Compare commits

..

24 Commits

Author SHA1 Message Date
LinuxServer-CI 2c22ce9573 Bot Updating Package Versions 2026-07-15 18:14:31 +00:00
Eric Nemchik 0a34712336 Merge pull request #594 from jonathanmajh/patch-1
Update tinyauth-location.conf.sample for Forward Auth
2026-07-11 21:48:18 -05:00
Eric Nemchik 4e7e4f7fee Merge branch 'master' into patch-1 2026-07-11 21:07:22 -05:00
Jonathan Ma e39c6487f7 Update root/defaults/nginx/tinyauth-location.conf.sample
Co-authored-by: Eric Nemchik <eric@nemchik.com>
2026-07-11 12:58:10 -04:00
LinuxServer-CI 493982d27e Bot Updating Templated Files 2026-07-10 22:15:07 +00:00
LinuxServer-CI 1e2b94980c Bot Updating Templated Files 2026-07-10 22:13:20 +00:00
Eric Nemchik b3185a5eff Merge pull request #607 from Sausageroll2077/master
Add CERT_PROFILE support and improve ARI renewal scheduling
2026-07-10 17:11:32 -05:00
Sausageroll2077 e857f808b0 Add CERT_PROFILE support and simplify renewal scheduling
Add CERT_PROFILE env var for Let's Encrypt cert profiles. Run certbot
twice daily via a cron entry with a random delay instead of the previous
sed-based cron randomization. Update changelog.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-11 00:09:29 +02:00
LinuxServer-CI 62d5e73cbb Bot Updating Package Versions 2026-07-10 21:57:02 +00:00
LinuxServer-CI 83ab984b17 Bot Updating Templated Files 2026-07-10 21:52:10 +00:00
Eric Nemchik 1a8290dec1 Merge pull request #618 from Sausageroll2077/add-dnsplugin-mijn-host
Add support for mijn.host DNS plugin
2026-07-10 16:50:25 -05:00
Sausageroll2077 057bbb5930 Merge branch 'master' into add-dnsplugin-mijn-host 2026-07-08 19:20:20 +02:00
LinuxServer-CI d6c053dd22 Bot Updating Package Versions 2026-07-04 06:25:57 +00:00
Sausageroll2077 883a216247 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-29 17:53:31 +02:00
LinuxServer-CI a57ebf0399 Bot Updating Package Versions 2026-06-27 06:34:42 +00:00
Sausageroll2077 37b074c528 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-26 15:52:01 +02:00
LinuxServer-CI d86d2dbb59 Bot Updating Package Versions 2026-06-25 20:47:23 +00:00
Sausageroll2077 25258a2f90 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-21 07:17:39 +02:00
LinuxServer-CI 88b7c77e02 Bot Updating Package Versions 2026-06-20 07:05:54 +00:00
Sausageroll2077 2cea93f9b1 Add support for mijn.host DNS plugin
Adds certbot-dns-mijn-host as a DNSPLUGIN option (mijn-host), including
the plugin in both Dockerfiles, a credentials template under
dns-conf, and the DNSPLUGIN list in readme-vars.yml.

Closes #606

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 20:21:49 +02:00
LinuxServer-CI a9d1f7f0ee Bot Updating Package Versions 2026-06-13 07:04:48 +00:00
LinuxServer-CI d3fe405b46 Bot Updating Package Versions 2026-06-06 06:35:32 +00:00
Jonathan Ma 6b1745980a Merge branch 'master' into patch-1 2026-04-23 08:56:57 -04:00
Jonathan Ma 3ffa4aaa77 Update tinyauth-location.conf.sample for Forward Auth
Updated version information and added headers for Forward Auth in the tinyauth NGINX configuration.
