Updated ACME client version

Dockerfile

@@ -1,24 +1,24 @@
-FROM library/alpine:3.5
+FROM library/alpine:3.14
 
 # Credit: @frol for python3 - https://github.com/frol/docker-alpine-python3/blob/master/Dockerfile
 
 # deps - python3 openssl curl sed grep mktemp
 # boto3 - AWS SDK for python
-RUN apk add --no-cache --virtual .build-deps git \
+RUN apk add --no-cache --virtual .build-deps git build-base libffi-dev openssl-dev cargo \
-    && apk add --no-cache --virtual .dehydrated-rundeps python3 bash openssl curl \
+    && apk add --no-cache --virtual .dehydrated-rundeps python3-dev py-pip bash openssl curl \
     && pip3 install --upgrade pip boto3 dns-lexicon dns-lexicon[route53] dns-lexicon[transip] \
     && rm -r /root/.cache \
 
     && cd /tmp \
     && git clone https://github.com/lukas2511/dehydrated.git \
     && cd dehydrated \
-    && git checkout tags/v0.4.0 \
+    && git checkout tags/v0.6.5 \
     && cd .. \
     && chmod a+x dehydrated/dehydrated \
     && mv dehydrated/dehydrated /usr/bin/ \
     && git clone https://github.com/AnalogJ/lexicon.git \
     && cd lexicon \
-    && git checkout tags/v2.1.8 \
+    && git checkout tags/v3.3.17 \
     && cd .. \
     && rm -rf /tmp/* \
     && apk del .build-deps

config

@@ -10,6 +10,12 @@
 # Default values of this config are in comments        #
 ########################################################
 
+# Which user should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_USER=
+
+# Which group should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_GROUP=
+
 # Resolve names to addresses of IP version only. (curl)
 # supported values: 4, 6
 # default: <unset>
@@ -18,6 +24,13 @@
 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 CA="https://acme-staging.api.letsencrypt.org/directory"
 
+# Path to old certificate authority
+# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
+# If dehydrated detects an account-key for the old CA it will automatically reuse that key
+# instead of registering a new one.
+# default: https://acme-v01.api.letsencrypt.org/directory
+#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
+
 # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
 #LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
 
@@ -51,6 +64,12 @@ KEYSIZE="4096"
 # Path to openssl config file (default: <unset> - tries to figure out system default)
 #OPENSSL_CNF=
 
+# Path to OpenSSL binary (default: "openssl")
+#OPENSSL="openssl"
+
+# Extra options passed to the curl binary (default: <unset>)
+#CURL_OPTS=
+
 # Program or function called in certain situations
 #
 # After generating the challenge-response, or after failed challenge (in this case altname is empty)
@@ -86,3 +105,18 @@ KEY_ALGO=secp384r1
 
 # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
 #OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses (default: no)
+#OCSP_FETCH="no"
+
+# OCSP refresh interval (default: 5 days)
+#OCSP_DAYS=5
+
+# Issuer chain cache directory (default: $BASEDIR/chains)
+#CHAINCACHE="${BASEDIR}/chains"
+
+# Automatic cleanup (default: no)
+#AUTO_CLEANUP="no"
+
+# ACME API version (default: auto)
+#API=auto

docker-entrypoint.sh

@@ -14,14 +14,17 @@ if [ "${LOG}" == "TRUE" ]; then
 fi
 
 if [ "${LE_ENV}" == 'production' ]; then
-	echo "***** ${LE_ENV} *****"
+	echo "***** production *****"
-	sed -i 's@CA=.*@CA="https://acme-v01.api.letsencrypt.org/directory"@g' /etc/dehydrated/config
+	sed -i 's@CA=.*@CA="https://acme-v02.api.letsencrypt.org/directory"@g' /etc/dehydrated/config
 else
 	echo "***** staging *****"
 fi
 
 # comma = new line
-if [ "${LE_DOMAIN}" ]; then
+if [ -z ${LE_DOMAIN+x} ]; then
+    echo "***** Skipping domains.txt *****"
+    echo "Ensure --domain arg is set"
+else
     echo "***** Creating domains.txt *****"
     echo ${LE_DOMAIN} | sed -e $'s/,/\\\n/g' > /etc/dehydrated/domains.txt
     cat /etc/dehydrated/domains.txt