certbot service

A script and Docker deployment for running a script for certbot registrations and renewals.

Usage

The bin/check.py is a rudimentary script that wraps the certbot command with a defined list of domains to request certificates for. This is configured to use the route53 plugin for registrations.

Configuration

AWS credentials should be passed as environment variables with permission to maintain the verification records in route53.

In addition to the standard AWS credential environment variables, these should be defined for configuring the script:

• DOMAINS

  List of domains to retrieve certs for. This is a semi-colon delimited list of certificate sets separated by spaces. Whatever domains are separated by spaces will be a part of the same cert. Each set separated by semi-colons is a unique certificate.

  Example: DOMAINS="home.jbeard.dev *.home.jbeard.dev;jbeard.dev *.jbeard.dev"

• EMAIL

  E-mail address for Lets Encrypt

  Example: EMAIL="[email protected]"

Deployment

This is deployed to Docker Swarm using the deploy/docker-compose.yml file. The deployment runs crond on the container with the deploy/crontab to periodically run the bin/check.py script.