From f267c8204b441589902b4cf736bb37ecb8a0e34a Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sat, 24 Feb 2018 17:40:10 -0700 Subject: [PATCH 1/3] fix multi domain logic --- docker-entrypoint.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a2d2b3c..d2bb5ab 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -14,14 +14,17 @@ if [ "${LOG}" == "TRUE" ]; then fi if [ "${LE_ENV}" == 'production' ]; then - echo "***** ${LE_ENV} *****" + echo "***** production *****" sed -i 's@CA=.*@CA="https://acme-v01.api.letsencrypt.org/directory"@g' /etc/dehydrated/config else echo "***** staging *****" fi # comma = new line -if [ "${LE_DOMAIN}" ]; then +if [ -z ${LE_DOMAIN+x} ]; then + echo "***** Skipping domains.txt *****" + echo "Ensure --domain arg is set" +else echo "***** Creating domains.txt *****" echo ${LE_DOMAIN} | sed -e $'s/,/\\\n/g' > /etc/dehydrated/domains.txt cat /etc/dehydrated/domains.txt From 20444061a095c7fd5c1a2a3b660f85dd98748f93 Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sun, 19 Jan 2020 19:34:26 -0700 Subject: [PATCH 2/3] fix: update acme version --- Dockerfile | 6 +++--- config | 36 +++++++++++++++++++++++++++++++++++- docker-entrypoint.sh | 2 +- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 43bdf85..e83678e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM library/alpine:3.5 +FROM library/alpine:3.11 # Credit: @frol for python3 - https://github.com/frol/docker-alpine-python3/blob/master/Dockerfile @@ -12,13 +12,13 @@ RUN apk add --no-cache --virtual .build-deps git \ && cd /tmp \ && git clone https://github.com/lukas2511/dehydrated.git \ && cd dehydrated \ - && git checkout tags/v0.4.0 \ + && git checkout tags/v0.6.5 \ && cd .. \ && chmod a+x dehydrated/dehydrated \ && mv dehydrated/dehydrated /usr/bin/ \ && git clone https://github.com/AnalogJ/lexicon.git \ && cd lexicon \ - && git checkout tags/v2.1.8 \ + && git checkout tags/v3.3.17 \ && cd .. \ && chmod a+x lexicon/examples/dehydrated.default.sh \ && mv lexicon/examples/dehydrated.default.sh /usr/bin/dehydrated-dns \ diff --git a/config b/config index 1a066d9..a336379 100644 --- a/config +++ b/config @@ -10,6 +10,12 @@ # Default values of this config are in comments # ######################################################## +# Which user should dehydrated run as? This will be implictly enforced when running as root +#DEHYDRATED_USER= + +# Which group should dehydrated run as? This will be implictly enforced when running as root +#DEHYDRATED_GROUP= + # Resolve names to addresses of IP version only. (curl) # supported values: 4, 6 # default: @@ -18,6 +24,13 @@ # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) CA="https://acme-staging.api.letsencrypt.org/directory" +# Path to old certificate authority +# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint. +# If dehydrated detects an account-key for the old CA it will automatically reuse that key +# instead of registering a new one. +# default: https://acme-v01.api.letsencrypt.org/directory +#OLDCA="https://acme-v01.api.letsencrypt.org/directory" + # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) #LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" @@ -51,6 +64,12 @@ WELLKNOWN="/var/www/.well-known/acme-challenge" # Path to openssl config file (default: - tries to figure out system default) #OPENSSL_CNF= +# Path to OpenSSL binary (default: "openssl") +#OPENSSL="openssl" + +# Extra options passed to the curl binary (default: ) +#CURL_OPTS= + # Program or function called in certain situations # # After generating the challenge-response, or after failed challenge (in this case altname is empty) @@ -85,4 +104,19 @@ KEY_ALGO=secp384r1 #LOCKFILE="${BASEDIR}/lock" # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) -OCSP_MUST_STAPLE="yes" \ No newline at end of file +OCSP_MUST_STAPLE="yes" + +# Fetch OCSP responses (default: no) +#OCSP_FETCH="no" + +# OCSP refresh interval (default: 5 days) +#OCSP_DAYS=5 + +# Issuer chain cache directory (default: $BASEDIR/chains) +#CHAINCACHE="${BASEDIR}/chains" + +# Automatic cleanup (default: no) +#AUTO_CLEANUP="no" + +# ACME API version (default: auto) +#API=auto \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index d2bb5ab..2600c13 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -15,7 +15,7 @@ fi if [ "${LE_ENV}" == 'production' ]; then echo "***** production *****" - sed -i 's@CA=.*@CA="https://acme-v01.api.letsencrypt.org/directory"@g' /etc/dehydrated/config + sed -i 's@CA=.*@CA="https://acme-v02.api.letsencrypt.org/directory"@g' /etc/dehydrated/config else echo "***** staging *****" fi From 60a0886357a0b9c66149fbbb67198e7d4ec926e3 Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sun, 19 Jan 2020 21:02:18 -0700 Subject: [PATCH 3/3] fix: add build deps --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e83678e..fa76674 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,8 @@ FROM library/alpine:3.11 # deps - python3 openssl curl sed grep mktemp # boto3 - AWS SDK for python -RUN apk add --no-cache --virtual .build-deps git \ - && apk add --no-cache --virtual .dehydrated-rundeps python3 bash openssl curl \ +RUN apk add --no-cache --virtual .build-deps git build-base libffi-dev openssl-dev \ + && apk add --no-cache --virtual .dehydrated-rundeps python3-dev bash openssl curl \ && pip3 install --upgrade pip boto3 dns-lexicon dns-lexicon[route53] dns-lexicon[transip] \ && rm -r /root/.cache \