Public | Automated Build

Last pushed: a year ago
Short Description
Full Description


A docker image suitable for requesting new certificates from letsencrypt,
and storing them in a secret on kubernetes.

Available on docker hub as ployst/letsencrypt


To provide an application that owns certificate requesting and storing.

  • To serve acme requests to letsencrypt (given that you direct them to this
  • To regularly (monthly) ask for new certificates.
  • To store those new certificates in a secret on kubernetes.

Useful commands

Generate a new set of certs

Once this container is running you can generate new certificates using:

kubectl exec -it <pod> -- bash -c ' ./'

Save the set of certificates as a secret

kubectl exec -it <pod> -- bash -c ' ./'

Refresh the certificates

kubectl exec -it <pod> -- bash -c ' SECRET_NAME=foo DEPLOYMENTS=bar ./'

Environment variables:

  • EMAIL - the email address to obtain certificates on behalf of.
  • DOMAINS - a space separated list of domains to obtain a certificate for.
  • DEPLOYMENTS - a space separated list of deployments whose pods should be
    refreshed after a certificate save
  • SECRET_NAME - the name to save the secrets under
  • NAMESPACE - the namespace under which the secrets should be available
  • TYPE - the type of the secrets (default is Opaque)
  • CRON_FREQUENCY - the 5-part frequency of the cron job. Default is a random
    time in the range 0-59 0-23 1-27 * *
Docker Pull Command
Source Repository