Dockerized Lego with cron. Caters to DNS ACME challenge; other challenges can be worked out using LEGO_ARGS.
Environment variables are used to control various steps of the automation process.
| Name | Default value | Description | Corresponds to lego argument |
|---|---|---|---|
STAGING |
0 |
Whether to use production or staging LetsEncrypt endpoint. 0 for production, 1 for staging | |
KEY_TYPE |
ec384 |
Type of key. | --key-type |
DOMAINS |
"" |
Domains (delimited by ';' ) | --domains, -d |
EMAIL_ADDRESS |
"" |
Email used for registration and recovery contact. | --email, -m |
PROVIDER |
"" |
DNS Provider. Valid values are:edgedns,alidns,allinkl,lightsail,route53,arvancloud,auroradns,autodns,azure,azuredns,bindman,bluecat,brandit,bunny,checkdomain,civo,cloudru,clouddns,cloudflare,cloudns,cloudxns,conoha,constellix,corenetworks,cpanel,derak,desec,designate,digitalocean,directadmin,dnsmadeeasy,dnshomede,dnsimple,dnspod,dode,domeneshop,dreamhost,duckdns,dyn,dynu,easydns,efficientip,epik,exoscale,exec,freemyip,gcore,gandi,gandiv5,glesys,godaddy,gcloud,googledomains,hetzner,hostingde,hosttech,httpreq,httpnet,huaweicloud,hurricane,hyperone,ibmcloud,iijdpf,infoblox,infomaniak,iij,internetbs,inwx,ionos,ipv64,iwantmyname,joker,acme-dns,liara,limacity,linode,liquidweb,loopia,luadns,mailinabox,manageengine,manual,metaname,mijnhost,mittwald,myaddr,mydnsjp,mythicbeasts,namedotcom,namecheap,namesilo,nearlyfreespeech,netcup,netlify,nicmanager,nifcloud,njalla,nodion,ns1,otc,oraclecloud,ovh,plesk,porkbun,pdns,rackspace,rainyun,rcodezero,regru,regfish,rfc2136,rimuhosting,sakuracloud,scaleway,selectel,selectelv2,selfhostde,servercow,shellrent,simply,sonic,spaceship,stackpath,technitium,tencentcloud,timewebcloud,transip,safedns,ultradns,variomedia,vegadns,vercel,versio,vinyldns,vkcloud,volcengine,vscale,vultr,webnames,websupport,wedos,westcn,yandex360,yandexcloud,yandex,zoneee,zonomi |
--dns |
DNS_TIMEOUT |
10 |
Set the DNS timeout value to a specific value in seconds. | --dns-timeout. |
LEGO_ARGS |
"" |
Send arguments directly to lego, e.g. "--dns.disable-cp" or "--dns.resolvers 1.1.1.1" |
You can mount a shell script to /app/hook.sh to run whenever a cert is issued. This image comes with bash/curl/wget/jq preinstalled.
This example get one certificate for *.example.com and example.com using cloudflare dns :
- Use staging endpoint during development.
services:
lego:
image: brahmadev/acme-lego-cron:latest
environment:
STAGING: 1
DOMAINS: "example.com;*.example.com"
EMAIL_ADDRESS: [email protected]
CLOUDFLARE_DNS_API_TOKEN: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PROVIDER: cloudflare
LEGO_ARGS: "--dns.disable-cp --dns.resolvers 1.1.1.1"
volumes:
- ./letsencrypt:/letsencryptWith hook: Check hook.sh for an example.
services:
nginx:
container_name: nginx01
image: nginx:alpine
ports:
- mode: host
published: 443
target: 443
- mode: host
published: 80
target: 80
volumes:
- ./html/:/var/www/html
- ./nginx-example.conf:/etc/nginx/conf.d/default.conf
- "./letsencrypt:/letsencrypt"
lego:
image: brahmadev/acme-lego-cron:latest
environment:
STAGING: 1
DOMAINS: "example.com;*.example.com"
EMAIL_ADDRESS: [email protected]
CLOUDFLARE_DNS_API_TOKEN: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PROVIDER: cloudflare
LEGO_ARGS: "--dns.disable-cp --dns.resolvers 1.1.1.1"
volumes:
- ./hook.sh:/app/hook.sh
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt