certhub-docker-entry

Synopsis

/usr/local/lib/git-gau/docker-entry.d/60-acme-dns-registration

/usr/local/lib/git-gau/docker-entry.d/60-certbot-account

/usr/local/lib/git-gau/docker-entry.d/60-dehydrated-account

/usr/local/lib/git-gau/docker-entry.d/60-lego-account

Description

A collection of docker entrypoint scripts called by git-gau docker-entry via run-parts. Useful to setup preexisting ACME accounts from data passed into a container by environment variables.

Refer to git-gau-docker-entry(8) for more information on the entrypoint scripts shipping with git-gau. Note that for common use cases GAU_REPO should point to the certhub certificate repository.

Environment (acme-dns)

It is recommended to specify CERTHUB_ACME_DNS_REGISTRATION for a production setup when using joohoi/acme-dns.

CERTHUB_ACME_DNS_REGISTRATION

Contents of the JSON registration file as generated by goacmedns-register which is part of cpu/goacmedns. Note that more than one account can be registered/represented in a single JSON data structure.

CERTHUB_ACME_DNS_REGISTRATION_FILE

Full path to registration json file. Defaults to ${HOME}/acme-dns-registration.json.

Environment (Certbot)

It is recommended to specify CERTHUB_CERTBOT_ACCOUNT_ID, CERTHUB_CERTBOT_ACCOUNT_KEY, CERTHUB_CERTBOT_ACCOUNT_REGR and CERTHUB_CERTBOT_ACCOUNT_META for a production setup. The remaining variables can be ignored in most situations.

CERTHUB_CERTBOT_ACCOUNT_KEY

ACME account private key in JSON format used by certbot. If this variable is non-empty, its contents will be written to private_key.json in the respective accounts directory. Note that either CERTHUB_CERTBOT_ACCOUNT_ID or CERTHUB_CERTBOT_ACCOUNT_DIR is required if this variable is set.

CERTHUB_CERTBOT_ACCOUNT_REGR

ACME account registration information in JSON format used by certbot. If this variable is non-empty, its contents will be written to regr.json in the respective accounts directory. Note that either CERTHUB_CERTBOT_ACCOUNT_ID or CERTHUB_CERTBOT_ACCOUNT_DIR is required if this variable is set.

CERTHUB_CERTBOT_ACCOUNT_META

ACME account meta information in JSON format used by certbot. If this variable is non-empty, its contents will be written to meta.json in the respective accounts directory. Note that either CERTHUB_CERTBOT_ACCOUNT_ID or CERTHUB_CERTBOT_ACCOUNT_DIR is required if this variable is set.

CERTHUB_CERTBOT_ACCOUNT_ID

ACME account id as used by certbot to identify the account in the form of a 32 character long hex string. This is equivalent to the last component of an account directory path.

CERTHUB_CERTBOT_ACCOUNT_SERVER

ACME endpoint URL for the given account. Defaults to: https://acme-v02.api.letsencrypt.org/directory

CERTHUB_CERTBOT_CONFIG_DIR

Base directory for certbot configuration. Defaults to: /etc/letsencrypt.

CERTHUB_CERTBOT_ACCOUNT_DIR

Full path to an accounts directory. Defaults to a value computed from CERTHUB_CERTBOT_CONFIG_DIR, CERTHUB_CERTBOT_ACCOUNT_SERVER and CERTHUB_CERTBOT_ACCOUNT_ID.

Environment (Dehydrated, DEPRECATED)

Warning

certhub-dehydrated-run is deprecated, please switch to another ACME client.

It is recommended to specify CERTHUB_DEHYDRATED_ACCOUNT_KEY, CERTHUB_DEHYDRATED_ACCOUNT_REGR and CERTHUB_DEHYDRATED_ACCOUNT_ID for a production setup. The remaining variables can be ignored in most situations.

