25 lines
1.7 KiB
Bash
25 lines
1.7 KiB
Bash
#using dry_run, certificates are not actually generated, instead it will only do test run.
|
|
#Remember that if you build certificates (dry_run=false) then DON'T keep on doing it in short interval (more than 5in a day), as otherwise certbot might apply rate limits on further usages.
|
|
dry_run=true
|
|
|
|
#Create token from Cloudflare API tokens page, and limit it the DNZ zone of your domain.
|
|
cloudflare_token=''
|
|
|
|
#Set location for certificates to store in.
|
|
certs_dir="../certs/"
|
|
|
|
#Script will create certificate for domain.com and as well as *.domain.com (wildcard)
|
|
domain="test.com"
|
|
|
|
#Email to receive expiration notices or other mails from certbot
|
|
email="w3goodies.com@gmail.com"
|
|
|
|
#Generate certificates using this command.
|
|
#Script will generate certificate for domain.com and as well as *.domain.com (wildcard)
|
|
new_ssl_command="docker run --rm -v #certs_dir#:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare certonly #dry_run_arg# #domain_arg# --dns-cloudflare --dns-cloudflare-credentials /certbot-cloudflare --preferred-challenges dns-01 --preferred-chain 'ISRG Root X1' --non-interactive --dns-cloudflare-propagation-seconds 20 --agree-tos #email_arg#";
|
|
|
|
#domains cant be changed in renewal. If you want to change, then clear certs/* folder and regenerate certificates.
|
|
renew_command="docker run --rm -v #certs_dir#:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare renew #dry_run_arg# --non-interactive --agree-tos --email w3goodies.com@gmail.com --no-random-sleep-on-renew"
|
|
|
|
#posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time).
|
|
post_hook="echo 'dummy post hook result'" |