rodley82
1 month ago
commit
2e5f1cddb6
5 changed files with 62 additions and 0 deletions
@ -0,0 +1,6 @@ |
|||||
|
FROM certbot/dns-route53:latest |
||||
|
|
||||
|
# Set the working directory in the container |
||||
|
COPY docker-entrypoint.sh docker-entrypoint.sh |
||||
|
|
||||
|
ENTRYPOINT [ "./docker-entrypoint.sh" ] |
||||
@ -0,0 +1,3 @@ |
|||||
|
[default] |
||||
|
aws_access_key_id=AWS_ACCESS_KEY_ID |
||||
|
aws_secret_access_key=AWS_SECRET_ACCESS_KEY |
||||
@ -0,0 +1,18 @@ |
|||||
|
version: "3.7" |
||||
|
services: |
||||
|
certbot: |
||||
|
build: . |
||||
|
image: route53-wildcard-certbot |
||||
|
environment: |
||||
|
- AWS_CONFIG_FILE=/opt/certbot/aws_config |
||||
|
- CERT_FILES_OUTPUT_PATH=/opt/certbot/output |
||||
|
- DOMAIN=mydomain.com |
||||
|
- REGULAR_USER_UID=1000 |
||||
|
- REGULAR_USER_GID=1000 |
||||
|
- CERTBOT_EMAIL=sample@email.com |
||||
|
volumes: |
||||
|
- ./output:/opt/certbot/output |
||||
|
- ./aws_config:/opt/certbot/aws_config |
||||
|
# Uncomment the following lines to start the container and keep it running for troubleshooting and manual execution |
||||
|
# entrypoint: "" |
||||
|
# command: tail -f /dev/null |
||||
@ -0,0 +1,35 @@ |
|||||
|
#! /bin/sh |
||||
|
|
||||
|
EMAIL=$CERTBOT_EMAIL |
||||
|
if [ -z "$EMAIL" ]; then |
||||
|
echo "CERTBOT_EMAIL is not set. A valid email has to be defined in the env variable. Exiting." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
OUTPUT_PATH=$CERT_FILES_OUTPUT_PATH |
||||
|
if [ -z "$OUTPUT_PATH" ]; then |
||||
|
echo "CERT_FILES_OUTPUT_PATH is not set. A valid path has to be defined in the env variable. Exiting." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
DOMAIN=$DOMAIN |
||||
|
|
||||
|
certbot certonly -v --dns-route53 -d $DOMAIN -d *.$DOMAIN -i nginx --non-interactive --agree-tos --email $EMAIL |
||||
|
if [ $? -ne 0 ]; then |
||||
|
echo "Failed to obtain certificate. Exiting." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem ]; then |
||||
|
echo "Certificate obtained successfully. Copying files to output path." |
||||
|
cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $OUTPUT_PATH/fullchain.pem |
||||
|
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $OUTPUT_PATH/privkey.pem |
||||
|
if [ -n "$REGULAR_USER_UID" ] && [ -n "$REGULAR_USER_GID" ]; then |
||||
|
echo "Changing owner of files to $REGULAR_USER_UID:$REGULAR_USER_GID" |
||||
|
chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/fullchain.pem |
||||
|
chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/privkey.pem |
||||
|
fi |
||||
|
else |
||||
|
echo "Certificate not found. Exiting." |
||||
|
exit 1 |
||||
|
fi |
||||
Loading…
Reference in new issue