willfarrell/letsencrypt
container to generate letsencrypt certs using dehydrated + lexicon
2.3K
container to generate letsencrypt certs using dehydrated + lexicon
Use to set your own defaults or overwrite in the command
FROM willfarrell/letsencrypt:latest
COPY config /etc/dehydrated/config
# Optional. Used to enable logging to file `/var/log/letsencrypt/runtime.log`.
LOG=TRUE
# defaults to `staging`, use `production` when ready.
LE_ENV=staging
# CSV list of domains
LE_DOMAIN=
# Only required if you plan to use dns-01 challenges (use for private services)
# CloudFlare example
PROVIDER=cloudflare
LEXICON_CLOUDFLARE_USERNAME=
LEXICON_CLOUDFLARE_TOKEN=
# Route 53 example
PROVIDER=route53
LEXICON_ROUTE53_ACCESS_KEY=
LEXICON_ROUTE53_ACCESS_SECRET=
docker build -t letsencrypt .
# private
docker run \
--env-file letsencrypt.env \
letsencrypt \
dehydrated \
--cron --accept-terms \
--domain letsencrypt.willfarrell.ca \
--hook dehydrated-dns \
--challenge dns-01 \
--force
# public
docker run -d \
--env-file letsencrypt.env \
letsencrypt \
dehydrated \
--cron --accept-terms \
--domain letsencrypt.willfarrell.ca \
--challenge http-01 \
--force
# reload nginx to see changes
Note the use of --hook dehydrated-dns
, dehydrated-dns is a script wrapper to call lexicon from dehydrated.
# private
docker run \
--volumes-from docker_nginx_1 \
--env-file letsencrypt.env \
willfarrell/letsencrypt \
dehydrated \
--cron --domain letsencrypt.willfarrell.ca \
--out /etc/ssl \
--hook dehydrated-dns \
--challenge dns-01
# public
docker run -d \
--volumes-from docker_nginx_1 \
--env-file letsencrypt.env \
willfarrell/letsencrypt \
dehydrated \
--cron --domain letsencrypt.willfarrell.ca \
--out /etc/ssl \
--challenge http-01
Also worth reading is Let's Encrypts document on certificate rate limits https://letsencrypt.org/docs/rate-limits/. In short you can generate 5 duplicate certificates per 7 days.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZonesByName"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/${HOSTED_ZONE_ID}"
]
}
]
}
Staging certificates are not natively trusted. If you'd like to prevent the security messages in the browser;
Fake LE Intermediate X1
.Applications
-> Utilities
-> Keychain Access
.Certificates
.fakeleintermediatex1.pem
into the window to add it.Fake LE Intermediate X1
.Trust
section, set When using this certificate
to Always Trust
.Update Settings
.There should now be a blue and white plus icon associated with the certificate. You may need to restart your browser before the change takes effect.
Fake LE Intermediate X1
.Install Profile
page. Click Install
.Install
, and Install
again.Done
.To view the certificate got to Settings
-> General
-> Profile
.
docker pull willfarrell/letsencrypt