public
/
docker-letsencrypt-lexicon
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Obtains certificates from Let's Encrypt, using Lexicon to answer DNS-based challenges
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
Tree: 0ceb712043
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ceb712043'
${ noResults }
Chris Smith 0ceb712043
Update lexicon, switch to python 3, move hook. 		6 years ago
Dockerfile Update lexicon, switch to python 3, move hook. 6 years ago
LICENCE Rebase onto letsencrypt-generic. 8 years ago
README.md Initial version 8 years ago
hook.sh Update lexicon, switch to python 3, move hook. 6 years ago

README.md

Let’s Encrypt Lexicon Service

This container uses the awesome Lexicon library with letsencrypt.sh to automatically obtain SSL certs from Let’s Encrypt.

Multiple domains, as well as SANs, are supported. Certificates will be renewed automatically, and obtained automatically as soon as new domains are added.

Usage

Defining domains

The container defines one volume at /letsencrypt, and expects there to be a list of domains in /letsencrypt/domains.txt. Certificates are output to /letsencrypt/certs/{domain}.

domains.txt should contain one line per certificate. If you want alternate names on the cert, these should be listed after the primary domain. e.g.

example.com www.example.com
admin.example.com

This will request two certificates: one for example.com with a SAN of www.example.com, and a separate one for admin.example.com.

The container uses inotify to monitor the domains.txt file for changes, so you can update it while the container is running and changes will be automatically applied.

DNS providers

To verify that you own the domain, a TXT record needs to be automatically created for it. The Lexicon library handles this, and comes with support for a variety of providers including CloudFlare, EasyDNS, DigitalOcean and Vultr.

Lexicon takes its configuration from environment variables. For full instructions, see its README.

To configure Lexicon to update DNS hosted by CloudFlare, for example, you would pass in:

docker run ... \
  -e "PROVIDER=cloudflare" \
  -e "LEXICON_CLOUDFLARE_USERNAME=email@address.com" \
  -e "LEXICON_CLOUDFLARE_TOKEN=api-key-here"

Other configuration

For testing purposes, you can set the STAGING environment variable to a non-empty value. This will use the Let’s Encrypt staging server, which has much more relaxed limits.

You should pass in a contact e-mail address by setting the EMAIL env var. This is passed on to Let’s Encrypt, and may be used for important service announcements.

Running

Here’s a full worked example:

# The directory we'll use to store the domain list and certificates.
# You could use a docker volume instead.
mkdir /tmp/letsencrypt
echo "domain.com www.domain.com" > /tmp/letsencrypt/domains.txt

docker run -d --restart=always \
  -e "EMAIL=admin@domain.com" \
  -e "STAGING=true" \
  -e "PROVIDER=cloudflare" \
  -e "LEXICON_CLOUDFLARE_USERNAME=email@address.com" \
  -e "LEXICON_CLOUDFLARE_TOKEN=api-key-here" \
  -v /tmp/letsencrypt:/letsencrypt \
  csmith/letsencrypt-lexicon:latest