Public | Automated Build

Last pushed: a year ago
Short Description
:cow: Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA
Full Description

Let's Encrypt Certificate Manager for Rancher

A Rancher service that obtains free SSL/TLS certificates from the Let's Encrypt CA, adds them to Rancher's certificate store and manages renewal and propagation of updated certificates to load balancers.

Requirements

  • Rancher Server >= v0.63.0
  • Existing account with one of the supported DNS providers:
    • AWS Route 53
    • CloudFlare
    • DigitalOcean
    • DNSimple
    • Dyn
    • Namecheap

How to use

This application is distributed via the Rancher Community Catalog.

Enable the Community Catalog under Admin => Settings in the Rancher UI.
Then find the Let's Encrypt template in the Catalog section of the UI and follow the instructions.

Provider specific usage

AWS Route 53

The following IAM policy describes the minimum permissions required to run rancher-letsencrypt using AWS Route 53 for domain authorization.
Replace <HOSTED_ZONE_ID> with the ID of the hosted zone that encloses the domain(s) for which you are going to obtain certificates. You may use a wildcard (*) in place of the ID to make this policy work with all of the hosted zones associated with an AWS account.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:GetChange",
                "route53:ListHostedZonesByName"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource": [
                "arn:aws:route53:::hostedzone/<HOSTED_ZONE_ID>"
            ]
        }
    ]
}

Namecheap

Namecheap requires all IP addresses from which you call it's API to be whitelisted. Make sure to grant API access to the host running rancher-letsencrypt by navigating to "Manage Profile" => "API Access" in your Namecheap account.
Be aware that Namecheap can be slow to propagate DNS changes (up to 60 minutes). This may slow down the process of creating certificates significantly.

Building the image

make build && make image

Contributions

PR's welcome!

Docker Pull Command
Owner
tristandb
Source Repository

Comments (0)