Skip to content

leodrivera/docker-letsencrypt

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

51 Commits
.github/workflows
.github/workflows
ย 
ย 
scripts
scripts
ย 
ย 
.dockerignore
.dockerignore
ย 
ย 
.gitignore
.gitignore
ย 
ย 
Dockerfile
Dockerfile
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
docker-compose.yml
docker-compose.yml
ย 
ย 

Repository files navigation

Let's Encrypt for Duck DNS

Build Status Docker Pulls Docker Stars Docker Image Size (latest by date) Docker Image Version (latest by date)

Automatically generates Let's Encrypt certificates using a lightweight Docker container without requiring any ports to be exposed for DNS challenges.

Environment Variables

  • DUCKDNS_TOKEN: Duck DNS account token (obtained from Duck DNS) (required)
  • DUCKDNS_DOMAIN: Full Duck DNS domain (e.g. test.duckdns.org) (required)
  • PKCS12_PASSWORD: password to be used when exporting the pkcs12 certificate (optional, default: '')
  • LETSENCRYPT_DOMAIN: Domain to generate SSL cert for. By default the SSL certificate is generated for DUCKDNS_DOMAIN (optional)
  • LETSENCRYPT_WILDCARD: true or false, indicating whether the SSL certificate should be for subdomains only of LETSENCRYPT_DOMAIN (i.e. *.test.duckdns.org), or for the main domain only (i.e. test.duckdns.org) (optional, default: false)
  • LETSENCRYPT_EMAIL: Email used for certificate renewal notifications (optional)
  • LETSENCRYPT_CHAIN: Preferred certificate chain (e.g. ISRG Root X1, see https://letsencrypt.org/certificates for more details) (optional)
  • TESTING: true or false, indicating whether a staging SSL certificate should be generated or not (optional, default: false)
  • UID: User ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)
  • GID: Group ID to apply to Let's Encrypt files generated (optional, recommended, default: 0 - root)

Notes

  • The DUCKDNS_DOMAIN should already be pointing to the server with a dynamic IP. The maksimstojkovic/duckdns image can be used to automatically update the IP address.
  • The format of DUCKDNS_DOMAIN should be <subdomain>.duckdns.org, regardless of the value of LETSENCRYPT_WILDCARD.
  • To use LETSENCRYPT_DOMAIN feature, the following DNS records need to be created for ACME authentication (records should not be proxied):
Type Name Value Condition
CNAME *.<LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == true
CNAME <LETSENCRYPT_DOMAIN> <DUCKDNS_DOMAIN> LETSENCRYPT_WILDCARD == false
CNAME _acme-challenge.<LETSENCRYPT_DOMAIN> _acme-challenge.<DUCKDNS_DOMAIN>

Volumes

  • <certs>:/etc/letsencrypt: A named or host volume which allows SSL certificates to persist and be accessed by other containers

Note: To use the <certs> host volume in another container, mount it as read-only for those containers. The <certs> host volume should be read-write enabled for the Letsencrypt container.

About

๐Ÿ“œ Automatic SSL Certificate Generation for Duck DNS Domains

hub.docker.com/repository/docker/leodrivera/letsencrypt

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 91.1%
  • Dockerfile 8.9%