2025-12-17 15:28:03 -05:00
10 changed files with 150 additions and 98 deletions
+1
View File
@@ -121,6 +121,7 @@ RUN \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
+1
View File
@@ -121,6 +121,7 @@ RUN \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
+7 -2
View File
@@ -68,7 +68,7 @@ The architectures supported by this image are:
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -190,6 +190,7 @@ services:
- VALIDATION=http - VALIDATION=http
- SUBDOMAINS=www, #optional - SUBDOMAINS=www, #optional
- CERTPROVIDER= #optional - CERTPROVIDER= #optional
- CERT_PROFILE= #optional
- DNSPLUGIN=cloudflare #optional - DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional - PROPAGATION= #optional
- EMAIL= #optional - EMAIL= #optional
@@ -221,6 +222,7 @@ docker run -d \
-e VALIDATION=http \ -e VALIDATION=http \
-e SUBDOMAINS=www, `#optional` \ -e SUBDOMAINS=www, `#optional` \
-e CERTPROVIDER= `#optional` \ -e CERTPROVIDER= `#optional` \
-e CERT_PROFILE= `#optional` \
-e DNSPLUGIN=cloudflare `#optional` \ -e DNSPLUGIN=cloudflare `#optional` \
-e PROPAGATION= `#optional` \ -e PROPAGATION= `#optional` \
-e EMAIL= `#optional` \ -e EMAIL= `#optional` \
@@ -254,7 +256,8 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e CERT_PROFILE=` | Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -433,6 +436,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **10.07.26:** - Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay.
* **19.06.26:** - Add support for mijn.host dns validation.
* **01.06.26:** - Remove obsolete old cert check logic. * **01.06.26:** - Remove obsolete old cert check logic.
* **23.01.26:** - Reorder init to fix proxy conf version checks. * **23.01.26:** - Reorder init to fix proxy conf version checks.
* **21.12.25:** - Add support for hetzner-cloud dns validation. * **21.12.25:** - Add support for hetzner-cloud dns validation.
+95 -87
View File
@@ -1,16 +1,16 @@
NAME VERSION TYPE NAME VERSION TYPE
Simple Launcher 1.1.0.14 binary (+5 duplicates) Simple Launcher 1.1.0.14 binary (+5 duplicates)
acl-libs 2.3.2-r1 apk acl-libs 2.3.2-r1 apk
acme 5.6.0 python acme 5.7.0 python
alpine-baselayout 3.7.0-r0 apk alpine-baselayout 3.7.0-r0 apk
alpine-baselayout-data 3.7.0-r0 apk alpine-baselayout-data 3.7.0-r0 apk
alpine-keys 2.5-r0 apk alpine-keys 2.5-r0 apk
alpine-release 3.22.4-r0 apk alpine-release 3.22.5-r0 apk
annotated-types 0.7.0 python annotated-types 0.7.0 python
anyio 4.13.0 python anyio 4.14.2 python
aom-libs 3.12.1-r0 apk aom-libs 3.12.1-r0 apk
apache2-utils 2.4.67-r0 apk apache2-utils 2.4.68-r0 apk
apk-tools 2.14.9-r3 apk apk-tools 2.14.10-r0 apk
apr 1.7.5-r0 apk apr 1.7.5-r0 apk
apr-util 1.6.3-r1 apk apr-util 1.6.3-r1 apk
argon2-libs 20190702-r5 apk argon2-libs 20190702-r5 apk
@@ -22,30 +22,30 @@ azure-mgmt-core 1.6.0 python
azure-mgmt-dns 9.0.0 python azure-mgmt-dns 9.0.0 python
