{"id":15051018,"url":"https://github.com/joseluisq/docker-lets-encrypt","last_synced_at":"2026-02-15T22:32:44.719Z","repository":{"id":229088311,"uuid":"775726549","full_name":"joseluisq/docker-lets-encrypt","owner":"joseluisq","description":"A multi-arch Let's Encrypt Docker image using Lego CLI client with convenient environment variables and auto-renewal support.","archived":false,"fork":false,"pushed_at":"2024-04-07T14:26:47.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-11T22:58:00.157Z","etag":null,"topics":["acme","acme-client","auto-renewal","certificate","crontab","debian-linux","dns","docker-image","lego","lets-encrypt","security","tls-certificate"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/joseluisq/docker-lets-encrypt","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joseluisq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-21T23:36:03.000Z","updated_at":"2024-09-24T22:01:04.000Z","dependencies_parsed_at":"2024-03-22T01:26:56.439Z","dependency_job_id":"7b74dbdc-8f16-4db0-8969-4ec6ab44502a","html_url":"https://github.com/joseluisq/docker-lets-encrypt","commit_stats":{"total_commits":9,"total_committers":1,"mean_commits":9.0,"dds":0.0,"last_synced_commit":"fa4afbd664aa15fccc483afab111002d9a4bf283"},"previous_names":["joseluisq/docker-lets-encrypt"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/joseluisq/docker-lets-encrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joseluisq%2Fdocker-lets-encrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joseluisq%2Fdocker-lets-encrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joseluisq%2Fdocker-lets-encrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joseluisq%2Fdocker-lets-encrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joseluisq","download_url":"https://codeload.github.com/joseluisq/docker-lets-encrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joseluisq%2Fdocker-lets-encrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29490898,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T19:29:10.908Z","status":"ssl_error","status_checked_at":"2026-02-15T19:29:10.419Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-client","auto-renewal","certificate","crontab","debian-linux","dns","docker-image","lego","lets-encrypt","security","tls-certificate"],"created_at":"2024-09-24T21:30:28.836Z","updated_at":"2026-02-15T22:32:44.703Z","avatar_url":"https://github.com/joseluisq.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker Let's Encrypt \n\n\u003ca href=\"https://github.com/joseluisq/docker-lets-encrypt/actions/workflows/devel.yml\" title=\"devel ci\"\u003e\u003cimg src=\"https://github.com/joseluisq/docker-lets-encrypt/actions/workflows/devel.yml/badge.svg?branch=master\"\u003e\u003c/a\u003e \n\u003ca href=\"https://hub.docker.com/r/joseluisq/docker-lets-encrypt/\" title=\"Docker Image Version (tag latest semver)\"\u003e\u003cimg src=\"https://img.shields.io/docker/v/joseluisq/docker-lets-encrypt/latest\"\u003e\u003c/a\u003e \n\u003ca href=\"https://hub.docker.com/r/joseluisq/docker-lets-encrypt/tags\" title=\"Docker Image Size (tag)\"\u003e\u003cimg src=\"https://img.shields.io/docker/image-size/joseluisq/docker-lets-encrypt/latest\"\u003e\u003c/a\u003e \n\u003ca href=\"https://hub.docker.com/r/joseluisq/docker-lets-encrypt/\" title=\"Docker Image\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/joseluisq/docker-lets-encrypt.svg\"\u003e\u003c/a\u003e \n\n\u003e A multi-arch [Let's Encrypt](https://letsencrypt.org/) Docker image using [Lego CLI](https://go-acme.github.io/lego/) client with convenient environment variables and auto-renewal support on top of the latest __Debian [12-slim](https://hub.docker.com/_/debian/tags?page=1\u0026name=12-slim)__ ([Bookworm](https://www.debian.org/News/2023/20230610)).