +services: + certbot: + restart: unless-stopped + image: redxef/certbot-ovh + build: + context: ../ + environment: + - CERTBOT_OVH_AGREE_TOS=1 + - CERTBOT_OVH_LE_EMAIL= + - CERTBOT_OVH_DOMAINS=yourdomain.tld,*.yourdomain.tld + volumes: + - ./certbot-ovh.ini:/etc/certbot-ovh.ini + + diff --git a/periodic/12h/certbot b/periodic/12h/certbot new file mode 100644 index 0000000..2893ca5 --- /dev/null +++ b/periodic/12h/certbot @@ -0,0 +1 @@ +sleep "$RANDOM" && exec certbot-ovh.sh diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..6b23844 --- /dev/null +++ b/start.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env sh + +pids="" + +run_prog() { + "$@" & + pids="$! $pids" +} + +trap_sig() { + printf '%s' "$pids" | while IFS= read -r pid; do + echo "pid=$pid" + # shellcheck disable=2086 + kill -s $1 $pid + done +} + +trap 'trap_sig TERM' TERM + +if [ ! -f "/etc/certbot-ovh.ini" ]; then + echo "No certbot ovh configuration file found" >&2 + echo "Please mount it at /etc/certbot-ovh.ini" >&2 + echo "Example config at /etc/certbot-ovh.ini.tmpl" >&2 + exit 1 +fi + +if [ -z "$CERTBOT_OVH_LE_EMAIL" ]; then + echo "Please provide the lets encrypt email address" >&2 + echo "Specify CERTBOT_OVH_LE_EMAIL=" >&2 + exit 2 +fi + +if [ -z "$CERTBOT_OVH_DOMAINS" ]; then + echo "Please provide the domains for this certificate" >&2 + echo "Example: CERTBOT_OVH_DOMAINS=domain1.tld,*.domain1.tld" + exit 3 +fi + +echo "Writing crond config" >&2 +printf '*\t*/12\t*\t*\t*\trun-parts /etc/periodic/12h\n' >> /etc/crontabs/root +crontab -l + +run_prog crond -l 0 -fc /etc/crontabs/ + +echo "Starting certbot" >&2 +run_prog certbot-ovh.sh +# shellcheck disable=2086 +wait $pids