backports-tarfile 1.2.0 python backports-tarfile 1.2.0 python
bash 5.2.37-r0 apk bash 5.2.37-r0 apk
beautifulsoup4 4.14.3 python beautifulsoup4 4.15.0 python
boto3 1.43.18 python boto3 1.43.48 python
botocore 1.43.18 python botocore 1.43.48 python
brotli-libs 1.1.0-r2 apk brotli-libs 1.1.0-r2 apk
bs4 0.0.2 python bs4 0.0.2 python
busybox 1.37.0-r20 apk busybox 1.37.0-r20 apk
busybox-binsh 1.37.0-r20 apk busybox-binsh 1.37.0-r20 apk
c-ares 1.34.6-r0 apk c-ares 1.34.6-r0 apk
c-client 2007f-r15 apk c-client 2007f-r15 apk
ca-certificates 20260413-r0 apk ca-certificates 20260611-r0 apk
ca-certificates-bundle 20260413-r0 apk ca-certificates-bundle 20260611-r0 apk
catatonit 0.2.1-r0 apk catatonit 0.2.1-r0 apk
certbot 5.6.0 python certbot 5.7.0 python
certbot-dns-acmedns 0.1.0 python certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 1.5.0 python certbot-dns-azure 1.5.0 python
certbot-dns-bunny 3.0.0 python certbot-dns-bunny 3.0.0 python
certbot-dns-cloudflare 5.6.0 python certbot-dns-cloudflare 5.7.0 python
certbot-dns-cpanel 0.4.0 python certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.3.2 python certbot-dns-desec 1.3.2 python
certbot-dns-digitalocean 5.6.0 python certbot-dns-digitalocean 5.7.0 python
certbot-dns-directadmin 1.0.15 python certbot-dns-directadmin 1.0.15 python
certbot-dns-dnsimple 5.6.0 python certbot-dns-dnsimple 5.7.0 python
certbot-dns-dnsmadeeasy 5.6.0 python certbot-dns-dnsmadeeasy 5.7.0 python
certbot-dns-dnspod 0.1.0 python certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python certbot-dns-domeneshop 0.2.9 python
@@ -53,48 +53,49 @@ certbot-dns-dreamhost 1.0 python
certbot-dns-duckdns 1.8.0 python certbot-dns-duckdns 1.8.0 python
certbot-dns-dynudns 0.0.6 python certbot-dns-dynudns 0.0.6 python
certbot-dns-freedns 0.2.0 python certbot-dns-freedns 0.2.0 python
certbot-dns-gehirn 5.6.0 python certbot-dns-gehirn 5.7.0 python
certbot-dns-glesys 2.1.0 python certbot-dns-glesys 2.1.0 python
certbot-dns-godaddy 2.8.0 python certbot-dns-godaddy 2.8.0 python
certbot-dns-google 5.6.0 python certbot-dns-google 5.7.0 python
certbot-dns-he 1.0.0 python certbot-dns-he 1.0.0 python
certbot-dns-hetzner 4.0.0 python certbot-dns-hetzner 4.0.0 python
certbot-dns-hetzner-cloud 1.0.5 python certbot-dns-hetzner-cloud 1.0.5 python
certbot-dns-infomaniak 0.2.4 python certbot-dns-infomaniak 0.2.4 python
certbot-dns-inwx 3.0.3 python certbot-dns-inwx 3.0.3 python
certbot-dns-ionos 2024.11.9 python certbot-dns-ionos 2024.11.9 python
certbot-dns-linode 5.6.0 python certbot-dns-linode 5.7.0 python
certbot-dns-loopia 1.0.1 python certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 5.6.0 python certbot-dns-luadns 5.7.0 python
certbot-dns-mijn-host 0.0.9 python
certbot-dns-namecheap 1.0.0 python certbot-dns-namecheap 1.0.0 python
certbot-dns-netcup 2.0.3 python certbot-dns-netcup 2.0.3 python
certbot-dns-njalla 2.0.2 python certbot-dns-njalla 2.0.2 python
