fix: update acme version

Dockerfile

@@ -1,4 +1,4 @@
-FROM library/alpine:3.5
+FROM library/alpine:3.11
 
 # Credit: @frol for python3 - https://github.com/frol/docker-alpine-python3/blob/master/Dockerfile
 
@@ -12,13 +12,13 @@ RUN apk add --no-cache --virtual .build-deps git \
     && cd /tmp \
     && git clone https://github.com/lukas2511/dehydrated.git \
     && cd dehydrated \
-    && git checkout tags/v0.4.0 \
+    && git checkout tags/v0.6.5 \
     && cd .. \
     && chmod a+x dehydrated/dehydrated \
     && mv dehydrated/dehydrated /usr/bin/ \
     && git clone https://github.com/AnalogJ/lexicon.git \
     && cd lexicon \
-    && git checkout tags/v2.1.8 \
+    && git checkout tags/v3.3.17 \
     && cd .. \
     && chmod a+x lexicon/examples/dehydrated.default.sh \
     && mv lexicon/examples/dehydrated.default.sh /usr/bin/dehydrated-dns \

config

@@ -10,6 +10,12 @@
 # Default values of this config are in comments        #
 ########################################################
 
+# Which user should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_USER=
+
+# Which group should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_GROUP=
+
 # Resolve names to addresses of IP version only. (curl)
 # supported values: 4, 6
 # default: <unset>
@@ -18,6 +24,13 @@
 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 CA="https://acme-staging.api.letsencrypt.org/directory"
 
+# Path to old certificate authority
+# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
+# If dehydrated detects an account-key for the old CA it will automatically reuse that key
+# instead of registering a new one.
+# default: https://acme-v01.api.letsencrypt.org/directory
+#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
+
 # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
 #LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
 
@@ -51,6 +64,12 @@ WELLKNOWN="/var/www/.well-known/acme-challenge"
 # Path to openssl config file (default: <unset> - tries to figure out system default)
 #OPENSSL_CNF=
 
+# Path to OpenSSL binary (default: "openssl")
+#OPENSSL="openssl"
+
+# Extra options passed to the curl binary (default: <unset>)
+#CURL_OPTS=
+
 # Program or function called in certain situations
 #
 # After generating the challenge-response, or after failed challenge (in this case altname is empty)
@@ -85,4 +104,19 @@ KEY_ALGO=secp384r1
 #LOCKFILE="${BASEDIR}/lock"
 
 # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
-OCSP_MUST_STAPLE="yes"
+OCSP_MUST_STAPLE="yes"
+
+# Fetch OCSP responses (default: no)
+#OCSP_FETCH="no"
+
+# OCSP refresh interval (default: 5 days)
+#OCSP_DAYS=5
+
+# Issuer chain cache directory (default: $BASEDIR/chains)
+#CHAINCACHE="${BASEDIR}/chains"
+
+# Automatic cleanup (default: no)
+#AUTO_CLEANUP="no"
+
+# ACME API version (default: auto)
+#API=auto

docker-entrypoint.sh

@@ -15,7 +15,7 @@ fi
 
 if [ "${LE_ENV}" == 'production' ]; then
 	echo "***** production *****"
-	sed -i 's@CA=.*@CA="https://acme-v01.api.letsencrypt.org/directory"@g' /etc/dehydrated/config
+	sed -i 's@CA=.*@CA="https://acme-v02.api.letsencrypt.org/directory"@g' /etc/dehydrated/config
 else
 	echo "***** staging *****"
 fi