CERTHUB_DEHYDRATED_ACCOUNT_KEY

ACME account private key in PEM format used by dehydrated. If this variable is non-empty, its contents will be written to account_key.pem in the respective accounts directory.

CERTHUB_DEHYDRATED_ACCOUNT_REGR

ACME account registration information in JSON format used by dehydrated. If this variable is non-empty, its contents will be written to registration_info.json in the respective accounts directory. set.

CERTHUB_DEHYDRATED_ACCOUNT_ID

ACME account id information in JSON format used by dehydrated. If this variable is non-empty, its contents will be written to account_id.json in the respective accounts directory.

CERTHUB_DEHYDRATED_ACCOUNT_SERVER

ACME endpoint URL for the given account. Defaults to: https://acme-v02.api.letsencrypt.org/directory

CERTHUB_DEHYDRATED_CONFIG_DIR

Base directory for dehydrated configuration. Defaults to: /etc/dehydrated.

CERTHUB_DEHYDRATED_ACCOUNT_DIR

Full path to an accounts directory. Defaults to a value computed from CERTHUB_DEHYDRATED_CONFIG_DIR and CERTHUB_DEHYDRATED_ACCOUNT_SERVER.

Environment (Lego)

It is recommended to specify CERTHUB_LEGO_ACCOUNT_EMAIL CERTHUB_LEGO_ACCOUNT_KEY and CERTHUB_LEGO_ACCOUNT_CONF for a production setup. The remaining variables can be ignored in most situations.

CERTHUB_LEGO_ACCOUNT_KEY

ACME account private key in PEM format used by lego. If this variable is non-empty, its contents will be written to ${CERTHUB_LEGO_ACCOUNT_EMAIL}.key in the respective accounts directory. Note that either CERTHUB_LEGO_ACCOUNT_EMAIL or CERTHUB_LEGO_ACCOUNT_KEY_DIR/CERTHUB_LEGO_ACCOUNT_KEY_FILE are required if this variable is set.

CERTHUB_LEGO_ACCOUNT_CONF

ACME account registration information in JSON format used by lego. If this variable is non-empty, its contents will be written to account.json in the respective accounts directory. Note that either CERTHUB_LEGO_ACCOUNT_EMAIL or CERTHUB_LEGO_ACCOUNT_DIR/CERTHUB_LEGO_ACCOUNT_CONF_FILE are required if this variable is set.

CERTHUB_LEGO_ACCOUNT_EMAIL

ACME account email as used by lego to identify the account.

CERTHUB_LEGO_ACCOUNT_SERVER

ACME endpoint URL for the given account. Defaults to: https://acme-v02.api.letsencrypt.org/directory

CERTHUB_LEGO_DIR

Base directory for lego configuration. Defaults to: ${HOME}/.lego.

CERTHUB_LEGO_ACCOUNT_DIR

Full path to an accounts directory. Defaults to a value computed from CERTHUB_LEGO_DIR, CERTHUB_LEGO_ACCOUNT_SERVER and CERTHUB_LEGO_ACCOUNT_EMAIL.

CERTHUB_LEGO_ACCOUNT_CONF_FILE

Full path to an accounts config file. Defaults to a value computed from CERTHUB_LEGO_DIR, CERTHUB_LEGO_ACCOUNT_SERVER and CERTHUB_LEGO_ACCOUNT_EMAIL.

CERTHUB_LEGO_ACCOUNT_KEY_DIR

Full path to an accounts key directory. Defaults to a value computed from CERTHUB_LEGO_DIR, CERTHUB_LEGO_ACCOUNT_SERVER and CERTHUB_LEGO_ACCOUNT_EMAIL.

CERTHUB_LEGO_ACCOUNT_KEY_FILE

Full path to an accounts key file. Defaults to a value computed from CERTHUB_LEGO_DIR, CERTHUB_LEGO_ACCOUNT_SERVER and CERTHUB_LEGO_ACCOUNT_EMAIL.

See Also

git-gau-docker-entry(8),