certbot-dns-nsone 5.6.0 python certbot-dns-nsone 5.7.0 python
certbot-dns-ovh 5.6.0 python certbot-dns-ovh 5.7.0 python
certbot-dns-porkbun 0.11.0 python certbot-dns-porkbun 0.11.0 python
certbot-dns-rfc2136 5.6.0 python certbot-dns-rfc2136 5.7.0 python
certbot-dns-route53 5.6.0 python certbot-dns-route53 5.7.0 python
certbot-dns-sakuracloud 5.6.0 python certbot-dns-sakuracloud 5.7.0 python
certbot-dns-standalone 1.2.1 python certbot-dns-standalone 1.2.1 python
certbot-dns-transip 0.5.2 python certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.1.0 python certbot-dns-vultr 1.1.0 python
certbot-plugin-gandi 1.5.0 python certbot-plugin-gandi 1.5.0 python
certifi 2026.5.20 python certifi 2024.8.30 python
cffi 2.0.0 python cffi 1.17.0 python
charset-normalizer 3.4.7 python charset-normalizer 3.3.2 python
cli UNKNOWN binary cli UNKNOWN binary
cli-32 UNKNOWN binary cli-32 UNKNOWN binary
cli-64 UNKNOWN binary cli-64 UNKNOWN binary
cli-arm64 UNKNOWN binary cli-arm64 UNKNOWN binary
cloudflare 5.2.0 python cloudflare 5.5.0 python
composer 2.10.0 binary composer 2.10.2 binary
configargparse 1.7.5 python configargparse 1.7 python
configobj 5.0.9 python configobj 5.0.8 python
coreutils 9.7-r1 apk coreutils 9.7-r1 apk
coreutils-env 9.7-r1 apk coreutils-env 9.7-r1 apk
coreutils-fmt 9.7-r1 apk coreutils-fmt 9.7-r1 apk
coreutils-sha512sum 9.7-r1 apk coreutils-sha512sum 9.7-r1 apk
cryptography 48.0.0 python cryptography 46.0.0 python
curl 8.14.1-r2 apk curl 8.14.1-r2 apk
distro 1.9.0 python distro 1.9.0 python
dns-lexicon 3.25.2 python dns-lexicon 3.25.2 python
@@ -104,7 +105,7 @@ domeneshop 0.4.4 python
fail2ban 1.1.0 python fail2ban 1.1.0 python
fail2ban 1.1.0-r3 apk fail2ban 1.1.0-r3 apk
fail2ban-pyc 1.1.0-r3 apk fail2ban-pyc 1.1.0-r3 apk
filelock 3.29.0 python filelock 3.29.7 python
findutils 4.10.0-r0 apk findutils 4.10.0-r0 apk
fontconfig 2.15.0-r3 apk fontconfig 2.15.0-r3 apk
freetype 2.13.3-r0 apk freetype 2.13.3-r0 apk
@@ -122,8 +123,8 @@ gnupg-utils 2.4.9-r0 apk
gnupg-wks-client 2.4.9-r0 apk gnupg-wks-client 2.4.9-r0 apk
gnutls 3.8.13-r0 apk gnutls 3.8.13-r0 apk
google-api-core 2.30.3 python google-api-core 2.30.3 python
google-api-python-client 2.197.0 python google-api-python-client 2.198.0 python
google-auth 2.53.0 python google-auth 2.56.0 python
google-auth-httplib2 0.4.0 python google-auth-httplib2 0.4.0 python
googleapis-common-protos 1.75.0 python googleapis-common-protos 1.75.0 python
gpg 2.4.9-r0 apk gpg 2.4.9-r0 apk
@@ -136,40 +137,42 @@ gui-32 UNKNOWN binary
gui-64 UNKNOWN binary gui-64 UNKNOWN binary
gui-arm64 UNKNOWN binary gui-arm64 UNKNOWN binary
h11 0.16.0 python h11 0.16.0 python
hcloud 2.20.0 python hcloud 2.22.0 python
httpcore 1.0.9 python httpcore 1.0.9 python
httplib2 0.31.2 python httplib2 0.32.0 python
httpx 0.28.1 python httpx 0.28.1 python
icu-data-en 76.1-r1 apk icu-data-en 76.1-r1 apk
