Hi,

Thank you for all the work on this. Great resource.

I got it to work for me for a single domain but now I'd like to fully automate fetching certs for dynamic domains. I can figure out most of it but, any idea how to get the letsencrypt certonly command in fetch_certs.sh to run non-interactive? Perhaps there's a way to pass the answers to the prompts as parameters or a config file?

I checked the docs for it and remain confused.

Thank you!

Since Kubernetes release 1.2.0, Ingress resources are supporting TLS. It would be great if this image would be compatible with Ingress.

What needs to be done is to change secret data format to:

"data": {
   "tls.crt": "$CERT",
   "tls.key": "$KEY",
   "dhparam": "$DHPARAM"
 }

And response with 200 HTTP code when root URI (/) is requested (for health checks).

P.S. I will be happy to prepare a PR later today.

Since Kubernetes v1.2.0, Deployment is a recommended replacement for Replication Controllers. It would be great if this image added support for them.

Running the save_certs.sh script on a k8s kluster on v1.6.1 generated the following error after generating a DH param:

error: group map[apps:0xc820374b60 batch:0xc820374cb0 authentication.k8s.io:0xc820374f50 certificates.k8s.io:0xc8202d6620 federation:0xc820374a80 authorization.k8s.io:0xc820374bd0 autoscaling:0xc820374c40 componentconfig:0xc820374d20 extensions:0xc820374d90 policy:0xc820374e00 rbac.authorization.k8s.io:0xc820374e70 :0xc820374af0] is already registered
error: group map[authentication.k8s.io:0xc820376f50 federation:0xc820376a80 :0xc820376af0 autoscaling:0xc820376c40 batch:0xc820376cb0 componentconfig:0xc820376d20 policy:0xc820376e00 apps:0xc820376b60 authorization.k8s.io:0xc820376bd0 extensions:0xc820376d90 rbac.authorization.k8s.io:0xc820376e70] is already registered

Updating the version number of the kubectl install fixed the issue.

Someone already forked this repo and updated the version number:
https://github.com/z1nkum/docker-letsencrypt

The changes of that fork can be found here:
z1nkum@f9446b6

Not sure about the best approach here how to release/version number such an update. Just wanted to let you and others know this issue exists.

I get some error log when deploy on k8s

1. [error] 23#23: *15 "/etc/nginx/html/index.html" is not found (2: No such file or directory)

2. [17/Aug/2022:17:30:22 +0000] "GET /.well-known/acme-challenge/ HTTP/1.1" 403 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.136 Safari/537.36" "-"`

3. kubectl exec -it letsencrypt-helper-deployment-7857c9c849-fdfkn -- bash -c '[email protected] DOMAINS=mailserver.[mydomain].vn ./fetch_certs.sh'

W0818 00:49:02.397107  786577 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fd8b72d2350>: Failed to establish a new connection: [Errno -2] Name or service not known',))
Please see the logfiles in /var/log/letsencrypt for more details.
command terminated with exit code

I'm testing out the new release: 0.3.0. I ran ./refresh_certs.sh and it asked me to share my email:

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:

This is going to cause scheduled jobs to fail. Recommend using the --non-interactive flag, as described here.

Hello! Thanks so much for making this.

Unfortunately, I've been getting this error whenever I try to run ./refresh_certs.sh:

Mon Oct 16 21:56:57 UTC 2017 Fetching certs...
/letsencrypt/fetch_certs.sh: line 23: /usr/local/bin/letsencrypt: No such file or directory

What's strange is that, if I go to /usr/local/bin and run ls, I get

kubectl  letsencrypt 

However, if I try run cd or cat on letsencrypt, I get the same No such file or directory error

Any help or advice would be really appreciated!

Certbot is outdated.

Console logs:

Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555

In the logs I see:

no crontab for root

on startup. Using ployst/docker-letsencrypt:0.0.7. Is that benign?