Browse Source

fix: update acme version

master
will Farrell 5 years ago
parent
commit
20444061a0
No known key found for this signature in database GPG Key ID: 3FC6D79E2208B22A
  1. 6
      Dockerfile
  2. 34
      config
  3. 2
      docker-entrypoint.sh

6
Dockerfile

@ -1,4 +1,4 @@
FROM library/alpine:3.5 FROM library/alpine:3.11
# Credit: @frol for python3 - https://github.com/frol/docker-alpine-python3/blob/master/Dockerfile # Credit: @frol for python3 - https://github.com/frol/docker-alpine-python3/blob/master/Dockerfile
@ -12,13 +12,13 @@ RUN apk add --no-cache --virtual .build-deps git \
&& cd /tmp \ && cd /tmp \
&& git clone https://github.com/lukas2511/dehydrated.git \ && git clone https://github.com/lukas2511/dehydrated.git \
&& cd dehydrated \ && cd dehydrated \
&& git checkout tags/v0.4.0 \ && git checkout tags/v0.6.5 \
&& cd .. \ && cd .. \
&& chmod a+x dehydrated/dehydrated \ && chmod a+x dehydrated/dehydrated \
&& mv dehydrated/dehydrated /usr/bin/ \ && mv dehydrated/dehydrated /usr/bin/ \
&& git clone https://github.com/AnalogJ/lexicon.git \ && git clone https://github.com/AnalogJ/lexicon.git \
&& cd lexicon \ && cd lexicon \
&& git checkout tags/v2.1.8 \ && git checkout tags/v3.3.17 \
&& cd .. \ && cd .. \
&& chmod a+x lexicon/examples/dehydrated.default.sh \ && chmod a+x lexicon/examples/dehydrated.default.sh \
&& mv lexicon/examples/dehydrated.default.sh /usr/bin/dehydrated-dns \ && mv lexicon/examples/dehydrated.default.sh /usr/bin/dehydrated-dns \

34
config

@ -10,6 +10,12 @@
# Default values of this config are in comments # # Default values of this config are in comments #
######################################################## ########################################################
# Which user should dehydrated run as? This will be implictly enforced when running as root
#DEHYDRATED_USER=
# Which group should dehydrated run as? This will be implictly enforced when running as root
#DEHYDRATED_GROUP=
# Resolve names to addresses of IP version only. (curl) # Resolve names to addresses of IP version only. (curl)
# supported values: 4, 6 # supported values: 4, 6
# default: <unset> # default: <unset>
@ -18,6 +24,13 @@
# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
CA="https://acme-staging.api.letsencrypt.org/directory" CA="https://acme-staging.api.letsencrypt.org/directory"
# Path to old certificate authority
# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
# If dehydrated detects an account-key for the old CA it will automatically reuse that key
# instead of registering a new one.
# default: https://acme-v01.api.letsencrypt.org/directory
#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
#LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" #LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
@ -51,6 +64,12 @@ WELLKNOWN="/var/www/.well-known/acme-challenge"
# Path to openssl config file (default: <unset> - tries to figure out system default) # Path to openssl config file (default: <unset> - tries to figure out system default)
#OPENSSL_CNF= #OPENSSL_CNF=
# Path to OpenSSL binary (default: "openssl")
#OPENSSL="openssl"
# Extra options passed to the curl binary (default: <unset>)
#CURL_OPTS=
# Program or function called in certain situations # Program or function called in certain situations
# #
# After generating the challenge-response, or after failed challenge (in this case altname is empty) # After generating the challenge-response, or after failed challenge (in this case altname is empty)
@ -86,3 +105,18 @@ KEY_ALGO=secp384r1
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
OCSP_MUST_STAPLE="yes" OCSP_MUST_STAPLE="yes"
# Fetch OCSP responses (default: no)
#OCSP_FETCH="no"
# OCSP refresh interval (default: 5 days)
#OCSP_DAYS=5
# Issuer chain cache directory (default: $BASEDIR/chains)
#CHAINCACHE="${BASEDIR}/chains"
# Automatic cleanup (default: no)
#AUTO_CLEANUP="no"
# ACME API version (default: auto)
#API=auto

2
docker-entrypoint.sh

@ -15,7 +15,7 @@ fi
if [ "${LE_ENV}" == 'production' ]; then if [ "${LE_ENV}" == 'production' ]; then
echo "***** production *****" echo "***** production *****"
sed -i 's@CA=.*@CA="https://acme-v01.api.letsencrypt.org/directory"@g' /etc/dehydrated/config sed -i 's@CA=.*@CA="https://acme-v02.api.letsencrypt.org/directory"@g' /etc/dehydrated/config
else else
echo "***** staging *****" echo "***** staging *****"
fi fi

Loading…
Cancel
Save