Container para emitir Certificados Let's Encrypt, com o Dehydrated
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
will Farrell 9c5e95c68e supress echo 8 years ago
.gitignore init commit 8 years ago
.travis.yml fix travis build path 8 years ago
Dockerfile add in aws sdk and docs for aws policy 8 years ago
LICENSE License update 8 years ago
README.md more doc clean up 8 years ago
config init commit 8 years ago
docker-entrypoint.sh supress echo 8 years ago
letsencrypt.env.sample init commit 8 years ago

README.md

docker-letsencrypt

container to generate letsencrypt certs using dehydrated + lexicon

Docs

Dockerfile

Use to set your own defaults or overwrite in the command

FROM willfarrell/letsencrypt:latest

COPY config /etc/dehydrated/config

ENV

# defaults to `staging`, use `production` when ready.
LE_ENV=staging
# Only required if you plan to use dns-01 challenges (use for private services)
# CloudFlare example
PROVIDER=cloudflare
LEXICON_CLOUDFLARE_USERNAME=
LEXICON_CLOUDFLARE_TOKEN=

# Route 53 example
PROVIDER=route53
LEXICON_ROUTE53_ACCESS_KEY=
LEXICON_ROUTE53_ACCESS_SECRET=

Testing

docker build -t letsencrypt .

# private
docker run \
    --env-file letsencrypt.env \
    letsencrypt \
    dehydrated \
        --cron --domain letsencrypt.willfarrell.ca \
        --hook dehydrated-dns \
        --challenge dns-01 \
        --force

# public
docker run -d \
    --env-file letsencrypt.env \
    letsencrypt \
    dehydrated \
        --cron --domain letsencrypt.willfarrell.ca \
        --challenge http-01 \
        --force

# reload nginx to see changes                                                                         

Deploy

Note the use of --hook dehydrated-dns, dehydrated-dns is a script wrapper to call lexicon from dehydrated.

# private
docker run \
    --volumes-from docker_nginx_1 \
    --env-file letsencrypt.env \
    willfarrell/letsencrypt \
    dehydrated \
        --cron --domain letsencrypt.willfarrell.ca \
        --out /etc/ssl \
        --hook dehydrated-dns \
        --challenge dns-01

# public
docker run -d \
    --volumes-from docker_nginx_1 \
    --env-file letsencrypt.env \
    willfarrell/letsencrypt \
    dehydrated \
        --cron --domain letsencrypt.willfarrell.ca \
        --out /etc/ssl \
        --challenge http-01

Route53 Access Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZonesByName",
                "route53:ChangeResourceRecordSets"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}