mehdi-mac/certbot-docker-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First commit.

Browse Source
This commit is contained in:
Mehdi (OSX) 2023-11-22 15:31:57 +05:00
parent 76864988bb
commit 59b920e8b9
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
generate-certs.sh
View File

@ -1,19 +1,26 @@
#!/bin/bash
#CONFIG:
#using dry_run, certificates are not actually generated, instead it will only do test run.
#Remember that if you build certificates (dry_run=false) then don't keep on doing it in short interval (more than 5in a day), as otherwise certbot might apply rate limits on further usages.
dry_run=true
cloudflare_token='' #Create it from Cloudflare, and limit it the DNZ zone of your domain.
#Create it from Cloudflare, and limit it the DNZ zone of your domain.
cloudflare_token=''
live_certs_dir="certs/live/test.com"; #Script will check this directory for empty, to determine to create or renew ssl certificates.
#Script will check this directory for empty, to determine to create or renew ssl certificates.
live_certs_dir="certs/live/test.com";
#-d test.com, -d *.test.com means certificate for: test.com and it's wildcard subdomains.
#Only 1 certificate will be generated, regardless of number of subdomains provided here.
new_ssl_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare certonly #dry_run_arg# --dns-cloudflare --dns-cloudflare-credentials /certbot-cloudflare -d test.com -d \*.test.com --preferred-challenges dns-01 --preferred-chain 'ISRG Root X1' --non-interactive --dns-cloudflare-propagation-seconds 20 --agree-tos --email w3goodies.com@gmail.com";
#domains cant be changed in renewal. If you want to change, then clear certs/* folder and regenerate certificates.
renew_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare renew #dry_run_arg# --non-interactive --agree-tos --email w3goodies.com@gmail.com --no-random-sleep-on-renew"
post_hook="docker-compose restart nginx" #posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time).
#posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time).
post_hook="docker-compose restart nginx"
#END CONFIG