icu-libs 76.1-r1 apk icu-libs 76.1-r1 apk
idna 3.17 python idna 3.8 python
importlib-metadata 8.7.1 python importlib-metadata 8.0.0 python
importlib-resources 6.4.0 python
inflect 7.3.1 python
inotify-tools 4.23.9.0-r0 apk inotify-tools 4.23.9.0-r0 apk
inotify-tools-libs 4.23.9.0-r0 apk inotify-tools-libs 4.23.9.0-r0 apk
inwx-domrobot 3.2.0 python inwx-domrobot 3.2.0 python
iptables 1.8.11-r1 apk iptables 1.8.11-r1 apk
iptables-legacy 1.8.11-r1 apk iptables-legacy 1.8.11-r1 apk
isodate 0.7.2 python isodate 0.7.2 python
jaraco-context 6.1.0 python jaraco-context 5.3.0 python
jaraco-functools 4.4.0 python jaraco-functools 4.0.1 python
jaraco-text 4.0.0 python jaraco-text 3.12.1 python
jinja2 3.1.6 python jinja2 3.1.6 python
jmespath 1.1.0 python jmespath 1.1.0 python
josepy 2.2.0 python josepy 2.2.0 python
jq 1.8.1-r0 apk jq 1.8.1-r0 apk
jsonpickle 4.1.2 python jsonpickle 4.1.2 python
libapk2 2.14.9-r3 apk libapk2 2.14.10-r0 apk
libassuan 2.5.7-r0 apk libassuan 2.5.7-r0 apk
libattr 2.5.2-r2 apk libattr 2.5.2-r2 apk
libavif 1.3.0-r0 apk libavif 1.3.0-r0 apk
libbsd 0.12.2-r0 apk libbsd 0.12.2-r0 apk
libbz2 1.0.8-r6 apk libbz2 1.0.8-r6 apk
libcrypto3 3.5.6-r0 apk libcrypto3 3.5.7-r0 apk
libcurl 8.14.1-r2 apk libcurl 8.14.1-r2 apk
libdav1d 1.5.1-r0 apk libdav1d 1.5.1-r0 apk
libedit 20250104.3.1-r1 apk libedit 20250104.3.1-r1 apk
libevent 2.1.12-r8 apk libevent 2.1.13-r0 apk
libexpat 2.7.5-r0 apk libexpat 2.8.2-r0 apk
libffi 3.4.8-r0 apk libffi 3.4.8-r0 apk
libgcc 14.2.0-r6 apk libgcc 14.2.0-r6 apk
libgcrypt 1.10.3-r1 apk libgcrypt 1.10.3-r1 apk
@@ -199,7 +202,7 @@ libseccomp 2.6.0-r0 apk
libsharpyuv 1.5.0-r0 apk libsharpyuv 1.5.0-r0 apk
libsm 1.2.5-r0 apk libsm 1.2.5-r0 apk
libsodium 1.0.20-r1 apk libsodium 1.0.20-r1 apk
libssl3 3.5.6-r0 apk libssl3 3.5.7-r0 apk
libstdc++ 14.2.0-r6 apk libstdc++ 14.2.0-r6 apk
libtasn1 4.21.0-r0 apk libtasn1 4.21.0-r0 apk
libunistring 1.3-r0 apk libunistring 1.3-r0 apk
@@ -225,41 +228,42 @@ lz4-libs 1.10.0-r0 apk
markupsafe 3.0.3 python markupsafe 3.0.3 python
memcached 1.6.32-r0 apk memcached 1.6.32-r0 apk
mock 5.2.0 python mock 5.2.0 python
more-itertools 10.8.0 python more-itertools 10.3.0 python
mpdecimal 4.0.1-r0 apk mpdecimal 4.0.1-r0 apk
msal 1.37.0 python msal 1.37.0 python
msal-extensions 1.3.1 python msal-extensions 1.3.1 python
musl 1.2.5-r12 apk musl 1.2.5-r12 apk
musl-utils 1.2.5-r12 apk musl-utils 1.2.5-r12 apk
my-test-package 1.0 python
nano 8.4-r0 apk nano 8.4-r0 apk
ncurses-terminfo-base 6.5_p20250503-r0 apk ncurses-terminfo-base 6.5_p20250503-r0 apk
netcat-openbsd 1.229.1-r0 apk netcat-openbsd 1.229.1-r0 apk
nettle 3.10.2-r0 apk nettle 3.10.2-r0 apk
nghttp2-libs 1.69.0-r0 apk nghttp2-libs 1.69.0-r0 apk
nginx 1.28.3-r2 apk nginx 1.28.3-r4 apk
nginx-mod-devel-kit 1.28.3-r2 apk nginx-mod-devel-kit 1.28.3-r4 apk
nginx-mod-http-brotli 1.28.3-r2 apk nginx-mod-http-brotli 1.28.3-r4 apk
