Replies: 3 comments
-
I just ran into this. If you're using ZeroSSL, you have to pay for premium to get DNS-01 verification |
Beta Was this translation helpful? Give feedback.
-
I have the similar need and end up using acmesh-official/acme.sh, which allows you to deploy to docker containers. Here is my setup to use
services:
acme:
container_name: acme
image: neilpang/acme.sh:latest
restart: unless-stopped
command: daemon
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/acme/:/acme.sh/
environment:
DEPLOY_DOCKER_CONTAINER_LABEL: acme-deploy
nginx-proxy:
container_name: nginx-proxy
image: nginxproxy/nginx-proxy:1.5-alpine
restart: unless-stopped
ports:
# - 80:80
- 443:443
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./data/nginx-proxy/certs/:/etc/nginx/certs/
- ./data/nginx-proxy/vhost.d/:/etc/nginx/vhost.d/
labels: [acme-deploy]
#!/bin/bash
CONTAINER=acme
DOMAIN=example.com
# Set Let's Encrypt as the default CA.
docker exec $CONTAINER --set-default-ca --server letsencrypt
# Issue a new cert. Wildcard is supported.
docker exec \
-e [email protected] \
-e CF_Key=xxxxxxxxxx \
$CONTAINER --issue --dns dns_cf -d $DOMAIN -d *.$DOMAIN
# Deploy command tailored for nginx-proxy.
docker exec \
-e DEPLOY_DOCKER_CONTAINER_CA_FILE=/etc/nginx/certs/$DOMAIN.chain.pem \
-e DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE=/etc/nginx/certs/$DOMAIN.crt \
-e DEPLOY_DOCKER_CONTAINER_KEY_FILE=/etc/nginx/certs/$DOMAIN.key \
-e DEPLOY_DOCKER_CONTAINER_RELOAD_CMD='docker-gen /app/nginx.tmpl /etc/nginx/conf.d/default.conf && nginx -s reload' \
$CONTAINER --deploy --deploy-hook docker -d $DOMAIN Fill in your domain name, email and API key (or corresponding variables) for authentication, as described in How to use DNS API. docker exec \
-e AWS_ACCESS_KEY_ID=xxxxxxxxxx \
-e AWS_SECRET_ACCESS_KEY=xxxxxxxxxx \
$CONTAINER --issue --dns dns_aws -d $DOMAIN -d *.$DOMAIN You only have to run docker exec acme cat /var/spool/cron/crontabs/root It is not fully automatic like acme-companion, since you have to run issue and deploy command manually for once. |
Beta Was this translation helpful? Give feedback.
-
This feature will be added by #1137 |
Beta Was this translation helpful? Give feedback.
-
Hi, is DNS-01 support planned?
I wanted to do something similar to https://www.youtube.com/watch?v=qlcVx-k-02E (issuing SSL certificates for domains pointing to local IP addresses, without exposing any ports to the open internet) at my homelab.
Is there a way to issue DNS-01 based certificates currently when using nginx-proxy?
By the way, I'm using Cloudflare for my DNS.
Beta Was this translation helpful? Give feedback.
All reactions