[go: up one dir, main page]

Skip to content

ACME DNS challenge validation and certificate management with Letsencrypt / route53

License

Notifications You must be signed in to change notification settings

willgarcia/docker-letsencrypt-route53

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker Letsencrypt route53

Docker container to automate ACME DNS challenge validation and certificate management with Letsencrypt, dehydrated and AWS route53.

Note

The dehydrated hook dehydrated-route53 manages multiple route53 hosted zones. See original version.

Resources

Docker image

Usage

$ docker run \
    --env-file letsencrypt.env \
    willgarcia/letsencrypt \
    dehydrated

Usage: /usr/bin/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...

Default command: help

Commands:
 --register                       Register account key
 --cron (-c)                      Sign/renew non-existant/changed/expiring certificates.
 --signcsr (-s) path/to/csr.pem   Sign a given CSR, output CRT on stdout (advanced usage)
 --revoke (-r) path/to/cert.pem   Revoke specified certificate
 --cleanup (-gc)                  Move unused certificate files to archive directory
 --help (-h)                      Show help text
 --env (-e)                       Output configuration variables for use in other scripts

Parameters:
 --accept-terms                   Accept CAs terms of service
 --full-chain (-fc)               Print full chain when using --signcsr
 --ipv4 (-4)                      Resolve names to IPv4 addresses only
 --ipv6 (-6)                      Resolve names to IPv6 addresses only
 --domain (-d) domain.tld         Use specified domain name(s) instead of domains.txt entry (one certificate!)
 --keep-going (-g)                Keep going after encountering an error while creating/renewing multiple certificates in cron mode
 --force (-x)                     Force renew of certificate even if it is longer valid than value in RENEW_DAYS
 --no-lock (-n)                   Don't use lockfile (potentially dangerous!)
 --lock-suffix example.com        Suffix lockfile name with a string (useful for with -d)
 --ocsp                           Sets option in CSR indicating OCSP stapling to be mandatory
 --privkey (-p) path/to/key.pem   Use specified private key instead of account key (useful for revocation)
 --config (-f) path/to/config     Use specified config file
 --hook (-k) path/to/hook.sh      Use specified script for hooks
 --out (-o) certs/directory       Output certificates into the specified directory
 --challenge (-t) http-01|dns-01  Which challenge should be used? Currently http-01 and dns-01 are supported
 --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

Example of DNS challenge validation / cert. creation

Environment

Configure your credential for the AWS command line interface in letsencrypt.env.

Run dehydrated:

$ docker run \
    --env-file letsencrypt.env \
    willgarcia/letsencrypt \
    dehydrated \
        --cron --domain domain.com \
        --out /etc/ssl \
        --hook dehydrated \
        --challenge dns-01

# INFO: Using main config file /etc/dehydrated/config
Processing domain.com
 + Signing domains...
 + Creating new directory /etc/certs/domain.com ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for domain.com...
 + Already validated!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
Manually Deploy Cert: domain.com, /etc/certs/domain.com/privkey.pem, /etc/certs/domain.com/cert.pem, /etc/certs/domain.com/chain.pem
 + Done!

About

ACME DNS challenge validation and certificate management with Letsencrypt / route53

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published