\n\n## Usage\n\nRun the Docker image\n\n```sh\n# Run Lego CI directly with a particular argument\ndocker run --rm joseluisq/docker-lets-encrypt -v\n\n# Or run the Docker image in interactive mode\ndocker run -it --rm joseluisq/docker-lets-encrypt bash\n```\n\nOr extend it\n\n```Dockerfile\nFROM joseluisq/docker-lets-encrypt\n# your stuff...\n```\n\n## Examples\n\nBelow is an example of obtaining a **wildcard certificate** using the **Cloudflare** provider.\n\nIn this case, make sure to create first a [Cloudflare API User Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) for your specific domain with the `DNS:Edit` permission.\n\n### Using Docker run\n\n```sh\ndocker run -it --rm \\\n    # Lego CLI options\n    -e ENV_LEGO_ENABLE=true \\\n    -e ENV_LEGO_ACCEPT_TOS=true \\\n    -e ENV_LEGO_EMAIL=email@domain.com \\\n    -e ENV_LEGO_DOMAINS=\"*.domain.com\" \\\n    # Lego CLI DNS provider\n    -e ENV_LEGO_DNS=cloudflare \\\n    -e CLOUDFLARE_EMAIL=email@domain.com \\\n    -e CLOUDFLARE_DNS_API_TOKEN= \\\n    # TLS auto-renewal feature (optional)\n    -e ENV_CERT_AUTO_RENEW=true \\\n    -e ENV_CERT_AUTO_RENEW_CRON_INTERVAL=\"0 0 * * *\" \\\n    # Directory mapping (bind mount) for certificate/key files\n    -v /etc/ssl/certs/domain.com:/etc/ssl/.lego \\\n    joseluisq/docker-lets-encrypt\n\n# 2024/01/01 00:00:30 [INFO] [*.domain.com] acme: Obtaining bundled SAN certificate\n# 2024/01/01 00:00:31 [INFO] [*.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/000000000000\n# 2024/01/01 00:00:31 [INFO] [*.domain.com] acme: use dns-01 solver\n# 2024/01/01 00:00:31 [INFO] [*.domain.com] acme: Preparing to solve DNS-01\n# 2024/01/01 00:00:31 [INFO] Found CNAME entry for \"_acme-challenge.domain.com.\": \"dns.domain.com.\"\n# 2024/01/01 00:00:32 [INFO] cloudflare: new record for domain.com, ID 1234567a8e000d0ab0ced00fgjk123e\n# 2024/01/01 00:00:32 [INFO] [*.domain.com] acme: Trying to solve DNS-01\n# 2024/01/01 00:00:32 [INFO] Found CNAME entry for \"_acme-challenge.domain.com.\": \"dns.domain.com.\"\n# 2024/01/01 00:00:32 [INFO] [*.domain.com] acme: Checking DNS record propagation. [nameservers=127.0.0.2:00]\n# 2024/01/01 00:00:34 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]\n# 2024/01/01 00:00:40 [INFO] [*.domain.com] The server validated our request\n# 2024/01/01 00:00:40 [INFO] [*.domain.com] acme: Cleaning DNS-01 challenge\n# 2024/01/01 00:00:40 [INFO] Found CNAME entry for \"_acme-challenge.domain.com.\": \"dns.domain.com.\"\n# 2024/01/01 00:00:41 [INFO] [*.domain.com] acme: Validations succeeded; requesting certificates\n# 2024/01/01 00:00:42 [INFO] [*.domain.com] Server responded with a certificate.\n```\n\n**Notes:**\n\n- `ENV_LEGO_ACCEPT_TOS=true` is used to accept the [Let's Encrypt terms of service](https://community.letsencrypt.org/tos).\n- The container `.lego` directory will contain the certificates and keys, make sure to bind it to a specific host directory. See https://go-acme.github.io/lego/usage/cli/general-instructions/\n- See the **Cloudflare** provider options for more details https://go-acme.github.io/lego/dns/cloudflare/\n\n### Using Docker Compose\n\nBelow is an equivalent example like above but using [Docker Compose](https://docs.docker.com/compose/intro/features-uses/).