nginx-mod-http-dav-ext 1.28.3-r2 apk nginx-mod-http-dav-ext 1.28.3-r4 apk
nginx-mod-http-echo 1.28.3-r2 apk nginx-mod-http-echo 1.28.3-r4 apk
nginx-mod-http-fancyindex 1.28.3-r2 apk nginx-mod-http-fancyindex 1.28.3-r4 apk
nginx-mod-http-geoip2 1.28.3-r2 apk nginx-mod-http-geoip2 1.28.3-r4 apk
nginx-mod-http-headers-more 1.28.3-r2 apk nginx-mod-http-headers-more 1.28.3-r4 apk
nginx-mod-http-image-filter 1.28.3-r2 apk nginx-mod-http-image-filter 1.28.3-r4 apk
nginx-mod-http-perl 1.28.3-r2 apk nginx-mod-http-perl 1.28.3-r4 apk
nginx-mod-http-redis2 1.28.3-r2 apk nginx-mod-http-redis2 1.28.3-r4 apk
nginx-mod-http-set-misc 1.28.3-r2 apk nginx-mod-http-set-misc 1.28.3-r4 apk
nginx-mod-http-upload-progress 1.28.3-r2 apk nginx-mod-http-upload-progress 1.28.3-r4 apk
nginx-mod-http-xslt-filter 1.28.3-r2 apk nginx-mod-http-xslt-filter 1.28.3-r4 apk
nginx-mod-mail 1.28.3-r2 apk nginx-mod-mail 1.28.3-r4 apk
nginx-mod-rtmp 1.28.3-r2 apk nginx-mod-rtmp 1.28.3-r4 apk
nginx-mod-stream 1.28.3-r2 apk nginx-mod-stream 1.28.3-r4 apk
nginx-mod-stream-geoip2 1.28.3-r2 apk nginx-mod-stream-geoip2 1.28.3-r4 apk
nginx-vim 1.28.3-r2 apk nginx-vim 1.28.3-r4 apk
npth 1.8-r0 apk npth 1.8-r0 apk
oniguruma 6.9.10-r0 apk oniguruma 6.9.10-r0 apk
openssl 3.5.6-r0 apk openssl 3.5.7-r0 apk
p11-kit 0.25.5-r2 apk p11-kit 0.26.2-r0 apk
packaging 26.0 python packaging 24.1 python
packaging 26.2 python packaging 26.2 python
parsedatetime 2.6 python parsedatetime 2.6 python
pcre2 10.46-r0 apk pcre2 10.46-r0 apk
@@ -317,41 +321,43 @@ php84-zip 8.4.16-r0 apk
pinentry 1.3.1-r0 apk pinentry 1.3.1-r0 apk
pip 26.1.2 python pip 26.1.2 python
pkb-client 2.3.1 python pkb-client 2.3.1 python
platformdirs 4.4.0 python platformdirs 4.2.2 python
popt 1.19-r4 apk popt 1.19-r4 apk
procps-ng 4.0.4-r3 apk procps-ng 4.0.4-r3 apk
proto-plus 1.28.0 python proto-plus 1.28.1 python
protobuf 7.35.0 python protobuf 7.35.1 python
pyacmedns 0.4 python pyacmedns 0.4 python
pyasn1 0.6.3 python pyasn1 0.6.4 python
pyasn1-modules 0.4.2 python pyasn1-modules 0.4.2 python
pyc 3.12.13-r0 apk pyc 3.12.13-r0 apk
pycparser 3.0 python pycparser 2.22 python
pydantic 2.13.4 python pydantic 2.13.4 python
pydantic-core 2.46.4 python pydantic-core 2.46.4 python
pyjwt 2.13.0 python pyjwt 2.13.0 python
pynamecheap 0.0.3 python pynamecheap 0.0.3 python
pyopenssl 26.2.0 python pyopenssl 26.2.0 python
pyotp 2.9.0 python pyotp 2.10.0 python
pyparsing 3.3.2 python pyparsing 3.3.2 python
pyrfc3339 2.1.0 python pyrfc3339 1.1 python
python-dateutil 2.9.0.post0 python python-dateutil 2.9.0.post0 python
python-digitalocean 1.17.0 python python-digitalocean 1.17.0 python
python-transip 0.6.0 python python-transip 0.6.0 python
python3 3.12.13-r0 apk python3 3.12.13-r0 apk
python3-pyc 3.12.13-r0 apk python3-pyc 3.12.13-r0 apk
python3-pycache-pyc0 3.12.13-r0 apk python3-pycache-pyc0 3.12.13-r0 apk
pytz 2024.1 python
