|
|
| (3 versions intermédiaires par le même utilisateur non affichées) |
| Ligne 135 : |
Ligne 135 : |
|
| |
|
| == Debian 13 pour Certbot + plugin OVH avec Docker == | | == Debian 13 pour Certbot + plugin OVH avec Docker == |
| === 🔧 Solution A === | | === 🔧 Solution A (BEST)=== |
| -----
| | `certbot/dns-ovh:latest` |
| | |
| ==== 1️⃣ Créer le Dockerfile ====
| |
| | |
| Dans un dossier <code>~/certbot-docker</code> :
| |
| | |
| <syntaxhighlight lang="bash">mkdir -p ~/certbot-docker
| |
| cd ~/certbot-docker
| |
| nano Dockerfile</syntaxhighlight>
| |
| Contenu du Dockerfile:
| |
| | |
| <syntaxhighlight lang="dockerfile"># Dockerfile pour Certbot + plugin OVH
| |
| FROM certbot/certbot:v2.9.0
| |
| | |
| # Installer le plugin OVH
| |
| RUN pip install certbot-dns-ovh</syntaxhighlight>
| |
| | |
| -----
| |
| | |
| ==== 2️⃣ Créer le docker-compose.yml ====
| |
| | |
| Toujours dans <code>~/certbot-docker</code> :
| |
| | |
| <syntaxhighlight lang="yaml">version: "3.8"
| |
| services:
| |
| certbot:
| |
| build: .
| |
| container_name: certbot-ovh
| |
| volumes:
| |
| - "/etc/letsencrypt:/etc/letsencrypt"
| |
| - "/var/lib/letsencrypt:/var/lib/letsencrypt"
| |
| - "/etc/letsencrypt/.ovhsecrets:/secrets"
| |
| </syntaxhighlight>
| |
| | |
| -----
| |
|
| |
|
| ==== 3️⃣ Script Bash demande initiale `inital.sh` ====
| | *[https://github.com/marmits/certbot-docker-ovh PROJET GITHUB => DOCKER CERTBOT OVH]* |
|
| |
|
| <syntaxhighlight lang="bash">
| |
| docker compose run --rm certbot \
| |
| certonly \
| |
| --dns-ovh \
| |
| --dns-ovh-credentials /secrets/ovh.ini \
| |
| --non-interactive \
| |
| --agree-tos \
| |
| -d example.com -d '*.example.com'
| |
| </syntaxhighlight>
| |
| -----
| |
| <syntaxhighlight lang="bash">docker compose down</syntaxhighlight>
| |
|
| |
| ==== 4️⃣ Script Bash renew `renew.sh` ====
| |
|
| |
| <syntaxhighlight lang="bash">
| |
| #!/bin/bash
| |
| # Renew certificat Let's Encrypt via Docker + notification email
| |
|
| |
| LOGFILE="/var/log/certbot-renew-docker.log"
| |
| EMAIL="john@gmail.com"
| |
| FROM="cron letsencrypt <john@exemple.com>"
| |
|
| |
| # Nettoyage du log
| |
| echo "" > "$LOGFILE"
| |
|
| |
|
| |
| cd /home/debian/certbot-docker/
| |
| # Lancer le renouvellement via Docker Compose
| |
| docker compose run --rm certbot renew >> "$LOGFILE" 2>&1
| |
| RESULT=$?
| |
|
| |
| # Si renouvellement réussi
| |
| if [ $RESULT -eq 0 ]; then
| |
| # Recharger Apache sur l’hôte
| |
| systemctl reload apache2
| |
|
| |
| # Envoyer un mail de succès
| |
| mail -a "From: $FROM" -s "✅ CERTBOT Renew réussi (Docker) pour example.com" "$EMAIL" < "$LOGFILE"
| |
| else
| |
| # Envoyer un mail d’erreur
| |
| mail -a "From: $FROM" -s "❌ CERTBOT Renew ÉCHEC (Docker) pour example.com" "$EMAIL" < "$LOGFILE"
| |
| fi
| |
|
| |
| exit 0
| |
|
| |
| </syntaxhighlight>
| |
| -----
| |
| === 🔧 Solution B ===
| |
| -----
| |
| ==== 1️⃣ Créer le Dockerfile ====
| |
|
| |
| Dans un dossier <code>~/certbot-docker</code> :
| |
|
| |
| <syntaxhighlight lang="bash">mkdir -p ~/certbot-docker
| |
| cd ~/certbot-docker
| |
| nano Dockerfile</syntaxhighlight>
| |
| Contenu du Dockerfile:
| |
|
| |
| <syntaxhighlight lang="dockerfile"># Dockerfile pour Certbot + plugin OVH
| |
| FROM certbot/certbot:v2.9.0
| |
|
| |
| # Installer le plugin OVH
| |
| RUN pip install certbot-dns-ovh</syntaxhighlight>
| |
|
| |
| -----
| |
|
| |
| ==== 2️⃣ Créer le docker-compose.yml ====
| |
|
| |
| Toujours dans <code>~/certbot-docker</code> :
| |
|
| |
| <syntaxhighlight lang="yaml">version: "3.8"
| |
|
| |
| services:
| |
| certbot:
| |
| build: .
