diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5597c17 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +FROM python:3.11-slim + +RUN apt-get update && apt-get install -y \ + git \ + gcc \ + libffi-dev \ + libssl-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN pip install certbot + +RUN git clone https://github.com/stackitcloud/certbot-dns-stackit.git /opt/certbot-dns-stackit \ + && pip install /opt/certbot-dns-stackit + +WORKDIR /etc/letsencrypt + +ENTRYPOINT ["certbot"] diff --git a/examples/.env b/examples/.env new file mode 100644 index 0000000..68a59f2 --- /dev/null +++ b/examples/.env @@ -0,0 +1,2 @@ +DOMAIN=example.com +WILDCARD=*.example.com \ No newline at end of file diff --git a/examples/.gitignore b/examples/.gitignore new file mode 100644 index 0000000..44a0964 --- /dev/null +++ b/examples/.gitignore @@ -0,0 +1 @@ +*.ini \ No newline at end of file diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml new file mode 100644 index 0000000..a51ec1b --- /dev/null +++ b/examples/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3.8' + +services: + certbot: + build: + context: . + dockerfile: ../Dockerfile + container_name: certbot-stackit + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./stackit.ini:/stackit.ini:ro + entrypoint: certbot + command: > + certonly + --agree-tos + --non-interactive + --email dns@${DOMAIN} + --authenticator dns-stackit + --dns-stackit-credentials /stackit.ini + --dns-stackit-propagation-seconds 60 + -d "${WILDCARD}" -d "${DOMAIN}" + certbot-renew: + build: + context: . + dockerfile: ../Dockerfile + container_name: certbot-renew + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./stackit.ini:/stackit.ini:ro + entrypoint: certbot + command: renew \ No newline at end of file diff --git a/examples/readme.md b/examples/readme.md new file mode 100644 index 0000000..329dacf --- /dev/null +++ b/examples/readme.md @@ -0,0 +1,45 @@ +# Certbot with Stackit DNS Plugin (Docker Compose) + +- Custom Docker image: Based on certbot/certbot, with the Stackit DNS plugin installed. +- Docker Compose service to request wildcard certificates. + +--- +## πŸ“‚ Certificate File Structure + +``` +./letsencrypt/live// +β”œβ”€β”€ cert.pem # Your domain’s certificate +β”œβ”€β”€ chain.pem # The Let's Encrypt chain +β”œβ”€β”€ fullchain.pem # cert.pem + chain.pem (what you usually use) +β”œβ”€β”€ privkey.pem # Your private key +``` + + +## πŸ› οΈ Setup Instructions + + +### 1. Create a file named `stackit.ini` in the root directory: + +⚠️️️ Make sure the file is secure: (`chmod 600 stackit.ini`) +``` +dns_stackit_auth_token = YOUR_API_TOKEN +dns_stackit_project_id = YOUR_PROJECT_ID +``` + +### 2. Set domain in `.env` file +``` +DOMAIN=example.com +WILDCARD=*.example.com +``` + +### 3. Run Certbot +``` +docker compose up certbot +``` + +### 4. Cert permission + +The certs and the live folder will be `root:root`, in order to access them with your user +```bash +sudo chown -R $(id -u):$(id -g) ./letsencrypt +``` \ No newline at end of file