working acme dns setup

config/hugo/Dockerfile

@@ -21,10 +21,10 @@ RUN apk add --update git asciidoctor libc6-compat libstdc++ \
     && /usr/local/sbin/hugo -b ${BASE_URL}/ -s /src -d /public --minify
 
 RUN apk update && \
-  apk add --no-cache openssl && \
-  rm -rf /var/cache/apk/*
+    apk add --no-cache openssl && \
+    rm -rf /var/cache/apk/*
 
-RUN mkdir -p /etc/letsencrypt/live
+WORKDIR /etc/letsencrypt/live
 
 RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /etc/letsencrypt/live/ecprivkey.pem && \
-    openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem
+    openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem 

config/nginx/Dockerfile

@@ -0,0 +1,8 @@
+FROM python:3.6
+
+LABEL description="Certbot + nginxproxy soft-linker."
+LABEL maintainer="Lieuwe Leene <lieuwe@leene.dev>"
+
+COPY ./link_certificates.py /usr/bin/link_certificates.py
+
+RUN python /usr/bin/link_certificates.py /etc/letsencrypt/live

config/nginx/credentials.ini

@@ -0,0 +1 @@
+dns_google_domains_access_token = $GOOGLE_ACCESS_TOKEN

config/nginx/link_certificates.py

@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import shutil
+
+cert_dir = "/etc/letsencrypt/live"
+
+def main():
+    if not os.access(cert_dir, os.W_OK) or not os.path.isdir(cert_dir):
+        raise RuntimeError(f"Cannot access certificat directory: {cert_dir}.")
+    base_domain = sys.argv[1]
+    key_file = os.path.join(cert_dir, base_domain, "privkey.pem")
+    cert_file = os.path.join(cert_dir, base_domain, "fullchain.pem")
+    for domain in sys.argv[2:]:
+        print(f"linking {domain} in {base_domain}")
+        symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.key")
+        if os.path.isfile(symlink):
+            os.remove(symlink)
+        shutil.copy(key_file, symlink)
+        symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.crt")
+        if os.path.isfile(symlink):
+            os.remove(symlink)
+        shutil.copy(cert_file, symlink)
+
+
+
+if __name__ == "__main__":
+    sys.exit(main())
+
+# eof