https://github.com/cub0n/certbot-desec-docker

Container for Certbot with deSec
https://github.com/cub0n/certbot-desec-docker

armv7 certbot certificates container desec docker dockerfile letsencrypt podman raspberry-pi raspberrypi

Last synced: 2 months ago
JSON representation

Container for Certbot with deSec

• Host: GitHub
• URL: https://github.com/cub0n/certbot-desec-docker
• Owner: Cub0n
• License: apache-2.0
• Created: 2022-11-29T16:02:04.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2025-11-30T15:33:46.000Z (7 months ago)
• Last Synced: 2025-12-02T22:34:51.648Z (7 months ago)
• Topics: armv7, certbot, certificates, container, desec, docker, dockerfile, letsencrypt, podman, raspberry-pi, raspberrypi
• Language: Dockerfile
• Homepage:
• Size: 64.5 KB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Attention: Due to use of LEGO (https://github.com/go-acme/lego) and the support for Desec, this Repo is archived.

---

## certbot-desec-docker

deSEC (https://desec.io/) DNS Authenticator for Certbot on Docker.

## Forewords

According to the used underlying architecture (here armv7) it is necessary to select the right image (certbot/certbot:arm32v6-*) beforehand, otherwise _pip install certbot-dns-desec_ will fail (ErrorMessage: _exec container process /bin/sh: Exec format error_).

## Build

Change to directory where the Dockerfile is located and execute: 

* docker build -t certbot:latest 

* buildah bud -f Dockerfile -t certbot:latest (for Podman)

You can choose the tag (-t) on your own. The builded image is automatically added to your local docker/podman image repository.

## Configuration

Configure your Secret with deSec token as described under [Request Certificate](https://github.com/desec-io/certbot-dns-desec#request-certificate). The $DOMAIN.ini has to be saved under the volume path ( -v /path/to/etc/letsencrypt ).

For the first run, the eMail Adress is also needed.

# Starting

with Docker:

```bash

docker run -d --name certbot \

        -v /path/to/etc/letsencrypt:/etc/letsencrypt \

        -v /path/to/var/lib/letsencrypt:/var/lib/letsencrypt \

        ghcr.io/cub0n/certbot-desec-docker:latest certonly --non-interactive --agree-tos --email $EMAIL \

        --authenticator dns-desec \

        --dns-desec-propagation-seconds 300 \

        --dns-desec-credentials /etc/letsencrypt/secrets/$DOMAIN.ini \

        -d "$DOMAIN" \

        -d "*.$DOMAIN"

```

with Podman:

```bash

podman run -d --name certbot \

        -v /path/to/etc/letsencrypt:/etc/letsencrypt:Z \

        -v /path/to/var/lib/letsencrypt:/var/lib/letsencrypt:Z \

        ghcr.io/cub0n/certbot-desec-docker:latest certonly --non-interactive --agree-tos --email $EMAIL \

        --authenticator dns-desec \

        --dns-desec-propagation-seconds 300 \

        --dns-desec-credentials /etc/letsencrypt/secrets/$DOMAIN.ini \

        -d "$DOMAIN" \

        -d "*.$DOMAIN"

```

Increase the wait time with --dns-desec-propagation-seconds 300 to guarantee a certificate renewel. (https://talk.desec.io/t/failing-to-get-the-certificates-generated-by-letsencrypt-according-to-the-documentation/1479/8)