matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
Alejo Diaz 4ec24ec344
Add support for obtain ECDSA keys (#1667)
* Add support for obtain ECDSA keys

* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
2022-03-03 18:15:39 +02:00

33 lines
1.2 KiB
Django/Jinja

#jinja2: lstrip_blocks: "True"
#!/bin/bash
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
# need to forward requests for `/.well-known/acme-challenge` to the certbot container.
#
# This can happen inside the container network by proxying to `http://matrix-certbot:8080`
# or outside (on the host) by proxying to `http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`.
docker run \
--rm \
--name=matrix-certbot \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network="{{ matrix_docker_network }}" \
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \
{{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
renew \
--non-interactive \
--work-dir=/tmp \
--http-01-port 8080 \
{% if matrix_ssl_lets_encrypt_staging %}
--staging \
{% endif %}
--key-type {{ matrix_ssl_lets_encrypt_key_type }} \
--standalone \
--preferred-challenges http \
--agree-tos \
--email={{ matrix_ssl_lets_encrypt_support_email }} \
--no-random-sleep-on-renew