├── Dockerfile
├── LICENSE
├── README.md
└── hooks
    └── build


/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3
 2 | 
 3 | RUN python -m pip install \
 4 | 	certbot \
 5 | 	certbot-dns-cloudflare \
 6 | 	certbot-dns-cloudxns \
 7 | 	certbot-dns-digitalocean \
 8 | 	certbot-dns-dnsimple \
 9 | 	certbot-dns-dnsmadeeasy \
10 | 	certbot-dns-google \
11 | 	certbot-dns-linode \
12 | 	certbot-dns-luadns \
13 | 	certbot-dns-nsone \
14 | 	certbot-dns-ovh \
15 | 	certbot-dns-rfc2136 \
16 | 	certbot-dns-route53
17 | 
18 | ARG BUILD_DATE
19 | ARG VCS_REF
20 | LABEL \
21 |     org.opencontainers.image.created=$BUILD_DATE \
22 |     org.opencontainers.image.authors="https://pierreprinetti.com" \
23 |     org.opencontainers.image.url="https://quay.io/repository/pierreprinetti/certbot" \
24 |     org.opencontainers.image.source="https://github.com/pierreprinetti/certbot" \
25 |     org.opencontainers.image.version=$VCS_REF \
26 |     org.opencontainers.image.revision=$VCS_REF \
27 |     org.opencontainers.image.title="certbot" \
28 |     org.opencontainers.image.description="Containerized Certbot: EFF's Let's encrypt ACME client"
29 | 
30 | ENTRYPOINT ["certbot"]
31 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2016 Pierre Prinetti
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # certbot
  2 | 
  3 | Containerized [certbot][certbot] with the plugins listed [in the docs][dns-plugins] made available:
  4 | 
  5 | * certbot-dns-cloudflare
  6 | * certbot-dns-cloudxns
  7 | * certbot-dns-digitalocean
  8 | * certbot-dns-dnsimple
  9 | * certbot-dns-dnsmadeeasy
 10 | * certbot-dns-google
 11 | * certbot-dns-linode
 12 | * certbot-dns-luadns
 13 | * certbot-dns-nsone
 14 | * certbot-dns-ovh
 15 | * certbot-dns-rfc2136
 16 | * certbot-dns-route53
 17 | 
 18 | ## Obtaining certificates
 19 | 
 20 | The container entrypoint is literally EFF's `certbot`. All the flags and
 21 | arguments described in the documentation will work here.
 22 | 
 23 | ## Example: Manual dns-01 challenge
 24 | 
 25 | The examples use Podman. Substitute [`podman`][podman] with `docker` if you prefer that.
 26 | 
 27 | The expected outcome is to have the certificates saved in a volume, so that it can be easily mounted into the webserver container:
 28 | 
 29 | ```
 30 | podman volume create --name https-certs
 31 | ```
 32 | 
 33 | Prepare to manually edit your DNS zone with the provided instructions:
 34 | 
 35 | ```
 36 | podman run --rm -it \
 37 | 	-v https-certs:/etc/letsencrypt \
 38 | 	quay.io/pierreprinetti/certbot certonly \
 39 | 		--manual \
 40 | 		--preferred-challenges=dns \
 41 | 		-m me@example.com \
 42 | 		--agree-tos \
 43 | 		-d example.com \
 44 | 		-d www.example.com
 45 | ```
 46 | 
 47 | ### Example: Obtaining certificates with the OVH DNS plugin
 48 | 
 49 | In this example, my OVH credentials are stored in the file `./ovh.ini` as described in [the docs][dns-ovh-docs].
 50 | 
 51 | This command will persist the Letsencrypt material, including the HTTPS certificate, in the newly created volume:
 52 | 
 53 | ```
 54 | podman run --rm \
 55 | 	-v $(pwd)/ovh.ini:/ovh.ini:ro \
 56 | 	-v https-certs:/etc/letsencrypt \
 57 | 	quay.io/pierreprinetti/certbot certonly \
 58 | 		--non-interactive \
 59 | 		--agree-tos \
 60 | 		-m me@example.com \
 61 | 		--dns-ovh \
 62 | 		--dns-ovh-credentials /ovh.ini \
 63 | 		-d example.com \
 64 | 		-d www.example.com
 65 | ```
 66 | 
 67 | Remember to substitute `me@example.com` with your own email address in order to receive important notifications about your certificate.
 68 | 
 69 | This same command will renew the certificates, if they are found in the attached volume.
 70 | 
 71 | ## Use the certs in the server
 72 | 
 73 | Spin your favorite reverse proxy with something like:
 74 | 
 75 | ```
 76 | podman run \
 77 | 	--name some-nginx \
 78 | 	-v https-certs:/etc/nginx/certs:ro \
 79 | 	-p 80:80 \
 80 | 	-p 443:443 \
 81 | 	--restart unless-stopped \
 82 | 	-d nginx:mainline-alpine
 83 | ```
 84 | 
 85 | Example configuration for `example.com` in your containerized nginx:
 86 | 
 87 | ```
 88 | server {
 89 | 	listen      443 http2;
 90 | 	listen      [::]:443 http2;
 91 | 	server_name example.com;
 92 | 
 93 | 	ssl on;
 94 | 	ssl_certificate     /etc/nginx/certs/live/example.com/fullchain.pem;
 95 | 	ssl_certificate_key /etc/nginx/certs/live/example.com/privkey.pem;
 96 | 
 97 | 	[...]
 98 | ```
 99 | 
100 | [certbot]: https://certbot.eff.org/ "Certbot website"
101 | [dns-plugins]: https://certbot.eff.org/docs/using.html#dns-plugins "Certbot DNS plugins"
102 | [podman]: https://podman.io/ "podman.io"
103 | [dns-ovh-docs]: https://certbot-dns-ovh.readthedocs.io/en/stable "Certbot DNS OVH plugin documentation"
104 | 


--------------------------------------------------------------------------------
/hooks/build:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | docker build \
4 | 	--build-arg VCS_REF="$(git log --pretty=format:'%h' -n 1)" \
5 | 	--build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
6 | 	-t "$IMAGE_NAME" .
7 | 


--------------------------------------------------------------------------------