Use packages in Debian instead of trying to compile source in Alpine

aquaron · Oct 30, 2020 · ebc4d23 · ebc4d23
1 parent ada67dc
commit ebc4d23
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 25 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine
+FROM debian:buster-slim
 
 ARG BUILD_DATE
 
@@ -10,21 +10,20 @@ LABEL maintainer="docker@aquaron.com" \
  org.label-schema.url="https://certbot.eff.org" \
  org.label-schema.vcs-url="https://github.com/aquaron/certbot" \
  org.label-schema.vendor="aquaron" \
- org.label-schema.version="1.1"
+ org.label-schema.version="1.2"
 
 COPY data/runme.sh /usr/bin/runme.sh
 COPY data/cli.ini /etc/cli.ini
 
-RUN apk add --no-cache bash git python3 python3-dev musl-dev libffi-dev openssl-dev gcc \
- && git clone https://github.com/certbot/certbot \
- && cd /certbot \
- && python3 setup.py install \
- && cd certbot-dns-google; python3 setup.py install; cd .. \
- && cd certbot-dns-digitalocean; python3 setup.py install; cd .. \
-# && cd certbot-dns-route53; python3 setup.py install; cd .. \
- && cd certbot-dns-linode; python3 setup.py install; cd .. \
- && apk del --purge git python3-dev musl-dev libffi-dev gcc \
- && rm -rf /core /var/cache/apk/* /certbot
+
+RUN apt update -q \
+ && apt install -yq certbot \
+    python3-certbot-dns-digitalocean \
+    python3-certbot-dns-linode \
+    python3-certbot-dns-google \
+    python3-certbot-dns-route53 \
+ && apt autoremove -qy \
+ && rm -rf /var/lib/apt/lists/*
 
 ENTRYPOINT [ "runme.sh" ]
 CMD [ "help" ]
diff --git a/data/runme.sh b/data/runme.sh
@@ -46,9 +46,11 @@ Usage: docker run -t --rm -v $(green "<local-dir>"):/data aquaron/certbot [$(yel
    --dns    - dns-01 challenge plugin (eg $(fade "digitalocean"))
    --email  - Email address of maintainer (eg $(fade "me@example.com"))
 
-   -get     - Get new certificate
+   -get     - Get new wildcard certificate example.com & *.example.com
+   -single  - Get a single certificate
    -renew   - Renew all certificates
    -revoke  - Revoke certificate and delete it
+
    -clean   - Remove letsencrypt directory (careful with this)
    -test    - Use staging server instead of production
    -force   - Toggles forcing of renewal (for both get/renew)
@@ -84,14 +86,19 @@ conf_assert() {
     fi
 }
 
-certbot_wildcard() {
+certbot_get() {
     check_dns
     conf_assert 'HOST'
 
+    local _wildcard=
+    if [[ "$1" ]]; then
+        _wildcard="-d *.${_host}"
+    fi
+
     local _host="${CONF[HOST]}"
 
-    hint "Create ${_host} wildcard certificate"
-    local _result=$(certbot certonly --config "${_CONFFILE}" -d "${_host}" -d "*.${_host}" 2>&1)
+    hint "Create ${_host} certificate(s)"
+    local _result=$(certbot certonly --config "${_CONFFILE}" -d "${_host}" ${_wildcard} 2>&1)
 
     case "${_result}" in
         *'Congratulations'*)
@@ -121,6 +128,11 @@ certbot_renew() {
     hint "Renew certificates"
 
     local _result=$(certbot renew --config "${_CONFFILE}" 2>&1 | grep 'fullchain.pem ')
+    if [[ ! "${_result}" ]]; then
+        echo "$(red "ABORT:") Nothing to renew"
+        exit 1
+    fi
+
     local _success=$(echo "${_result}" | grep '(success)' | cut -d"/" -f 5 | paste -s -d" ")
     local _skipped=$(echo "${_result}" | grep '(skipped)' | cut -d"/" -f 5 | paste -s -d" ")
 
@@ -142,13 +154,21 @@ certbot_revoke() {
     hint "Revoking ${_host}"
     local _result=$(certbot revoke --config ${_CONFFILE} --cert-path "${_path}" 2>&1)
     case "$_result" in
-        *'Congratulations'*)
-            echo "$(green "SUCCESS:") $_host certificate is revoked"
-            ;;
+        *'Congratulations'*) echo "$(green "SUCCESS:") $_host certificate is revoked" ;;
+        *) echo -e "$_result" ;;
+    esac
+}
 
-        *)
-            echo -e "$_result"
-            ;;
+certbot_delete() {
+    conf_assert 'HOST'
+
+    local _host="${CONF[HOST]}"
+
+    hint "Deleting ${_host}"
+    local _result=$(certbot delete --config ${_CONFFILE} --cert-name "${_host}" 2>&1)
+    case "$_result" in
+        *'Deleted'*) echo "$(green "SUCCESS:") $_host certificate is deleted" ;;
+        *) echo -e "$_result" ;;
     esac
 }
 
@@ -249,8 +269,13 @@ while [[ $# -ge 1 ]]; do
             shift
             ;;
 
-        -clean|-test|-revoke|-renew|-force|-get|-verbose)
+        -clean|-test|-force|-verbose)
+            CONF[${_key#-}]=1
+            ;;
+
+        -revoke|-renew|-get|-single|-delete)
             CONF[${_key#-}]=1
+            ACTION=1
             ;;
 
         help)
@@ -269,11 +294,13 @@ done
 
 setup_env
 
-[[ "${CONF[get]}" ]] && certbot_wildcard
+[[ "${CONF[get]}" ]] && certbot_get "wildcard"
+[[ "${CONF[single]}" ]] && certbot_get
 [[ "${CONF[renew]}" ]] && certbot_renew
 [[ "${CONF[revoke]}" ]] && certbot_revoke
+[[ "${CONF[delete]}" ]] && certbot_delete
 
-if [[ ! "${CONF[get]}" ]] && [[ ! "${CONF[renew]}" ]] && [[ ! "${CONF[revoke]}" ]]; then
+if [[ ! "ACTION" ]]; then
     echo "$(yellow "ABORT"): Nothing is done. Use $(yellow "-get")?"
 fi