~sirn/docker-dehydrated-lexicon

Simple wrapper around dehydrated and lexicon (and snooze)
Actually use the correct S6 dist file
Actually enable multibuild
Enable multi-arch build

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~sirn/docker-dehydrated-lexicon
read/write
git@git.sr.ht:~sirn/docker-dehydrated-lexicon

You can also use your local clone with git send-email.

#Dehydrated Lexicon

Simple wrapper around dehydrated and lexicon, with periodic certificate renewal using snooze

#Usage

Prepare data directory and domain to request cert:

$ mkdir -p data
$ echo example.com > data/domains.txt

Request certificate:

$ podman run -v ./data:/data --rm -it \
    -e PROVIDER=gandi \
    -e LEXICON_GANDI_AUTH_TOKEN=example \
    -e LEXICON_GANDI_API_PROTOCOL=rest \
    docker.io/sirn/dehydrated-lexicon:latest

#Renewal Hook

It is possible to run renewal hook by placing a shell script inside /data/renew.d, e.g.

$ mkdir -p ./data/renew.d
$ cat <<EOF | tee ./data/renew.d/00-insecure-permissions
#!/bin/sh
echo "Using insecure permissions"
chmod 0644 "\$KEYFILE" "\$CERTFILE" "\$CHAINFILE" "\$FULLCHAINFILE" "\$FULLBUNDLE"
chmod 0755 "\$DIRNAME"
EOF

#Note

In addition to standard dehydrated certificate files, this wrapper will also create another file called fullbundle.pem in the certificate directory. This file can be used directly with Hitch, HAProxy, or other applications that require a combined private key and certificates in a single file.