xueshanf / docker-dehydrated-lexicon Goto Github PK

Forked from mlaihk/docker-dehydrated-Lexicon to update with latest dns-lexicon(3.1.7).

This project is designed to be a small docker to Create/Renew Let's Encrypt Certs by making use of the greate Dehydrated script by lukas2511 and Lexicon by AnalogJ. The image is based on Python:Alpine to make it as small as possible. It also borrowed from idea from csmith that the domains.txt will be monitor realtime for changes. The docker will need a volume /letsencrypt for storing app data and certs. It will also require the following environment variables for dehydrated and the normal environment variables for Lexicon:

EMAIL: <Your email passed to Let's Encrypt for notifications>
PROVIDER: <Designate provider for Lexicon>
LEXICON_<PROVIDER>USERNAME: <Username to use for Lexicon to connect to your DNS provider>
LEXICON<PROVIDER>TOKEN: <API Key from your DNS provider>
LEXICON<PROVIDER>_PASSWORD: <Account password for your DNS provider>
For example:
PROVIDER: cloudflare
LEXICON_CLOUDFLARE_USERNAME:[email protected]
LEXICON_CLOUDFLARE_TOKEN: asdf1231239182309af
Optional Environment Variable:
KEY_ALGO: {rsa|prime256v1|secp384r1}

This will tell dehydrated what algorithm to use for generating the private key. If not defined, will assume rsa for general cert issuance.

Create certs/letsencrypt/domains.txt file for domains that need Let's Encrypt certs.

Define the following environment variables. AWS_PROFILE will be used to pull AWS credentials and set LEXICON_ROUTE53_AUTH_ACCESS_KEY and LEXICON_ROUTE53_AUTH_ACCESS_SECRET in do_it.sh.

export EMAIL=<Your email passed to Let's Encrypt for notifications>
export AWS_PROFILE=<AWS configuration profile in ~/.aws/credentials>
export DOMAINS=<list of delegated domains>
./do_it