Public Repository

Last pushed: 2 years ago
Short Description
Docker image that bundles acmetool with libcloud to perform a DNS challenge
Full Description

acmetool with DNS challenge hook (libcloud)

Bundling acmetool with a libcloud DNS challenge hook. See the list of supported DNS providers.

How to use this image

Prepare acmetool state folder

mkdir -p /my/acme/conf
wget -O /my/acme/conf/responses
# Edit /my/acme/conf/responses file according to your needs

Define your desired domains and DNS provider

cat <<EOF > /my/acme/desired/

    type: rsa|ecdsa
    rsa-size: 2048
    ecdsa-curve: nistp256
  ocsp-must-staple: true
  # Use staging for testing. Replace provider with:
      provider: vultr
      key: 781472cf1d657a9bf46b61dee83c4

# Make sure you lower the file permission of this file 
# because it contains sensitive information.

The libcloud hook needs to know the DNS provider and a provider specific configuration like username, access token, hostname, ... . This information must be stored in the desired file under the section 'challenge'.
For the provider configuration please consult the provider specific documentation.

E.g. PowerDNS setup:

      # 'Provider Constant' from
      provider: powerdns
      # Provider specific configuration
      key: mykey
      port: 8081
      api_version: v1

Get the desired certificates

docker run --rm -v /my/acme:/var/lib/acme cyon/acmetool-libcloud:latest

Get the desired certificates and show debug output

docker run --rm -v /my/acme:/var/lib/acme cyon/acmetool-libcloud:latest -- --xlog.severity=debug

Inspect certificates and keys

The live folder always contains all the certificates, chains and keys. A reissue of the certificate will update the certificate and chain files.

$ tree /my/acme/live/
> live/
> ├── cert
> ├── chain
> ├── fullchain
> ├── privkey -> ../../keys/s4cy32o8kaucxkb37k9kajkq7atof8x0/privkey
> └── url
> 0 directories, 5 files

Use a data volume container

If you want to share the certificates and keys between containers it's best to create a named Data Volume Container. The volume destination inside the container is '/var/lib/acme'.

Create a named data volume container

docker create --name acmetool cyon/acmetool-libcloud:latest echo "Data-only container for acmetool with libcloud hook"

Copy your configurations and desired setting into the volume

# Run once to create all the acmetool state folders
docker run --rm --volumes-from acmetool cyon/acmetool-libcloud:latest

docker cp responses acmetool:/var/lib/acme/conf/
docker cp acmetool:/var/lib/acme/desired/

Get the desired certificates

docker run --rm --volumes-from acmetool cyon/acmetool-libcloud:latest

Use certificate from a nginx container

docker run --volumes-from acmetool:ro --name nginx-with-acme-certs -d nginx
Docker Pull Command