pyyaml 6.0.3 python pyyaml 6.0.3 python
readline 8.2.13-r1 apk readline 8.2.13-r1 apk
requests 2.34.2 python requests 2.32.3 python
requests-file 3.0.1 python requests-file 3.0.1 python
requests-mock 1.12.1 python requests-mock 1.12.1 python
requests-unixsocket 0.4.1 python requests-unixsocket 0.4.1 python
s3transfer 0.18.0 python ruff 0.6.3 python
s3transfer 0.19.1 python
scanelf 1.3.8-r1 apk scanelf 1.3.8-r1 apk
setuptools 82.0.1 python setuptools 74.0.0 python
shadow 4.17.3-r0 apk shadow 4.17.3-r0 apk
six 1.17.0 python six 1.16.0 python
skalibs-libs 2.14.4.0-r0 apk skalibs-libs 2.14.4.0-r0 apk
sniffio 1.3.1 python sniffio 1.3.1 python
soupsieve 2.8.4 python soupsieve 2.8.4 python
@@ -359,19 +365,21 @@ sqlite-libs 3.49.2-r1 apk
ssl_client 1.37.0-r20 apk ssl_client 1.37.0-r20 apk
tiff 4.7.1-r0 apk tiff 4.7.1-r0 apk
tldextract 5.3.1 python tldextract 5.3.1 python
tomli 2.4.0 python tomli 2.0.1 python
typing-extensions 4.15.0 python typeguard 4.3.0 python
typing-extensions 4.12.2 python
typing-extensions 4.16.0 python
typing-inspection 0.4.2 python typing-inspection 0.4.2 python
tzdata 2026b-r0 apk tzdata 2026b-r0 apk
unixodbc 2.3.12-r0 apk unixodbc 2.3.12-r0 apk
uritemplate 4.2.0 python uritemplate 4.2.0 python
urllib3 2.7.0 python urllib3 2.2.2 python
utmps-libs 0.1.3.1-r0 apk utmps-libs 0.1.3.1-r0 apk
wheel 0.46.3 python wheel 0.43.0 python
wheel 0.47.0 python wheel 0.44.0 python
whois 5.6.3-r0 apk whois 5.6.3-r0 apk
xz-libs 5.8.3-r0 apk xz-libs 5.8.3-r0 apk
zipp 3.23.0 python zipp 3.19.2 python
zlib 1.3.2-r0 apk zlib 1.3.2-r0 apk
zope-interface 8.5 python zope-interface 8.5 python
zstd-libs 1.5.7-r0 apk zstd-libs 1.5.7-r0 apk
+5 -2
View File
@@ -32,7 +32,8 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"} - {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."} - {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."} - {env_var: "CERT_PROFILE", env_value: "", desc: "Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ "}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."} - {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."} - {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
- {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"} - {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"}
@@ -65,7 +66,7 @@ app_setup_block: |
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -219,6 +220,8 @@ init_diagram: |
"swag:latest" <- Base Images "swag:latest" <- Base Images
# changelog # changelog
changelogs: changelogs:
- {date: "10.07.26:", desc: "Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay."}
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."} - {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."} - {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
- {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."} - {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."}
