From c33ac402cc49d528fba0b86bcd323bcf40666230 Mon Sep 17 00:00:00 2001 From: "Moritz.M" <57674787+MB175@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:48:39 +0000 Subject: [PATCH 1/4] add docker setup --- Dockerfile | 14 ++++++++++++++ examples/.env | 2 ++ examples/.gitignore | 1 + examples/docker-compose.yml | 28 +++++++++++++++++++++++++++ examples/readme.md | 38 +++++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 Dockerfile create mode 100644 examples/.env create mode 100644 examples/.gitignore create mode 100644 examples/docker-compose.yml create mode 100644 examples/readme.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..39b25d1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM python:3.11-slim AS builder + +RUN apt-get update && apt-get install -y git + +RUN git clone https://github.com/stackitcloud/certbot-dns-stackit.git /src +WORKDIR /src +RUN pip install --prefix=/install . + +FROM certbot/certbot:v3.3.0 + +COPY --from=builder /install /usr/local +WORKDIR /etc/letsencrypt + +ENTRYPOINT ["certbot"] diff --git a/examples/.env b/examples/.env new file mode 100644 index 0000000..68a59f2 --- /dev/null +++ b/examples/.env @@ -0,0 +1,2 @@ +DOMAIN=example.com +WILDCARD=*.example.com \ No newline at end of file diff --git a/examples/.gitignore b/examples/.gitignore new file mode 100644 index 0000000..44a0964 --- /dev/null +++ b/examples/.gitignore @@ -0,0 +1 @@ +*.ini \ No newline at end of file diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml new file mode 100644 index 0000000..ce1fe99 --- /dev/null +++ b/examples/docker-compose.yml @@ -0,0 +1,28 @@ +version: '3.8' + +services: + certbot: + build: + context: . + dockerfile: ../Dockerfile + container_name: certbot-stackit + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./stackit.ini:/stackit.ini:ro + entrypoint: certbot + command: > + certonly + --dns-stackit + --dns-stackit-credentials /stackit.ini + --dns-stackit-propagation-seconds 60 + -d "${WILDCARD}" -d "${DOMAIN}" + certbot-renew: + build: + context: . + dockerfile: ../Dockerfile + container_name: certbot-renew + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./stackit.ini:/stackit.ini:ro + entrypoint: certbot + command: renew \ No newline at end of file diff --git a/examples/readme.md b/examples/readme.md new file mode 100644 index 0000000..b9038e2 --- /dev/null +++ b/examples/readme.md @@ -0,0 +1,38 @@ +# Certbot with Stackit DNS Plugin (Docker Compose) + +- Custom Docker image: Based on certbot/certbot, with the Stackit DNS plugin installed. +- Docker Compose service to request wildcard certificates. + +--- +## πŸ“‚ Certificate File Structure + +``` +./letsencrypt/live// +β”œβ”€β”€ cert.pem # Your domain’s certificate +β”œβ”€β”€ chain.pem # The Let's Encrypt chain +β”œβ”€β”€ fullchain.pem # cert.pem + chain.pem (what you usually use) +β”œβ”€β”€ privkey.pem # Your private key +``` + + +## πŸ› οΈ Setup Instructions + + +### 1. Create a file named `stackit.ini` in the root directory: + +⚠️️️ Make sure the file is secure: (`chmod 600 stackit.ini`) +``` +dns_stackit_api_token = YOUR_API_TOKEN +dns_stackit_project_id = YOUR_PROJECT_ID +``` + +### 2. Set domain in `.env` file +``` +DOMAIN=example.com +WILDCARD=*.example.com +``` + +### 3. Run Certbot +``` +docker compose up certbot +``` \ No newline at end of file From da33e510b1ccb5b76167eb960db2df837d11c104 Mon Sep 17 00:00:00 2001 From: "Moritz.M" <57674787+MB175@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:54:01 +0000 Subject: [PATCH 2/4] docker --- Dockerfile | 17 ++++++++++------- examples/docker-compose.yml | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 39b25d1..5597c17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,17 @@ -FROM python:3.11-slim AS builder +FROM python:3.11-slim -RUN apt-get update && apt-get install -y git +RUN apt-get update && apt-get install -y \ + git \ + gcc \ + libffi-dev \ + libssl-dev \ + && rm -rf /var/lib/apt/lists/* -RUN git clone https://github.com/stackitcloud/certbot-dns-stackit.git /src -WORKDIR /src -RUN pip install --prefix=/install . +RUN pip install certbot -FROM certbot/certbot:v3.3.0 +RUN git clone https://github.com/stackitcloud/certbot-dns-stackit.git /opt/certbot-dns-stackit \ + && pip install /opt/certbot-dns-stackit -COPY --from=builder /install /usr/local WORKDIR /etc/letsencrypt ENTRYPOINT ["certbot"] diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml index ce1fe99..3396f3a 100644 --- a/examples/docker-compose.yml +++ b/examples/docker-compose.yml @@ -12,7 +12,7 @@ services: entrypoint: certbot command: > certonly - --dns-stackit + --authenticator dns-stackit --dns-stackit-credentials /stackit.ini --dns-stackit-propagation-seconds 60 -d "${WILDCARD}" -d "${DOMAIN}" From b960a0345d9790536b893a8946a60cd952326d66 Mon Sep 17 00:00:00 2001 From: "Moritz.M" <57674787+MB175@users.noreply.github.com> Date: Tue, 3 Jun 2025 10:13:27 +0000 Subject: [PATCH 3/4] docker --- examples/docker-compose.yml | 3 +++ examples/readme.md | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml index 3396f3a..a51ec1b 100644 --- a/examples/docker-compose.yml +++ b/examples/docker-compose.yml @@ -12,6 +12,9 @@ services: entrypoint: certbot command: > certonly + --agree-tos + --non-interactive + --email dns@${DOMAIN} --authenticator dns-stackit --dns-stackit-credentials /stackit.ini --dns-stackit-propagation-seconds 60 diff --git a/examples/readme.md b/examples/readme.md index b9038e2..1aaa218 100644 --- a/examples/readme.md +++ b/examples/readme.md @@ -35,4 +35,11 @@ WILDCARD=*.example.com ### 3. Run Certbot ``` docker compose up certbot +``` + +### 4. Cert permission + +The certs and the live folder will be `root:root`, in order to access them with your user +```bash +sudo chown -R $(id -u):$(id -g) ./letsencrypt ``` \ No newline at end of file From 183211fa4f283bbb4497c3e15bb8624bf4297c4e Mon Sep 17 00:00:00 2001 From: "Moritz.M" <57674787+MB175@users.noreply.github.com> Date: Tue, 3 Jun 2025 10:14:39 +0000 Subject: [PATCH 4/4] docker --- examples/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/readme.md b/examples/readme.md index 1aaa218..329dacf 100644 --- a/examples/readme.md +++ b/examples/readme.md @@ -22,7 +22,7 @@ ⚠️️️ Make sure the file is secure: (`chmod 600 stackit.ini`) ``` -dns_stackit_api_token = YOUR_API_TOKEN +dns_stackit_auth_token = YOUR_API_TOKEN dns_stackit_project_id = YOUR_PROJECT_ID ```