🍋 lego-dns-certbot-skcz

Dockerized wrapper around lego to request wildcard Let's Encrypt certificates via DNS challenge.

Supports:

• ✅ Websupport DNS
• ✅ Active24 DNS
• 🧪 Debug and dry-run modes
• 🌍 Timezone support
• 🔁 Automatic environment variable mapping

---

🚀 Usage

• 🛠️ Create a .env file like this

# DNS Provider to use: possible values are WEBSUPPORT or ACTIVE24
DNS_PROVIDER=ACTIVE24

# List of domains (comma-separated or space-separated)
DOMAINS=domain.com,*.domain.com

# Optional: if not set, defaults to hostmaster@{DOMAIN_BASE}
#EMAIL=hostmaster@domain.com

# Timezone used inside the container
TZ=Europe/Bratislava

# --- Provider credentials (will be mapped based on DNS_PROVIDER) ---
# Required: API key (a.k.a. identifikator) and secret
DNS_PROVIDER_API_KEY=your_key
DNS_PROVIDER_SECRET=your_secret

# Optional: DNS propagation settings
DNS_PROVIDER_HTTP_TIMEOUT=5
DNS_PROVIDER_POLLING_INTERVAL=5
DNS_PROVIDER_PROPAGATION_TIMEOUT=600
DNS_PROVIDER_TTL=600

# --- Testing/Debug options ---
# DEBUG=1 will open an interactive shell instead of running lego
DEBUG=0

# DRY_RUN=1 will only print the lego command, without executing it
DRY_RUN=1

• Run command

docker build -t lego-dns-certbot-skcz .

• Run command

docker run --rm \
  --env-file .env \
  --dns=8.8.8.8 \
  --user "$(id -u):$(id -g)" \
  -v "$(pwd)/certs:/certs" \
  lego-dns-certbot-skcz

🔐 Output

All certificate files (.crt, .key, fullchain, etc.) are saved to /certs inside the container. Mount it to your host like this: -v "$(pwd)/certs:/certs"

📁 Structure

lego-dns-certbot/
├── certs/ # Mounted volume for certs (host or container)
│ ├── .gitkeep
│ └── domain.com/ # Certificates and account data per base domain
│  ├── accounts/ # ACME account data (private keys, registration)
│  │ └── acme-v02.api.letsencrypt.org/
│  └── certificates/ # Issued certificates and keys
│   ├── domain.com.crt
│   ├── domain.com.key
│   ├── *.domain.com.crt
│   └── *.domain.com.key
├── Dockerfile # Builds the container with lego + entrypoint
├── entrypoint.sh # Smart wrapper script for LEGO
├── CADDY.md # Integration guide for Caddy
├── README.md # General usage, setup, and configuration
├── LICENSE # MIT license
├── .dockerignore
├── .gitattributes
├── .gitignore

🧪 Development

To explore or debug inside the container:

docker run --rm -it \
  --env-file .env \
  -e DEBUG=1 \
  --dns=8.8.8.8 \
  --user "$(id -u):$(id -g)" \
  -v "$(pwd)/certs:/certs" \
  lego-dns-certbot-skcz

Then manually run:

lego --dns active24 --email your@email.com --domains yourdomain.com --path /certs --accept-tos run

Integration with Caddy

See CADDY.md.

🤝 License

MIT — use it, share it, automate your certs.