diff --git a/Dockerfile b/Dockerfile index 8d44eb9..5e002e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine +FROM debian:buster-slim ARG BUILD_DATE @@ -10,21 +10,20 @@ LABEL maintainer="docker@aquaron.com" \ org.label-schema.url="https://certbot.eff.org" \ org.label-schema.vcs-url="https://github.com/aquaron/certbot" \ org.label-schema.vendor="aquaron" \ - org.label-schema.version="1.1" + org.label-schema.version="1.2" COPY data/runme.sh /usr/bin/runme.sh COPY data/cli.ini /etc/cli.ini -RUN apk add --no-cache bash git python3 python3-dev musl-dev libffi-dev openssl-dev gcc \ - && git clone https://github.com/certbot/certbot \ - && cd /certbot \ - && python3 setup.py install \ - && cd certbot-dns-google; python3 setup.py install; cd .. \ - && cd certbot-dns-digitalocean; python3 setup.py install; cd .. \ -# && cd certbot-dns-route53; python3 setup.py install; cd .. \ - && cd certbot-dns-linode; python3 setup.py install; cd .. \ - && apk del --purge git python3-dev musl-dev libffi-dev gcc \ - && rm -rf /core /var/cache/apk/* /certbot + +RUN apt update -q \ + && apt install -yq certbot \ + python3-certbot-dns-digitalocean \ + python3-certbot-dns-linode \ + python3-certbot-dns-google \ + python3-certbot-dns-route53 \ + && apt autoremove -qy \ + && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "runme.sh" ] CMD [ "help" ] diff --git a/data/runme.sh b/data/runme.sh index 321fa2d..7226134 100755 --- a/data/runme.sh +++ b/data/runme.sh @@ -46,9 +46,11 @@ Usage: docker run -t --rm -v $(green ""):/data aquaron/certbot [$(yel --dns - dns-01 challenge plugin (eg $(fade "digitalocean")) --email - Email address of maintainer (eg $(fade "me@example.com")) - -get - Get new certificate + -get - Get new wildcard certificate example.com & *.example.com + -single - Get a single certificate -renew - Renew all certificates -revoke - Revoke certificate and delete it + -clean - Remove letsencrypt directory (careful with this) -test - Use staging server instead of production -force - Toggles forcing of renewal (for both get/renew) @@ -84,14 +86,19 @@ conf_assert() { fi } -certbot_wildcard() { +certbot_get() { check_dns conf_assert 'HOST' + local _wildcard= + if [[ "$1" ]]; then + _wildcard="-d *.${_host}" + fi + local _host="${CONF[HOST]}" - hint "Create ${_host} wildcard certificate" - local _result=$(certbot certonly --config "${_CONFFILE}" -d "${_host}" -d "*.${_host}" 2>&1) + hint "Create ${_host} certificate(s)" + local _result=$(certbot certonly --config "${_CONFFILE}" -d "${_host}" ${_wildcard} 2>&1) case "${_result}" in *'Congratulations'*) @@ -121,6 +128,11 @@ certbot_renew() { hint "Renew certificates" local _result=$(certbot renew --config "${_CONFFILE}" 2>&1 | grep 'fullchain.pem ') + if [[ ! "${_result}" ]]; then + echo "$(red "ABORT:") Nothing to renew" + exit 1 + fi + local _success=$(echo "${_result}" | grep '(success)' | cut -d"/" -f 5 | paste -s -d" ") local _skipped=$(echo "${_result}" | grep '(skipped)' | cut -d"/" -f 5 | paste -s -d" ") @@ -142,13 +154,21 @@ certbot_revoke() { hint "Revoking ${_host}" local _result=$(certbot revoke --config ${_CONFFILE} --cert-path "${_path}" 2>&1) case "$_result" in - *'Congratulations'*) - echo "$(green "SUCCESS:") $_host certificate is revoked" - ;; + *'Congratulations'*) echo "$(green "SUCCESS:") $_host certificate is revoked" ;; + *) echo -e "$_result" ;; + esac +} - *) - echo -e "$_result" - ;; +certbot_delete() { + conf_assert 'HOST' + + local _host="${CONF[HOST]}" + + hint "Deleting ${_host}" + local _result=$(certbot delete --config ${_CONFFILE} --cert-name "${_host}" 2>&1) + case "$_result" in + *'Deleted'*) echo "$(green "SUCCESS:") $_host certificate is deleted" ;; + *) echo -e "$_result" ;; esac } @@ -249,8 +269,13 @@ while [[ $# -ge 1 ]]; do shift ;; - -clean|-test|-revoke|-renew|-force|-get|-verbose) + -clean|-test|-force|-verbose) + CONF[${_key#-}]=1 + ;; + + -revoke|-renew|-get|-single|-delete) CONF[${_key#-}]=1 + ACTION=1 ;; help) @@ -269,11 +294,13 @@ done setup_env -[[ "${CONF[get]}" ]] && certbot_wildcard +[[ "${CONF[get]}" ]] && certbot_get "wildcard" +[[ "${CONF[single]}" ]] && certbot_get [[ "${CONF[renew]}" ]] && certbot_renew [[ "${CONF[revoke]}" ]] && certbot_revoke +[[ "${CONF[delete]}" ]] && certbot_delete -if [[ ! "${CONF[get]}" ]] && [[ ! "${CONF[renew]}" ]] && [[ ! "${CONF[revoke]}" ]]; then +if [[ ! "ACTION" ]]; then echo "$(yellow "ABORT"): Nothing is done. Use $(yellow "-get")?" fi