| |
| container_name: certbot-ovh
| |
| volumes:
| |
| - "/etc/letsencrypt:/etc/letsencrypt"
| |
| - "/var/lib/letsencrypt:/var/lib/letsencrypt"
| |
| - "/etc/letsencrypt/.ovhsecrets:/secrets"
| |
| entrypoint: >
| |
| certbot certonly
| |
| --dns-ovh
| |
| --dns-ovh-credentials /secrets/ovh.ini
| |
| --non-interactive
| |
| --agree-tos
| |
| -d example.com
| |
| -d '*.example.com'</syntaxhighlight>
| |
| <blockquote>Remplace <code>example.com</code> par ton domaine réel. Le volume <code>/secrets</code> pointe sur ton fichier OVH existant.
| |
| </blockquote>
| |
|
| |
| -----
| |
|
| |
| ==== 3️⃣ Construire l’image Docker ====
| |
|
| |
| <syntaxhighlight lang="bash">cd ~/certbot-docker
| |
| docker compose build</syntaxhighlight>
| |
| * Cela crée une image <code>certbot-ovh</code> avec le plugin OVH inclus.
| |
|
| |
|
| |
| -----
| |
|
| |
| ==== 4️⃣ Lancer la génération du certificat ====
| |
|
| |
| <syntaxhighlight lang="bash">docker compose up</syntaxhighlight>
| |
| * Les certificats seront dans <code>/etc/letsencrypt/live/example.com/</code>
| |
| * Une fois terminé :
| |
|
| |
| <syntaxhighlight lang="bash">docker compose down</syntaxhighlight>
| |
|
| |
| -----
| |
|
| |
| ==== 5️⃣ Renouvellement automatique ====
| |
|
| |
| Créer un script <code>renew.sh</code> à côté de <code>docker-compose.yml</code> :
| |
|
| |
| <syntaxhighlight lang="bash">#!/bin/bash
| |
| docker compose run --rm certbot renew --deploy-hook "systemctl reload mariadb"</syntaxhighlight>
| |
| * Rendre le script exécutable :
| |
|
| |
| <syntaxhighlight lang="bash">chmod +x renew.sh</syntaxhighlight>
| |
| * Ajouter un cron quotidien :
| |
|
| |
| <syntaxhighlight lang="bash">sudo crontab -e</syntaxhighlight>
| |
| <pre class="cron">0 3 * * * /home/debian/certbot-docker/renew.sh >> /var/log/certbot-renew.log 2>&1</pre>
| |
|
| |
| -----
| |
|
| |
| ✅ '''Avantages :'''
| |
|
| |
| * Plugin OVH fonctionne immédiatement
| |
| * Debian 13 reste intact → pas de pip system-wide ni Snap
| |
| * Certificats wildcard Let’s Encrypt générés et renouvelables automatiquement
| |
| * Compatible MariaDB, Nginx, Apache
| |
| -----
| |
|
| |
| === 🔧 Solution C (à tester) ===
| |
| ==== ✅ '''1. Script <code>initial.sh</code> – Création initiale du certificat''' ==== | | ==== ✅ '''1. Script <code>initial.sh</code> – Création initiale du certificat''' ==== |
|
| |
|
| Ligne 408 : |
Ligne 237 : |
| ===== 🐳 2. '''Contenu du <code>docker-compose.yml</code>''' ===== | | ===== 🐳 2. '''Contenu du <code>docker-compose.yml</code>''' ===== |
|
| |
|
| <syntaxhighlight lang="yaml">version: "3.8" | | <syntaxhighlight lang="yaml"> |
| | |
| services: | | services: |
| certbot: | | certbot: |
| image: certbot/dns-ovh:latest | | image: certbot/dns-ovh |
| container_name: certbot-ovh | | container_name: certbot-ovh |
| volumes: | | volumes: |
| - "/etc/letsencrypt:/etc/letsencrypt" | | - "/etc/letsencrypt:/etc/letsencrypt" |
| - "/var/lib/letsencrypt:/var/lib/letsencrypt" | | - "/var/lib/letsencrypt:/var/lib/letsencrypt" |
| - "./secrets:/secrets" | | - "/etc/letsencrypt/.ovhsecrets:/secrets" |
