4ec24ec344
* Add support for obtain ECDSA keys * Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
33 lines
1.2 KiB
Django/Jinja
33 lines
1.2 KiB
Django/Jinja
#jinja2: lstrip_blocks: "True"
|
|
#!/bin/bash
|
|
|
|
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
|
|
# need to forward requests for `/.well-known/acme-challenge` to the certbot container.
|
|
#
|
|
# This can happen inside the container network by proxying to `http://matrix-certbot:8080`
|
|
# or outside (on the host) by proxying to `http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`.
|
|
|
|
docker run \
|
|
--rm \
|
|
--name=matrix-certbot \
|
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
--cap-drop=ALL \
|
|
--network="{{ matrix_docker_network }}" \
|
|
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
|
|
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \
|
|
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \
|
|
{{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
|
|
renew \
|
|
--non-interactive \
|
|
--work-dir=/tmp \
|
|
--http-01-port 8080 \
|
|
{% if matrix_ssl_lets_encrypt_staging %}
|
|
--staging \
|
|
{% endif %}
|
|
--key-type {{ matrix_ssl_lets_encrypt_key_type }} \
|
|
--standalone \
|
|
--preferred-challenges http \
|
|
--agree-tos \
|
|
--email={{ matrix_ssl_lets_encrypt_support_email }} \
|
|
--no-random-sleep-on-renew
|