A script and Docker deployment for running a script for certbot registrations and renewals.
The bin/check.py
is a rudimentary script that wraps the
certbot
command with a defined list of domains to request certificates for.
This is configured to use the route53 plugin for registrations.
AWS credentials should be passed as environment variables with permission to maintain the verification records in route53.
In addition to the standard AWS credential environment variables, these should be defined for configuring the script:
-
DOMAINS
List of domains to retrieve certs for. This is a semi-colon delimited list of certificate sets separated by spaces. Whatever domains are separated by spaces will be a part of the same cert. Each set separated by semi-colons is a unique certificate.
Example:
DOMAINS="home.jbeard.dev *.home.jbeard.dev;jbeard.dev *.jbeard.dev"
-
EMAIL
E-mail address for Lets Encrypt
Example:
EMAIL="[email protected]"
This is deployed to Docker Swarm using the
deploy/docker-compose.yml
file. The deployment
runs crond
on the container with the deploy/crontab
to periodically run the bin/check.py
script.