| entrypoint: ""</syntaxhighlight> | | restart: "no" |
| | </syntaxhighlight> |
|
| |
|
| ----- | | ----- |
| Ligne 437 : |
Ligne 266 : |
| ----- | | ----- |
|
| |
|
| | |
| | |
| | |
| | === 🔧 Solution B (Old) === |
| | ----- |
| | `certbot/certbot:v2.9.0` |
| | ==== 1️⃣ Créer le Dockerfile ==== |
| | |
| | Dans un dossier <code>~/certbot-docker</code> : |
| | |
| | <syntaxhighlight lang="bash">mkdir -p ~/certbot-docker |
| | cd ~/certbot-docker |
| | nano Dockerfile</syntaxhighlight> |
| | Contenu du Dockerfile: |
| | |
| | <syntaxhighlight lang="dockerfile"># Dockerfile pour Certbot + plugin OVH |
| | FROM certbot/certbot:v2.9.0 |
| | |
| | # Installer le plugin OVH |
| | RUN pip install certbot-dns-ovh</syntaxhighlight> |
| | |
| | ----- |
| | |
| | ==== 2️⃣ Créer le docker-compose.yml ==== |
| | |
| | Toujours dans <code>~/certbot-docker</code> : |
| | |
| | <syntaxhighlight lang="yaml">version: "3.8" |
| | services: |
| | certbot: |
| | build: . |
| | container_name: certbot-ovh |
| | volumes: |
| | - "/etc/letsencrypt:/etc/letsencrypt" |
| | - "/var/lib/letsencrypt:/var/lib/letsencrypt" |
| | - "/etc/letsencrypt/.ovhsecrets:/secrets" |
| | </syntaxhighlight> |
| | |
| | ----- |
| | |
| | ==== 3️⃣ Script Bash demande initiale `inital.sh` ==== |
| | |
| | <syntaxhighlight lang="bash"> |
| | docker compose run --rm certbot \ |
| | certonly \ |
| | --dns-ovh \ |
| | --dns-ovh-credentials /secrets/ovh.ini \ |
| | --non-interactive \ |
| | --agree-tos \ |
| | -d example.com -d '*.example.com' |
| | </syntaxhighlight> |
| | ----- |
| | <syntaxhighlight lang="bash">docker compose down</syntaxhighlight> |
| | |
| | ==== 4️⃣ Script Bash renew `renew.sh` ==== |
| | |
| | <syntaxhighlight lang="bash"> |
| | #!/bin/bash |
| | # Renew certificat Let's Encrypt via Docker + notification email |
| | |
| | LOGFILE="/var/log/certbot-renew-docker.log" |
| | EMAIL="john@gmail.com" |
| | FROM="cron letsencrypt <john@exemple.com>" |
| | |
| | # Nettoyage du log |
| | echo "" > "$LOGFILE" |
| | |
| | |
| | cd /home/debian/certbot-docker/ |
| | # Lancer le renouvellement via Docker Compose |
| | docker compose run --rm certbot renew >> "$LOGFILE" 2>&1 |
| | RESULT=$? |
| | |
| | # Si renouvellement réussi |
| | if [ $RESULT -eq 0 ]; then |
| | # Recharger Apache sur l’hôte |
| | systemctl reload apache2 |
| | |
| | # Envoyer un mail de succès |
| | mail -a "From: $FROM" -s "✅ CERTBOT Renew réussi (Docker) pour example.com" "$EMAIL" < "$LOGFILE" |
| | else |
| | # Envoyer un mail d’erreur |
| | mail -a "From: $FROM" -s "❌ CERTBOT Renew ÉCHEC (Docker) pour example.com" "$EMAIL" < "$LOGFILE" |
| | fi |
| | |
| | exit 0 |
| | |
| | </syntaxhighlight> |
| | |
| | ✅ '''Avantages :''' |
| | |
| | * Plugin OVH fonctionne immédiatement |
| | * Debian 13 reste intact → pas de pip system-wide ni Snap |
| | * Certificats wildcard Let’s Encrypt générés et renouvelables automatiquement |
| | * Compatible MariaDB, Nginx, Apache |
| | |
| | ----- |
| [[category:ovh]] [[category:Docker]] [[category:Debian]] | | [[category:ovh]] [[category:Docker]] [[category:Debian]] |