\n\n```yaml\nversion: \"3.3\"\n\nservices:\n  joseluisq-net:\n    image: joseluisq/docker-lets-encrypt:0.0.3\n    environment:\n      # Lego CLI options\n      - \"ENV_LEGO_ENABLE=true\"\n      - \"ENV_LEGO_ACCEPT_TOS=true\"\n      - \"ENV_LEGO_EMAIL=${ENV_LEGO_EMAIL}\"\n      - \"ENV_LEGO_DOMAINS=*.domain.com\"\n      # Lego CLI DNS provider\n      - \"ENV_LEGO_DNS=cloudflare\"\n      - \"CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}\"\n      - \"CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}\"\n      # TLS auto-renewal feature (optional)\n      - \"ENV_CERT_AUTO_RENEW=true\"\n      - \"ENV_CERT_AUTO_RENEW_CRON_INTERVAL=0 0 * * *\"\n    volumes:\n      # Directory mapping (bind mount) for certificate/key files\n      - /etc/ssl/certs/domain.com:/etc/ssl/.lego\n    deploy:\n      replicas: 1\n      update_config:\n        parallelism: 1\n      restart_policy:\n        condition: on-failure\n```\n\n## Environment variables\n\nThe image provides environment variables support for several [Lego CLI](https://go-acme.github.io/lego/usage/cli/) arguments.\n\nBelow are the environment variables supported and their default values.\n\n### Activation\n\nTo activate the environment variables support, set `ENV_LEGO_ENABLE=true`.\n\n- `ENV_LEGO_ENABLE=false` \n\n### General options\n\n- `ENV_LEGO_EMAIL`\n- `ENV_LEGO_DOMAINS`\n- `ENV_LEGO_SERVER`\n- `ENV_LEGO_CSR`\n- `ENV_LEGO_ACCEPT_TOS=false`\n- `ENV_LEGO_PATH=/etc/ssl/.lego` Directory to use for storing the data.\n\n### Challenge types\n\n- `ENV_LEGO_HTTP=false`\n- `ENV_LEGO_DNS` See Lego DNS providers supported https://go-acme.github.io/lego/dns/#dns-providers\n\n### Obtain a new certificate\n\n- `ENV_LEGO_RUN_HOOK`\n\nBy default, the **Lego CLI** `run` subcommand will be executed, which will [obtain a new certificate](https://go-acme.github.io/lego/usage/cli/obtain-a-certificate/).\n\n### Renew existing certificate\n\nTo [renew a certificate](https://go-acme.github.io/lego/usage/cli/renew-a-certificate/), use the following environment variables instead.\n\n- `ENV_LEGO_RENEW=false` It tells Lego CLI to perform a `renewal` operation on demand.\n- `ENV_LEGO_RENEW_DAYS`\n- `ENV_LEGO_RENEW_HOOK`\n\n#### Certificate auto-renew\n\n**NOTE:** the auto-renew feature is limited to one domain for now.\n\n- `ENV_CERT_AUTO_RENEW=false` Enable the auto-renew feature\n- `ENV_CERT_AUTO_RENEW_DAYS_BEFORE_EXPIRE=3` The days before the certificate expiration to perform a renewal try.\n- `ENV_CERT_AUTO_RENEW_CRON_INTERVAL=0 0 * * *` The Crontab interval for the auto-renew checker (default, once a day)\n\nWhen the option is `ENV_CERT_AUTO_RENEW=true` then a script will programmatically check the certificate days before the expiration (`ENV_CERT_AUTO_RENEW_DAYS_BEFORE_EXPIRE`) and will perform a renewal try.\nKeep in mind that `ENV_LEGO_RENEW` should be disabled (`false`) when using this feature because it refers to the Lego CLI `renew` operation (subcommand).\n\n### Additional arguments\n\n- `ENV_LEGO_ARGS`\n\nPrint all available Lego CLI options.\n\n```sh\n# global options\ndocker run --rm joseluisq/docker-lets-encrypt -h\n# or specific subcommand options\ndocker run --rm joseluisq/docker-lets-encrypt lego run -h\n```\n\nFor more details check out the [Lego CLI](https://go-acme.github.io/lego/usage/cli/) available options.\n\n## Contributions\n\nUnless you explicitly state otherwise, any contribution intentionally submitted for inclusion in current work by you, as defined in the Apache-2.0 license, shall be dual licensed as described below, without any additional terms or conditions.\n\nFeel free to send some [Pull request](https://github.com/joseluisq/docker-lets-encrypt/pulls) or file an [issue](https://github.com/joseluisq/docker-lets-encrypt/issues).\n\n## License\n\nThis work is primarily distributed under the terms of both the [MIT license](LICENSE-MIT) and the [Apache License (Version 2.0)](LICENSE-APACHE).\n\n© 2024-present [Jose Quintana](https://joseluisq.net)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoseluisq%2Fdocker-lets-encrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoseluisq%2Fdocker-lets-encrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoseluisq%2Fdocker-lets-encrypt/lists"}