Last active
October 22, 2024 11:48
-
-
Save rasschaert/6a4434297ddc70dfd585bd420bdf780e to your computer and use it in GitHub Desktop.
Automatic renewal of let's encrypt certificates using docker containers and luadns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Set PATH | |
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
# Run the certbot container to renew the certs | |
docker-compose -f /opt/docker/certbot/docker-compose.yml run --rm certbot | |
# Concatenate the resulting certificate chain and the private key and write it to HAProxy's certificate file. | |
cat /opt/docker/certbot/certbot/etc/letsencrypt/live/example.org/{fullchain,privkey}.pem > /opt/docker/haproxy/ssl/example_org.pem | |
# Restart haproxy | |
docker-compose -f /opt/docker/haproxy/docker-compose.yml restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Edit this file to introduce tasks to be run by cron. | |
# | |
# Each task to run has to be defined through a single line | |
# indicating with different fields when the task will be run | |
# and what command to run for the task | |
# | |
# To define the time you can provide concrete values for | |
# minute (m), hour (h), day of month (dom), month (mon), | |
# and day of week (dow) or use '*' in these fields (for 'any').# | |
# Notice that tasks will be started based on the cron's system | |
# daemon's notion of time and timezones. | |
# | |
# Output of the crontab jobs (including errors) is sent through | |
# email to the user the crontab file belongs to (unless redirected). | |
# | |
# For example, you can run a backup of all your user accounts | |
# at 5 a.m every week with: | |
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ | |
# | |
# For more information see the manual pages of crontab(5) and cron(8) | |
# | |
# m h dom mon dow command | |
@monthly /usr/local/bin/renew-certificate.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3" | |
services: | |
certbot: | |
image: certbot/dns-luadns:latest | |
volumes: | |
- ./certbot/etc/luadns:/etc/luadns:ro | |
- ./certbot/etc/letsencrypt:/etc/letsencrypt | |
- ./certbot/var/lib/letsencrypt:/var/lib/letsencrypt | |
# This is already the default entrypoint in the container image, but I like to explicitly remind myself of that here. | |
entrypoint: certbot | |
# Documentation for certbot at https://certbot.eff.org/docs/using.html | |
# Documentation for the luadns-specific flags at https://certbot-dns-luadns.readthedocs.io/en/stable/ | |
# Add the --dry-run flag if you just want to try things without submitting an actual signing request. | |
command: --text --agree-tos --non-interactive certonly --server https://acme-v02.api.letsencrypt.org/directory --dns-luadns --dns-luadns-credentials /etc/luadns/credentials.ini --cert-name example.org -d *.example.org -d example.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment