Compare commits

..

59 Commits

Author SHA1 Message Date
LinuxServer-CI 2c22ce9573 Bot Updating Package Versions 2026-07-15 18:14:31 +00:00
Eric Nemchik 0a34712336 Merge pull request #594 from jonathanmajh/patch-1
Update tinyauth-location.conf.sample for Forward Auth
2026-07-11 21:48:18 -05:00
Eric Nemchik 4e7e4f7fee Merge branch 'master' into patch-1 2026-07-11 21:07:22 -05:00
Jonathan Ma e39c6487f7 Update root/defaults/nginx/tinyauth-location.conf.sample
Co-authored-by: Eric Nemchik <eric@nemchik.com>
2026-07-11 12:58:10 -04:00
LinuxServer-CI 493982d27e Bot Updating Templated Files 2026-07-10 22:15:07 +00:00
LinuxServer-CI 1e2b94980c Bot Updating Templated Files 2026-07-10 22:13:20 +00:00
Eric Nemchik b3185a5eff Merge pull request #607 from Sausageroll2077/master
Add CERT_PROFILE support and improve ARI renewal scheduling
2026-07-10 17:11:32 -05:00
Sausageroll2077 e857f808b0 Add CERT_PROFILE support and simplify renewal scheduling
Add CERT_PROFILE env var for Let's Encrypt cert profiles. Run certbot
twice daily via a cron entry with a random delay instead of the previous
sed-based cron randomization. Update changelog.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-11 00:09:29 +02:00
LinuxServer-CI 62d5e73cbb Bot Updating Package Versions 2026-07-10 21:57:02 +00:00
LinuxServer-CI 83ab984b17 Bot Updating Templated Files 2026-07-10 21:52:10 +00:00
Eric Nemchik 1a8290dec1 Merge pull request #618 from Sausageroll2077/add-dnsplugin-mijn-host
Add support for mijn.host DNS plugin
2026-07-10 16:50:25 -05:00
Sausageroll2077 057bbb5930 Merge branch 'master' into add-dnsplugin-mijn-host 2026-07-08 19:20:20 +02:00
LinuxServer-CI d6c053dd22 Bot Updating Package Versions 2026-07-04 06:25:57 +00:00
Sausageroll2077 883a216247 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-29 17:53:31 +02:00
LinuxServer-CI a57ebf0399 Bot Updating Package Versions 2026-06-27 06:34:42 +00:00
Sausageroll2077 37b074c528 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-26 15:52:01 +02:00
LinuxServer-CI d86d2dbb59 Bot Updating Package Versions 2026-06-25 20:47:23 +00:00
Sausageroll2077 25258a2f90 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-21 07:17:39 +02:00
LinuxServer-CI 88b7c77e02 Bot Updating Package Versions 2026-06-20 07:05:54 +00:00
Sausageroll2077 2cea93f9b1 Add support for mijn.host DNS plugin
Adds certbot-dns-mijn-host as a DNSPLUGIN option (mijn-host), including
the plugin in both Dockerfiles, a credentials template under
dns-conf, and the DNSPLUGIN list in readme-vars.yml.

Closes #606

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 20:21:49 +02:00
LinuxServer-CI a9d1f7f0ee Bot Updating Package Versions 2026-06-13 07:04:48 +00:00
LinuxServer-CI d3fe405b46 Bot Updating Package Versions 2026-06-06 06:35:32 +00:00
LinuxServer-CI 32c26223dd Bot Updating Package Versions 2026-06-01 16:09:07 +00:00
aptalca 60161a3baf Merge pull request #613 from linuxserver/cert-check
remove obsolete old cert check logic
2026-06-01 12:02:02 -04:00
aptalca 321837be0d remove obsolete old cert check logic 2026-06-01 11:04:38 -04:00
LinuxServer-CI c371973f5f Bot Updating Package Versions 2026-05-30 06:29:09 +00:00
LinuxServer-CI bc18a403ba Bot Updating Package Versions 2026-05-23 06:17:54 +00:00
LinuxServer-CI b104a66e06 Bot Updating Package Versions 2026-05-16 06:00:50 +00:00
LinuxServer-CI 80bc4b4243 Bot Updating Package Versions 2026-05-14 20:15:20 +00:00
LinuxServer-CI 7cf7838a87 Bot Updating Package Versions 2026-05-14 19:54:29 +00:00
LinuxServer-CI 0cb2c16f7d Bot Updating Package Versions 2026-05-11 17:29:24 +00:00
LinuxServer-CI 36129452e8 Bot Updating Package Versions 2026-05-09 05:55:56 +00:00
LinuxServer-CI bb2b29d9c1 Bot Updating Templated Files 2026-05-09 05:51:19 +00:00
LinuxServer-CI b7ea5c43ec Bot Updating Package Versions 2026-05-02 05:43:26 +00:00
LinuxServer-CI 8fbf8ab449 Bot Updating Package Versions 2026-04-25 05:17:58 +00:00
Jonathan Ma 6b1745980a Merge branch 'master' into patch-1 2026-04-23 08:56:57 -04:00
LinuxServer-CI 9c5ae4f09a Bot Updating Package Versions 2026-04-18 05:12:40 +00:00
LinuxServer-CI 321c7f3295 Bot Updating Package Versions 2026-04-11 05:00:44 +00:00
LinuxServer-CI 005a68591d Bot Updating Package Versions 2026-04-07 19:22:47 +00:00
LinuxServer-CI 01bfb62124 Bot Updating Templated Files 2026-04-07 19:18:28 +00:00
LinuxServer-CI 04ad8386bf Bot Updating Package Versions 2026-04-04 04:55:57 +00:00
LinuxServer-CI b409073642 Bot Updating Package Versions 2026-03-28 04:58:53 +00:00
LinuxServer-CI 1c8a8d004e Bot Updating Package Versions 2026-03-21 04:42:40 +00:00
LinuxServer-CI 9235e504a1 Bot Updating Package Versions 2026-03-14 04:48:10 +00:00
LinuxServer-CI ef520118f5 Bot Updating Package Versions 2026-03-10 19:42:05 +00:00
Adam 4a4e84d26b Merge pull request #602 from linuxserver/tinyauth-fix
Add missing tinyauth blocks to default conf
2026-03-07 14:05:10 +00:00
thespad 8c002e6c56 Add missing tinyauth blocks to default conf 2026-03-07 13:57:15 +00:00
LinuxServer-CI ea840fbfbc Bot Updating Package Versions 2026-03-07 04:26:21 +00:00
LinuxServer-CI 42ba97e46a Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Failing after 0s
External Trigger Scheduler / external-trigger-scheduler (push) Failing after 10s
2026-02-28 04:20:29 +00:00
LinuxServer-CI b4b73022db Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-21 04:42:02 +00:00
LinuxServer-CI 9d5ebb6a7a Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-14 04:50:10 +00:00
LinuxServer-CI 7ad019e68d Bot Updating Templated Files 2026-02-14 04:45:56 +00:00
LinuxServer-CI 59ef2df680 Bot Updating Templated Files 2026-02-14 04:44:20 +00:00
LinuxServer-CI db874b2c0f Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-10 05:08:06 +00:00
LinuxServer-CI 6182a75998 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-07 04:43:17 +00:00
LinuxServer-CI 145c5d84f6 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-06 14:17:14 +00:00
LinuxServer-CI 1039f2a04c Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-03 19:48:04 +00:00
LinuxServer-CI 156e3ac160 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-31 04:29:28 +00:00
Jonathan Ma 3ffa4aaa77 Update tinyauth-location.conf.sample for Forward Auth
Updated version information and added headers for Forward Auth in the tinyauth NGINX configuration.
2025-12-17 15:28:03 -05:00
12 changed files with 310 additions and 239 deletions
+1
View File
@@ -121,6 +121,7 @@ RUN \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
+1
View File
@@ -121,6 +121,7 @@ RUN \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
Vendored
+75 -59
View File
@@ -76,6 +76,8 @@ pipeline {
''' '''
script{ script{
env.EXIT_STATUS = '' env.EXIT_STATUS = ''
env.CI_TEST_ATTEMPTED = ''
env.PUSH_ATTEMPTED = ''
env.LS_RELEASE = sh( env.LS_RELEASE = sh(
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim() returnStdout: true).trim()
@@ -283,7 +285,7 @@ pipeline {
-v ${WORKSPACE}:/mnt \ -v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache python3 && \ apk add --no-cache python3 && \
python3 -m venv /lsiopy && \ python3 -m venv /lsiopy && \
pip install --no-cache-dir -U pip && \ pip install --no-cache-dir -U pip && \
@@ -871,6 +873,7 @@ pipeline {
script{ script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
env.CI_TEST_ATTEMPTED = 'true'
} }
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -923,6 +926,9 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -952,11 +958,18 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
[[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}" if [[ "${MANIFESTIMAGE%%/*}" =~ \\. ]]; then
MANIFESTIMAGEPLUS="${MANIFESTIMAGE}"
else
MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
fi
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
@@ -1073,13 +1086,58 @@ EOF
) ''' ) '''
} }
} }
// If this is a Pull request send the CI link as a comment on it
stage('Pull Request Comment') {
when {
not {environment name: 'CHANGE_ID', value: ''}
environment name: 'EXIT_STATUS', value: ''
} }
steps { /* ######################
Comment on PR and Send status to Discord
###################### */
post {
always {
script {
env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim()
if (env.EXIT_STATUS == "ABORTED"){
sh 'echo "build aborted"'
}else{
if (currentBuild.currentResult == "SUCCESS"){
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=1681177
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}else{
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=16711680
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
"footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
"timestamp": "'${JOB_DATE}'",\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
}
script {
if (env.GITHUBIMAGE =~ /lspipepr/){
if (env.CI_TEST_ATTEMPTED == "true" || env.PUSH_ATTEMPTED == "true"){
sh '''#! /bin/bash sh '''#! /bin/bash
# Function to retrieve JSON data from URL # Function to retrieve JSON data from URL
get_json() { get_json() {
@@ -1140,23 +1198,24 @@ EOF
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" -d "{\\"body\\": \\"I am a bot, here are the test results for this PR for commit ${COMMIT_SHA:0:7} : \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
else else
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR for commit ${COMMIT_SHA:0:7} : \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
fi fi
''' '''
} else {
sh '''#! /bin/bash
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, the build for PR commit ${COMMIT_SHA:0:7} failed and as a result no CI test was attempted and no images were pushed.\\"}"
'''
} }
} }
} }
/* ######################
Send status to Discord
###################### */
post {
always {
sh '''#!/bin/bash sh '''#!/bin/bash
rm -rf /config/.ssh/id_sign rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub rm -rf /config/.ssh/id_sign.pub
@@ -1164,49 +1223,6 @@ EOF
git config --global --unset user.signingkey git config --global --unset user.signingkey
git config --global --unset commit.gpgsign git config --global --unset commit.gpgsign
''' '''
script{
env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim()
if (env.EXIT_STATUS == "ABORTED"){
sh 'echo "build aborted"'
}else{
if (currentBuild.currentResult == "SUCCESS"){
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=3957028
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Success'
env.JOB_WEBHOOK_COLOUR=1681177
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}else{
if (env.GITHUBIMAGE =~ /lspipepr/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='PR Build'
}else if (env.GITHUBIMAGE =~ /lsiodev/){
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=12669523
env.JOB_WEBHOOK_FOOTER='Dev Build'
}else{
env.JOB_WEBHOOK_STATUS='Failure'
env.JOB_WEBHOOK_COLOUR=16711680
env.JOB_WEBHOOK_FOOTER='Live Build'
}
}
sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
"footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
"timestamp": "'${JOB_DATE}'",\
"description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
}
}
} }
cleanup { cleanup {
sh '''#! /bin/bash sh '''#! /bin/bash
+9 -3
View File
@@ -68,7 +68,7 @@ The architectures supported by this image are:
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -170,7 +170,7 @@ This image can be run with a read-only container filesystem. For details please
To help you get started creating a container from this image you can either use docker-compose or the docker cli. To help you get started creating a container from this image you can either use docker-compose or the docker cli.
>[!NOTE] >[!NOTE]
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. >Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
@@ -190,6 +190,7 @@ services:
- VALIDATION=http - VALIDATION=http
- SUBDOMAINS=www, #optional - SUBDOMAINS=www, #optional
- CERTPROVIDER= #optional - CERTPROVIDER= #optional
- CERT_PROFILE= #optional
- DNSPLUGIN=cloudflare #optional - DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional - PROPAGATION= #optional
- EMAIL= #optional - EMAIL= #optional
@@ -221,6 +222,7 @@ docker run -d \
-e VALIDATION=http \ -e VALIDATION=http \
-e SUBDOMAINS=www, `#optional` \ -e SUBDOMAINS=www, `#optional` \
-e CERTPROVIDER= `#optional` \ -e CERTPROVIDER= `#optional` \
-e CERT_PROFILE= `#optional` \
-e DNSPLUGIN=cloudflare `#optional` \ -e DNSPLUGIN=cloudflare `#optional` \
-e PROPAGATION= `#optional` \ -e PROPAGATION= `#optional` \
-e EMAIL= `#optional` \ -e EMAIL= `#optional` \
@@ -254,7 +256,8 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e CERT_PROFILE=` | Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -433,6 +436,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **10.07.26:** - Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay.
* **19.06.26:** - Add support for mijn.host dns validation.
* **01.06.26:** - Remove obsolete old cert check logic.
* **23.01.26:** - Reorder init to fix proxy conf version checks. * **23.01.26:** - Reorder init to fix proxy conf version checks.
* **21.12.25:** - Add support for hetzner-cloud dns validation. * **21.12.25:** - Add support for hetzner-cloud dns validation.
* **04.11.25:** - Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin. * **04.11.25:** - Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin.
+140 -125
View File
@@ -1,110 +1,111 @@
NAME VERSION TYPE NAME VERSION TYPE
Simple Launcher 1.1.0.14 binary (+5 duplicates) Simple Launcher 1.1.0.14 binary (+5 duplicates)
acl-libs 2.3.2-r1 apk acl-libs 2.3.2-r1 apk
acme 5.2.2 python acme 5.7.0 python
alpine-baselayout 3.7.0-r0 apk alpine-baselayout 3.7.0-r0 apk
alpine-baselayout-data 3.7.0-r0 apk alpine-baselayout-data 3.7.0-r0 apk
alpine-keys 2.5-r0 apk alpine-keys 2.5-r0 apk
alpine-release 3.22.2-r0 apk alpine-release 3.22.5-r0 apk
annotated-types 0.7.0 python
anyio 4.14.2 python
aom-libs 3.12.1-r0 apk aom-libs 3.12.1-r0 apk
apache2-utils 2.4.66-r0 apk apache2-utils 2.4.68-r0 apk
apk-tools 2.14.9-r3 apk apk-tools 2.14.10-r0 apk
apr 1.7.5-r0 apk apr 1.7.5-r0 apk
apr-util 1.6.3-r1 apk apr-util 1.6.3-r1 apk
argon2-libs 20190702-r5 apk argon2-libs 20190702-r5 apk
attrs 25.4.0 python
autocommand 2.2.2 python autocommand 2.2.2 python
azure-common 1.1.28 python azure-common 1.1.28 python
azure-core 1.38.0 python azure-core 1.41.0 python
azure-identity 1.25.1 python azure-identity 1.25.3 python
azure-mgmt-core 1.6.0 python azure-mgmt-core 1.6.0 python
azure-mgmt-dns 9.0.0 python azure-mgmt-dns 9.0.0 python
backports-tarfile 1.2.0 python backports-tarfile 1.2.0 python
bash 5.2.37-r0 apk bash 5.2.37-r0 apk
beautifulsoup4 4.14.3 python beautifulsoup4 4.15.0 python
boto3 1.42.34 python boto3 1.43.48 python
botocore 1.42.34 python botocore 1.43.48 python
brotli-libs 1.1.0-r2 apk brotli-libs 1.1.0-r2 apk
bs4 0.0.2 python bs4 0.0.2 python
busybox 1.37.0-r20 apk busybox 1.37.0-r20 apk
busybox-binsh 1.37.0-r20 apk busybox-binsh 1.37.0-r20 apk
c-ares 1.34.6-r0 apk c-ares 1.34.6-r0 apk
c-client 2007f-r15 apk c-client 2007f-r15 apk
ca-certificates 20250911-r0 apk ca-certificates 20260611-r0 apk
ca-certificates-bundle 20250911-r0 apk ca-certificates-bundle 20260611-r0 apk
catatonit 0.2.1-r0 apk catatonit 0.2.1-r0 apk
certbot 5.2.2 python certbot 5.7.0 python
certbot-dns-acmedns 0.1.0 python certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 1.5.0 python certbot-dns-azure 1.5.0 python
certbot-dns-bunny 3.0.0 python certbot-dns-bunny 3.0.0 python
certbot-dns-cloudflare 5.2.2 python certbot-dns-cloudflare 5.7.0 python
certbot-dns-cpanel 0.4.0 python certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.3.2 python certbot-dns-desec 1.3.2 python
certbot-dns-digitalocean 5.2.2 python certbot-dns-digitalocean 5.7.0 python
certbot-dns-directadmin 1.0.15 python certbot-dns-directadmin 1.0.15 python
certbot-dns-dnsimple 5.2.2 python certbot-dns-dnsimple 5.7.0 python
certbot-dns-dnsmadeeasy 5.2.2 python certbot-dns-dnsmadeeasy 5.7.0 python
certbot-dns-dnspod 0.1.0 python certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python certbot-dns-domeneshop 0.2.9 python
certbot-dns-dreamhost 1.0 python certbot-dns-dreamhost 1.0 python
certbot-dns-duckdns 1.7.1 python certbot-dns-duckdns 1.8.0 python
certbot-dns-dynudns 0.0.6 python certbot-dns-dynudns 0.0.6 python
certbot-dns-freedns 0.2.0 python certbot-dns-freedns 0.2.0 python
certbot-dns-gehirn 5.2.2 python certbot-dns-gehirn 5.7.0 python
certbot-dns-glesys 2.1.0 python certbot-dns-glesys 2.1.0 python
certbot-dns-godaddy 2.8.0 python certbot-dns-godaddy 2.8.0 python
certbot-dns-google 5.2.2 python certbot-dns-google 5.7.0 python
certbot-dns-he 1.0.0 python certbot-dns-he 1.0.0 python
certbot-dns-hetzner 3.0.0 python certbot-dns-hetzner 4.0.0 python
certbot-dns-hetzner-cloud 1.0.4 python certbot-dns-hetzner-cloud 1.0.5 python
certbot-dns-infomaniak 0.2.4 python certbot-dns-infomaniak 0.2.4 python
certbot-dns-inwx 3.0.3 python certbot-dns-inwx 3.0.3 python
certbot-dns-ionos 2024.11.9 python certbot-dns-ionos 2024.11.9 python
certbot-dns-linode 5.2.2 python certbot-dns-linode 5.7.0 python
certbot-dns-loopia 1.0.1 python certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 5.2.2 python certbot-dns-luadns 5.7.0 python
certbot-dns-mijn-host 0.0.9 python
certbot-dns-namecheap 1.0.0 python certbot-dns-namecheap 1.0.0 python
certbot-dns-netcup 2.0.0 python certbot-dns-netcup 2.0.3 python
certbot-dns-njalla 2.0.2 python certbot-dns-njalla 2.0.2 python
certbot-dns-nsone 5.2.2 python certbot-dns-nsone 5.7.0 python
certbot-dns-ovh 5.2.2 python certbot-dns-ovh 5.7.0 python
certbot-dns-porkbun 0.11.0 python certbot-dns-porkbun 0.11.0 python
certbot-dns-rfc2136 5.2.2 python certbot-dns-rfc2136 5.7.0 python
certbot-dns-route53 5.2.2 python certbot-dns-route53 5.7.0 python
certbot-dns-sakuracloud 5.2.2 python certbot-dns-sakuracloud 5.7.0 python
certbot-dns-standalone 1.2.1 python certbot-dns-standalone 1.2.1 python
certbot-dns-transip 0.5.2 python certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.1.0 python certbot-dns-vultr 1.1.0 python
certbot-plugin-gandi 1.5.0 python certbot-plugin-gandi 1.5.0 python
certifi 2026.1.4 python certifi 2024.8.30 python
cffi 2.0.0 python cffi 1.17.0 python
charset-normalizer 3.4.4 python charset-normalizer 3.3.2 python
cli UNKNOWN binary cli UNKNOWN binary
cli-32 UNKNOWN binary cli-32 UNKNOWN binary
cli-64 UNKNOWN binary cli-64 UNKNOWN binary
cli-arm64 UNKNOWN binary cli-arm64 UNKNOWN binary
cloudflare 2.19.4 python cloudflare 5.5.0 python
composer 2.9.4 binary composer 2.10.2 binary
configargparse 1.7.1 python configargparse 1.7 python
configobj 5.0.9 python configobj 5.0.8 python
coreutils 9.7-r1 apk coreutils 9.7-r1 apk
coreutils-env 9.7-r1 apk coreutils-env 9.7-r1 apk
coreutils-fmt 9.7-r1 apk coreutils-fmt 9.7-r1 apk
coreutils-sha512sum 9.7-r1 apk coreutils-sha512sum 9.7-r1 apk
cryptography 46.0.3 python cryptography 46.0.0 python
curl 8.14.1-r2 apk curl 8.14.1-r2 apk
distro 1.9.0 python distro 1.9.0 python
dns-lexicon 3.23.2 python dns-lexicon 3.25.2 python
dns-lexicon-coop 3.24.2 python
dnslib 0.9.26 python dnslib 0.9.26 python
dnspython 2.8.0 python dnspython 2.8.0 python
domeneshop 0.4.4 python domeneshop 0.4.4 python
fail2ban 1.1.0 python fail2ban 1.1.0 python
fail2ban 1.1.0-r3 apk fail2ban 1.1.0-r3 apk
fail2ban-pyc 1.1.0-r3 apk fail2ban-pyc 1.1.0-r3 apk
filelock 3.20.3 python filelock 3.29.7 python
findutils 4.10.0-r0 apk findutils 4.10.0-r0 apk
fontconfig 2.15.0-r3 apk fontconfig 2.15.0-r3 apk
freetype 2.13.3-r0 apk freetype 2.13.3-r0 apk
@@ -120,12 +121,12 @@ gnupg-gpgconf 2.4.9-r0 apk
gnupg-keyboxd 2.4.9-r0 apk gnupg-keyboxd 2.4.9-r0 apk
gnupg-utils 2.4.9-r0 apk gnupg-utils 2.4.9-r0 apk
gnupg-wks-client 2.4.9-r0 apk gnupg-wks-client 2.4.9-r0 apk
gnutls 3.8.8-r0 apk gnutls 3.8.13-r0 apk
google-api-core 2.29.0 python google-api-core 2.30.3 python
google-api-python-client 2.188.0 python google-api-python-client 2.198.0 python
google-auth 2.47.0 python google-auth 2.56.0 python
google-auth-httplib2 0.3.0 python google-auth-httplib2 0.4.0 python
googleapis-common-protos 1.72.0 python googleapis-common-protos 1.75.0 python
gpg 2.4.9-r0 apk gpg 2.4.9-r0 apk
gpg-agent 2.4.9-r0 apk gpg-agent 2.4.9-r0 apk
gpg-wks-server 2.4.9-r0 apk gpg-wks-server 2.4.9-r0 apk
@@ -135,39 +136,43 @@ gui UNKNOWN binary
gui-32 UNKNOWN binary gui-32 UNKNOWN binary
gui-64 UNKNOWN binary gui-64 UNKNOWN binary
gui-arm64 UNKNOWN binary gui-arm64 UNKNOWN binary
hcloud 2.16.0 python h11 0.16.0 python
httplib2 0.31.2 python hcloud 2.22.0 python
httpcore 1.0.9 python
httplib2 0.32.0 python
httpx 0.28.1 python
icu-data-en 76.1-r1 apk icu-data-en 76.1-r1 apk
icu-libs 76.1-r1 apk icu-libs 76.1-r1 apk
idna 3.11 python idna 3.8 python
importlib-metadata 8.7.1 python importlib-metadata 8.0.0 python
importlib-resources 6.4.0 python
inflect 7.3.1 python
inotify-tools 4.23.9.0-r0 apk inotify-tools 4.23.9.0-r0 apk
inotify-tools-libs 4.23.9.0-r0 apk inotify-tools-libs 4.23.9.0-r0 apk
inwx-domrobot 3.2.0 python inwx-domrobot 3.2.0 python
iptables 1.8.11-r1 apk iptables 1.8.11-r1 apk
iptables-legacy 1.8.11-r1 apk iptables-legacy 1.8.11-r1 apk
isodate 0.7.2 python isodate 0.7.2 python
jaraco-context 6.1.0 python jaraco-context 5.3.0 python
jaraco-functools 4.4.0 python jaraco-functools 4.0.1 python
jaraco-text 4.0.0 python jaraco-text 3.12.1 python
jinja2 3.1.6 python jinja2 3.1.6 python
jmespath 1.1.0 python jmespath 1.1.0 python
josepy 2.2.0 python josepy 2.2.0 python
jq 1.8.1-r0 apk jq 1.8.1-r0 apk
jsonlines 4.0.0 python jsonpickle 4.1.2 python
jsonpickle 4.1.1 python libapk2 2.14.10-r0 apk
libapk2 2.14.9-r3 apk
libassuan 2.5.7-r0 apk libassuan 2.5.7-r0 apk
libattr 2.5.2-r2 apk libattr 2.5.2-r2 apk
libavif 1.3.0-r0 apk libavif 1.3.0-r0 apk
libbsd 0.12.2-r0 apk libbsd 0.12.2-r0 apk
libbz2 1.0.8-r6 apk libbz2 1.0.8-r6 apk
libcrypto3 3.5.4-r0 apk libcrypto3 3.5.7-r0 apk
libcurl 8.14.1-r2 apk libcurl 8.14.1-r2 apk
libdav1d 1.5.1-r0 apk libdav1d 1.5.1-r0 apk
libedit 20250104.3.1-r1 apk libedit 20250104.3.1-r1 apk
libevent 2.1.12-r8 apk libevent 2.1.13-r0 apk
libexpat 2.7.3-r0 apk libexpat 2.8.2-r0 apk
libffi 3.4.8-r0 apk libffi 3.4.8-r0 apk
libgcc 14.2.0-r6 apk libgcc 14.2.0-r6 apk
libgcrypt 1.10.3-r1 apk libgcrypt 1.10.3-r1 apk
@@ -188,8 +193,8 @@ libmnl 1.0.5-r2 apk
libncursesw 6.5_p20250503-r0 apk libncursesw 6.5_p20250503-r0 apk
libnftnl 1.2.9-r0 apk libnftnl 1.2.9-r0 apk
libpanelw 6.5_p20250503-r0 apk libpanelw 6.5_p20250503-r0 apk
libpng 1.6.54-r0 apk libpng 1.6.57-r0 apk
libpq 17.7-r0 apk libpq 17.10-r0 apk
libproc2 4.0.4-r3 apk libproc2 4.0.4-r3 apk
libpsl 0.21.5-r3 apk libpsl 0.21.5-r3 apk
libsasl 2.1.28-r8 apk libsasl 2.1.28-r8 apk
@@ -197,7 +202,7 @@ libseccomp 2.6.0-r0 apk
libsharpyuv 1.5.0-r0 apk libsharpyuv 1.5.0-r0 apk
libsm 1.2.5-r0 apk libsm 1.2.5-r0 apk
libsodium 1.0.20-r1 apk libsodium 1.0.20-r1 apk
libssl3 3.5.4-r0 apk libssl3 3.5.7-r0 apk
libstdc++ 14.2.0-r6 apk libstdc++ 14.2.0-r6 apk
libtasn1 4.21.0-r0 apk libtasn1 4.21.0-r0 apk
libunistring 1.3-r0 apk libunistring 1.3-r0 apk
@@ -208,8 +213,8 @@ libxau 1.0.12-r0 apk
libxcb 1.17.0-r0 apk libxcb 1.17.0-r0 apk
libxdmcp 1.1.5-r1 apk libxdmcp 1.1.5-r1 apk
libxext 1.3.6-r2 apk libxext 1.3.6-r2 apk
libxml2 2.13.9-r0 apk libxml2 2.13.9-r1 apk
libxpm 3.5.17-r0 apk libxpm 3.5.19-r0 apk
libxslt 1.1.43-r3 apk libxslt 1.1.43-r3 apk
libxt 1.3.1-r0 apk libxt 1.3.1-r0 apk
libxtables 1.8.11-r1 apk libxtables 1.8.11-r1 apk
@@ -218,50 +223,51 @@ libzip 1.11.4-r0 apk
linux-pam 1.7.0-r4 apk linux-pam 1.7.0-r4 apk
logrotate 3.21.0-r1 apk logrotate 3.21.0-r1 apk
loopialib 0.2.0 python loopialib 0.2.0 python
lxml 6.0.2 python lxml 6.1.1 python
lz4-libs 1.10.0-r0 apk lz4-libs 1.10.0-r0 apk
markupsafe 3.0.3 python markupsafe 3.0.3 python
memcached 1.6.32-r0 apk memcached 1.6.32-r0 apk
mock 5.2.0 python mock 5.2.0 python
more-itertools 10.8.0 python more-itertools 10.3.0 python
mpdecimal 4.0.1-r0 apk mpdecimal 4.0.1-r0 apk
msal 1.34.0 python msal 1.37.0 python
msal-extensions 1.3.1 python msal-extensions 1.3.1 python
musl 1.2.5-r10 apk musl 1.2.5-r12 apk
musl-utils 1.2.5-r10 apk musl-utils 1.2.5-r12 apk
my-test-package 1.0 python my-test-package 1.0 python
nano 8.4-r0 apk nano 8.4-r0 apk
ncurses-terminfo-base 6.5_p20250503-r0 apk ncurses-terminfo-base 6.5_p20250503-r0 apk
netcat-openbsd 1.229.1-r0 apk netcat-openbsd 1.229.1-r0 apk
nettle 3.10.1-r0 apk nettle 3.10.2-r0 apk
nghttp2-libs 1.65.0-r0 apk nghttp2-libs 1.69.0-r0 apk
nginx 1.28.0-r3 apk nginx 1.28.3-r4 apk
nginx-mod-devel-kit 1.28.0-r3 apk nginx-mod-devel-kit 1.28.3-r4 apk
nginx-mod-http-brotli 1.28.0-r3 apk nginx-mod-http-brotli 1.28.3-r4 apk
nginx-mod-http-dav-ext 1.28.0-r3 apk nginx-mod-http-dav-ext 1.28.3-r4 apk
nginx-mod-http-echo 1.28.0-r3 apk nginx-mod-http-echo 1.28.3-r4 apk
nginx-mod-http-fancyindex 1.28.0-r3 apk nginx-mod-http-fancyindex 1.28.3-r4 apk
nginx-mod-http-geoip2 1.28.0-r3 apk nginx-mod-http-geoip2 1.28.3-r4 apk
nginx-mod-http-headers-more 1.28.0-r3 apk nginx-mod-http-headers-more 1.28.3-r4 apk
nginx-mod-http-image-filter 1.28.0-r3 apk nginx-mod-http-image-filter 1.28.3-r4 apk
nginx-mod-http-perl 1.28.0-r3 apk nginx-mod-http-perl 1.28.3-r4 apk
nginx-mod-http-redis2 1.28.0-r3 apk nginx-mod-http-redis2 1.28.3-r4 apk
nginx-mod-http-set-misc 1.28.0-r3 apk nginx-mod-http-set-misc 1.28.3-r4 apk
nginx-mod-http-upload-progress 1.28.0-r3 apk nginx-mod-http-upload-progress 1.28.3-r4 apk
nginx-mod-http-xslt-filter 1.28.0-r3 apk nginx-mod-http-xslt-filter 1.28.3-r4 apk
nginx-mod-mail 1.28.0-r3 apk nginx-mod-mail 1.28.3-r4 apk
nginx-mod-rtmp 1.28.0-r3 apk nginx-mod-rtmp 1.28.3-r4 apk
nginx-mod-stream 1.28.0-r3 apk nginx-mod-stream 1.28.3-r4 apk
nginx-mod-stream-geoip2 1.28.0-r3 apk nginx-mod-stream-geoip2 1.28.3-r4 apk
nginx-vim 1.28.0-r3 apk nginx-vim 1.28.3-r4 apk
npth 1.8-r0 apk npth 1.8-r0 apk
oniguruma 6.9.10-r0 apk oniguruma 6.9.10-r0 apk
openssl 3.5.4-r0 apk openssl 3.5.7-r0 apk
p11-kit 0.25.5-r2 apk p11-kit 0.26.2-r0 apk
packaging 26.0 python (+1 duplicate) packaging 24.1 python
packaging 26.2 python
parsedatetime 2.6 python parsedatetime 2.6 python
pcre2 10.46-r0 apk pcre2 10.46-r0 apk
perl 5.40.3-r0 apk perl 5.40.4-r0 apk
perl-error 0.17030-r0 apk perl-error 0.17030-r0 apk
perl-git 2.49.1-r0 apk perl-git 2.49.1-r0 apk
php84 8.4.16-r0 apk php84 8.4.16-r0 apk
@@ -313,58 +319,67 @@ php84-xmlwriter 8.4.16-r0 apk
php84-xsl 8.4.16-r0 apk php84-xsl 8.4.16-r0 apk
php84-zip 8.4.16-r0 apk php84-zip 8.4.16-r0 apk
pinentry 1.3.1-r0 apk pinentry 1.3.1-r0 apk
pip 25.3 python pip 26.1.2 python
pkb-client 2.2.0 python pkb-client 2.3.1 python
platformdirs 4.4.0 python platformdirs 4.2.2 python
popt 1.19-r4 apk popt 1.19-r4 apk
procps-ng 4.0.4-r3 apk procps-ng 4.0.4-r3 apk
proto-plus 1.27.0 python proto-plus 1.28.1 python
protobuf 6.33.4 python protobuf 7.35.1 python
pyacmedns 0.4 python pyacmedns 0.4 python
pyasn1 0.6.2 python pyasn1 0.6.4 python
pyasn1-modules 0.4.2 python pyasn1-modules 0.4.2 python
pyc 3.12.12-r0 apk pyc 3.12.13-r0 apk
pycparser 3.0 python pycparser 2.22 python
pyjwt 2.10.1 python pydantic 2.13.4 python
pydantic-core 2.46.4 python
pyjwt 2.13.0 python
pynamecheap 0.0.3 python pynamecheap 0.0.3 python
pyopenssl 25.3.0 python pyopenssl 26.2.0 python
pyotp 2.9.0 python pyotp 2.10.0 python
pyparsing 3.3.2 python pyparsing 3.3.2 python
pyrfc3339 2.1.0 python pyrfc3339 1.1 python
python-dateutil 2.9.0.post0 python python-dateutil 2.9.0.post0 python
python-digitalocean 1.17.0 python python-digitalocean 1.17.0 python
python-transip 0.6.0 python python-transip 0.6.0 python
python3 3.12.12-r0 apk python3 3.12.13-r0 apk
python3-pyc 3.12.12-r0 apk python3-pyc 3.12.13-r0 apk
python3-pycache-pyc0 3.12.12-r0 apk python3-pycache-pyc0 3.12.13-r0 apk
pytz 2024.1 python
pyyaml 6.0.3 python pyyaml 6.0.3 python
readline 8.2.13-r1 apk readline 8.2.13-r1 apk
requests 2.32.5 python requests 2.32.3 python
requests-file 3.0.1 python requests-file 3.0.1 python
requests-mock 1.12.1 python requests-mock 1.12.1 python
rsa 4.9.1 python requests-unixsocket 0.4.1 python
s3transfer 0.16.0 python ruff 0.6.3 python
s3transfer 0.19.1 python
scanelf 1.3.8-r1 apk scanelf 1.3.8-r1 apk
setuptools 80.10.2 python setuptools 74.0.0 python
shadow 4.17.3-r0 apk shadow 4.17.3-r0 apk
six 1.17.0 python six 1.16.0 python
skalibs-libs 2.14.4.0-r0 apk skalibs-libs 2.14.4.0-r0 apk
soupsieve 2.8.3 python sniffio 1.3.1 python
soupsieve 2.8.4 python
sqlite-libs 3.49.2-r1 apk sqlite-libs 3.49.2-r1 apk
ssl_client 1.37.0-r20 apk ssl_client 1.37.0-r20 apk
tiff 4.7.1-r0 apk tiff 4.7.1-r0 apk
tldextract 5.3.1 python tldextract 5.3.1 python
tomli 2.4.0 python tomli 2.0.1 python
typing-extensions 4.15.0 python typeguard 4.3.0 python
tzdata 2025c-r0 apk typing-extensions 4.12.2 python
typing-extensions 4.16.0 python
typing-inspection 0.4.2 python
tzdata 2026b-r0 apk
unixodbc 2.3.12-r0 apk unixodbc 2.3.12-r0 apk
uritemplate 4.2.0 python uritemplate 4.2.0 python
urllib3 2.6.3 python urllib3 2.2.2 python
utmps-libs 0.1.3.1-r0 apk utmps-libs 0.1.3.1-r0 apk
wheel 0.46.3 python (+1 duplicate) wheel 0.43.0 python
wheel 0.44.0 python
whois 5.6.3-r0 apk whois 5.6.3-r0 apk
xz-libs 5.8.1-r0 apk xz-libs 5.8.3-r0 apk
zipp 3.23.0 python zipp 3.19.2 python
zlib 1.3.1-r2 apk zlib 1.3.2-r0 apk
zope-interface 8.2 python zope-interface 8.5 python
zstd-libs 1.5.7-r0 apk zstd-libs 1.5.7-r0 apk
+6 -2
View File
@@ -32,7 +32,8 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"} - {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."} - {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."} - {env_var: "CERT_PROFILE", env_value: "", desc: "Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ "}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."} - {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."} - {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
- {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"} - {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"}
@@ -65,7 +66,7 @@ app_setup_block: |
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -219,6 +220,9 @@ init_diagram: |
"swag:latest" <- Base Images "swag:latest" <- Base Images
# changelog # changelog
changelogs: changelogs:
- {date: "10.07.26:", desc: "Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay."}
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."} - {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
- {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."} - {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."}
- {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."} - {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."}
+3
View File
@@ -0,0 +1,3 @@
# Instructions: https://github.com/mijnhost/certbot-dns-mijn-host
# Replace with your API key from your mijn.host account.
dns_mijn_host_api_key = yourapikeygoeshere
@@ -1,4 +1,4 @@
## Version 2025/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample ## Version 2026/03/07 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https # redirect all traffic to https
server { server {
@@ -36,6 +36,9 @@ server {
# enable for Authentik (requires authentik-location.conf in the location block) # enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf; #include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / { location / {
# enable for basic auth # enable for basic auth
#auth_basic "Restricted"; #auth_basic "Restricted";
@@ -50,6 +53,9 @@ server {
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
} }
@@ -1,4 +1,4 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample ## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth # Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf # Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
@@ -7,3 +7,17 @@ auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login; error_page 401 = @tinyauth_login;
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;
## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;
## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager
+1 -1
View File
@@ -5,4 +5,4 @@
0 3 * * 6 run-parts /etc/periodic/weekly 0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly 0 5 1 * * run-parts /etc/periodic/monthly
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1 0 */12 * * * sleep $((60 + $RANDOM % 230)); /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
@@ -12,12 +12,13 @@ EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\ ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
VALIDATION=${VALIDATION}\\n\ VALIDATION=${VALIDATION}\\n\
CERTPROVIDER=${CERTPROVIDER}\\n\ CERTPROVIDER=${CERTPROVIDER}\\n\
CERT_PROFILE=${CERT_PROFILE}\\n\
DNSPLUGIN=${DNSPLUGIN}\\n\ DNSPLUGIN=${DNSPLUGIN}\\n\
EMAIL=${EMAIL}\\n\ EMAIL=${EMAIL}\\n\
STAGING=${STAGING}\\n" STAGING=${STAGING}\\n"
# Sanitize variables # Sanitize variables
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER) SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER CERT_PROFILE)
for i in "${SANED_VARS[@]}"; do for i in "${SANED_VARS[@]}"; do
export echo "${i}"="${!i//\"/}" export echo "${i}"="${!i//\"/}"
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')" export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
@@ -80,7 +81,7 @@ if [[ -f "/config/donoteditthisfile.conf" ]]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi fi
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf" echo "Created .donoteditthisfile.conf"
fi fi
@@ -186,7 +187,8 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]] ||
[[ ! "${CERT_PROFILE}" = "${ORIGCERT_PROFILE}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90") REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
@@ -204,19 +206,7 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
fi fi
# saving new variables # saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else
certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server # if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
@@ -239,6 +229,21 @@ fi
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
# set certificate profile (e.g. "shortlived" for 6-day certs, "classic" for 90-day)
# Profiles are a Let's Encrypt ACME feature; ZeroSSL ignores it.
if [[ -n "${CERT_PROFILE}" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]]; then
echo "ZeroSSL does not support ACME profiles, ignoring CERT_PROFILE variable"
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
else
echo "Requesting certificate with profile: ${CERT_PROFILE}"
set_ini_value "preferred-profile" "${CERT_PROFILE}" /config/etc/letsencrypt/cli.ini
fi
else
# remove if previously set so going back to default works
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
fi
# figuring out domain only vs domain & subdomains vs subdomains only # figuring out domain only vs domain & subdomains vs subdomains only
DOMAINS_ARRAY=() DOMAINS_ARRAY=()
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+1 -1
View File
@@ -3,7 +3,7 @@
# Check if the cert is expired or expires within a day, if so, renew # Check if the cert is expired or expires within a day, if so, renew
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then
echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am)." echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts."
else else
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes." echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
/app/le-renew.sh /app/le-renew.sh