deSEC (https://desec.io/) DNS Authenticator for Certbot on Docker.
According to the used underlying architecture (here armv7) it is necessary to select the right image (certbot/certbot:arm32v6-*) beforehand, otherwise pip install certbot-dns-desec will fail (ErrorMessage: exec container process /bin/sh: Exec format error).
Change to directory where the Dockerfile is located and execute:
- docker build -t certbot:latest
- buildah bud -f Dockerfile -t certbot:latest (for Podman)
You can choose the tag (-t) on your own. The builded image is automatically added to your local docker/podman image repository.
Configure your Secret with deSec token as described under Request Certificate. The $DOMAIN.ini has to be saved under the volume path ( -v /path/to/etc/letsencrypt ). For the first run, the eMail Adress is also needed.
with Docker:
docker run -d --name certbot \
-v /path/to/etc/letsencrypt:/etc/letsencrypt \
-v /path/to/var/lib/letsencrypt:/var/lib/letsencrypt \
ghcr.io/cub0n/certbot-desec-docker:latest certonly --non-interactive --agree-tos --email $EMAIL \
--authenticator dns-desec \
--dns-desec-credentials /etc/letsencrypt/secrets/$DOMAIN.ini \
-d "$DOMAIN" \
-d "*.$DOMAIN"with Podman:
podman run -d --name certbot \
-v /path/to/etc/letsencrypt:/etc/letsencrypt:Z \
-v /path/to/var/lib/letsencrypt:/var/lib/letsencrypt:Z \
ghcr.io/cub0n/certbot-desec-docker:latest certonly --non-interactive --agree-tos --email $EMAIL \
--authenticator dns-desec \
--dns-desec-credentials /etc/letsencrypt/secrets/$DOMAIN.ini \
-d "$DOMAIN" \
-d "*.$DOMAIN"