rough idea based on a working project

1 month ago · 2e5f1cddb6
5 changed files with 62 additions and 0 deletions
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+FROM certbot/dns-route53:latest
+
+# Set the working directory in the container
+COPY docker-entrypoint.sh docker-entrypoint.sh
+
+ENTRYPOINT [ "./docker-entrypoint.sh" ]
--- a/aws_config.example
+++ b/aws_config.example
@ -0,0 +1,3 @@
+[default]
+aws_access_key_id=AWS_ACCESS_KEY_ID
+aws_secret_access_key=AWS_SECRET_ACCESS_KEY
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,18 @@
+version: "3.7"
+services:
+  certbot:
+    build: .
+    image: route53-wildcard-certbot
+    environment:
+      - AWS_CONFIG_FILE=/opt/certbot/aws_config
+      - CERT_FILES_OUTPUT_PATH=/opt/certbot/output
+      - DOMAIN=mydomain.com
+      - REGULAR_USER_UID=1000
+      - REGULAR_USER_GID=1000
+      - CERTBOT_EMAIL=sample@email.com
+    volumes:
+      - ./output:/opt/certbot/output
+      - ./aws_config:/opt/certbot/aws_config
+    # Uncomment the following lines to start the container and keep it running for troubleshooting and manual execution
+    # entrypoint: ""
+    # command: tail -f /dev/null
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -0,0 +1,35 @@
+#! /bin/sh
+
+EMAIL=$CERTBOT_EMAIL
+if [ -z "$EMAIL" ]; then
+  echo "CERTBOT_EMAIL is not set. A valid email has to be defined in the env variable. Exiting."
+  exit 1
+fi
+
+OUTPUT_PATH=$CERT_FILES_OUTPUT_PATH
+if [ -z "$OUTPUT_PATH" ]; then
+  echo "CERT_FILES_OUTPUT_PATH is not set. A valid path has to be defined in the env variable. Exiting."
+  exit 1
+fi
+
+DOMAIN=$DOMAIN
+
+certbot certonly -v --dns-route53 -d $DOMAIN -d *.$DOMAIN -i nginx --non-interactive --agree-tos --email $EMAIL
+if [ $? -ne 0 ]; then
+  echo "Failed to obtain certificate. Exiting."
+  exit 1
+fi
+
+if [ -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem ]; then
+  echo "Certificate obtained successfully. Copying files to output path."
+  cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $OUTPUT_PATH/fullchain.pem
+  cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $OUTPUT_PATH/privkey.pem
+  if [ -n "$REGULAR_USER_UID" ] && [ -n "$REGULAR_USER_GID" ]; then
+    echo "Changing owner of files to $REGULAR_USER_UID:$REGULAR_USER_GID"
+    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/fullchain.pem
+    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/privkey.pem
+  fi
+else
+  echo "Certificate not found. Exiting."
+  exit 1
+fi
--- a/output/.keep
+++ b/output/.keep