+3
View File
@@ -0,0 +1,3 @@
# Instructions: https://github.com/mijnhost/certbot-dns-mijn-host
# Replace with your API key from your mijn.host account.
dns_mijn_host_api_key = yourapikeygoeshere
@@ -1,4 +1,4 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample ## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth # Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf # Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
@@ -7,3 +7,17 @@ auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login; error_page 401 = @tinyauth_login;
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;
## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;
## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager
+1 -1
View File
@@ -5,4 +5,4 @@
0 3 * * 6 run-parts /etc/periodic/weekly 0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly 0 5 1 * * run-parts /etc/periodic/monthly
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1 0 */12 * * * sleep $((60 + $RANDOM % 230)); /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
@@ -12,12 +12,13 @@ EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\ ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
VALIDATION=${VALIDATION}\\n\ VALIDATION=${VALIDATION}\\n\
CERTPROVIDER=${CERTPROVIDER}\\n\ CERTPROVIDER=${CERTPROVIDER}\\n\
CERT_PROFILE=${CERT_PROFILE}\\n\
DNSPLUGIN=${DNSPLUGIN}\\n\ DNSPLUGIN=${DNSPLUGIN}\\n\
EMAIL=${EMAIL}\\n\ EMAIL=${EMAIL}\\n\
STAGING=${STAGING}\\n" STAGING=${STAGING}\\n"
# Sanitize variables # Sanitize variables
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER) SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER CERT_PROFILE)
for i in "${SANED_VARS[@]}"; do for i in "${SANED_VARS[@]}"; do
export echo "${i}"="${!i//\"/}" export echo "${i}"="${!i//\"/}"
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')" export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
@@ -80,7 +81,7 @@ if [[ -f "/config/donoteditthisfile.conf" ]]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi fi
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf" echo "Created .donoteditthisfile.conf"
fi fi
@@ -186,7 +187,8 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]] ||
[[ ! "${CERT_PROFILE}" = "${ORIGCERT_PROFILE}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90") REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
@@ -204,7 +206,7 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
fi fi
# saving new variables # saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
# if zerossl is selected or staging is set to true, use the relevant server # if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
@@ -227,6 +229,21 @@ fi
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
# set certificate profile (e.g. "shortlived" for 6-day certs, "classic" for 90-day)
# Profiles are a Let's Encrypt ACME feature; ZeroSSL ignores it.
if [[ -n "${CERT_PROFILE}" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]]; then
echo "ZeroSSL does not support ACME profiles, ignoring CERT_PROFILE variable"
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
else
echo "Requesting certificate with profile: ${CERT_PROFILE}"
set_ini_value "preferred-profile" "${CERT_PROFILE}" /config/etc/letsencrypt/cli.ini
fi
else
# remove if previously set so going back to default works
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
fi
# figuring out domain only vs domain & subdomains vs subdomains only # figuring out domain only vs domain & subdomains vs subdomains only
DOMAINS_ARRAY=() DOMAINS_ARRAY=()
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+1 -1
View File
@@ -3,7 +3,7 @@
# Check if the cert is expired or expires within a day, if so, renew # Check if the cert is expired or expires within a day, if so, renew
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then
echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am)." echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts."
else else
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes." echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
/app/le-renew.sh /app/le-renew.sh