Skip to content

Commit c0de80f

Browse files
buchdagbuchdag
committed
feat: global & per container acme.sh DNS API config
1 parent 1c9c0db commit c0de80f

File tree

2 files changed

+47
-15
lines changed

2 files changed

+47
-15
lines changed

app/letsencrypt_service

Lines changed: 37 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,9 @@ function update_cert {
172172

173173
# ACME challenge type
174174
local -n acme_challenge="ACME_${cid}_CHALLENGE"
175-
acme_challenge="${acme_challenge:-HTTP-01}"
175+
if [[ -z "${acme_challenge}" ]]; then
176+
acme_challenge="${ACME_CHALLENGE:-HTTP-01}"
177+
fi
176178

177179
if [[ "$acme_challenge" == "HTTP-01" ]]; then
178180
# HTTP-01 challenge
@@ -183,25 +185,45 @@ function update_cert {
183185
params_issue_arr+=(--webroot /usr/share/nginx/html)
184186
elif [[ "$acme_challenge" == "DNS-01" ]]; then
185187
# DNS-01 challenge
186-
local -n acmesh_dns_config="ACMESH_${cid}_DNS_API_CONFIG"
188+
local acmesh_dns_config_used='none'
189+
190+
local default_acmesh_dns_api="${DEFAULT_ACMESH_DNS_API_CONFIG[DNS_API]}"
191+
[[ -n "$default_acmesh_dns_api" ]] && acmesh_dns_config_used='default'
187192

193+
local -n acmesh_dns_config="ACMESH_${cid}_DNS_API_CONFIG"
188194
local acmesh_dns_api="${acmesh_dns_config[DNS_API]}"
189-
if [[ -z "$acmesh_dns_api" ]]; then
190-
echo "Error: missing acme.sh DNS API for DNS challenge"
191-
return 1
192-
fi
193-
params_issue_arr+=(--dns "$acmesh_dns_api")
195+
[[ -n "$acmesh_dns_api" ]] && acmesh_dns_config_used='container'
194196

195-
# Loop over defined variable for acme.sh DNS api config
196197
local -a dns_api_keys
197-
for key in "${!acmesh_dns_config[@]}"; do
198-
[[ "$key" == "DNS_API" ]] && continue
199-
dns_api_keys+=("$key")
200-
local value="${acmesh_dns_config[$key]}"
201-
local -x "$key"="$value"
202-
done
203198

204-
echo "Info: DNS challenge using $acmesh_dns_api DNS API with the following keys: ${dns_api_keys[*]}"
199+
case "$acmesh_dns_config_used" in
200+
'default')
201+
params_issue_arr+=(--dns "$default_acmesh_dns_api")
202+
# Loop over defined variable for default acme.sh DNS api config
203+
for key in "${!DEFAULT_ACMESH_DNS_API_CONFIG[@]}"; do
204+
[[ "$key" == "DNS_API" ]] && continue
205+
dns_api_keys+=("$key")
206+
local value="${DEFAULT_ACMESH_DNS_API_CONFIG[$key]}"
207+
local -x "$key"="$value"
208+
done
209+
;;
210+
'container')
211+
params_issue_arr+=(--dns "$acmesh_dns_api")
212+
# Loop over defined variable for per container acme.sh DNS api config
213+
for key in "${!acmesh_dns_config[@]}"; do
214+
[[ "$key" == "DNS_API" ]] && continue
215+
dns_api_keys+=("$key")
216+
local value="${acmesh_dns_config[$key]}"
217+
local -x "$key"="$value"
218+
done
219+
;;
220+
*)
221+
echo "Error: missing acme.sh DNS API for DNS challenge"
222+
return 1
223+
;;
224+
esac
225+
226+
echo "Info: DNS challenge using $acmesh_dns_api DNS API with the following keys: ${dns_api_keys[*]} (${acmesh_dns_config_used} config)"
205227
else
206228
echo "Error: unknown ACME challenge method: $acme_challenge"
207229
return 1

app/letsencrypt_service_data.tmpl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,15 @@
11
#!/bin/bash
22
# shellcheck disable=SC2034
3+
{{- $DEFAULT_ACMESH_DNS_API_CONFIG := fromYaml (coalesce $.Env.ACMESH_DNS_API_CONFIG "") }}
4+
{{- if $DEFAULT_ACMESH_DNS_API_CONFIG }}
5+
{{- "\n" }}declare -A DEFAULT_ACMESH_DNS_API_CONFIG=(
6+
{{- range $key, $value := $DEFAULT_ACMESH_DNS_API_CONFIG }}
7+
{{- "\n\t" }}['{{ $key }}']='{{ $value }}'
8+
{{- end }}
9+
{{- "\n" }})
10+
{{- end }}
11+
12+
313
LETSENCRYPT_CONTAINERS=(
414
{{ $orderedContainers := sortObjectsByKeysDesc $ "Created" }}
515
{{ range $_, $container := whereExist $orderedContainers "Env.LETSENCRYPT_HOST" }}

0 commit comments

Comments
 (0)