Utilities for LetsEncrypt certificate creation with lego


lego_setup_dns(lego_path, lego_email, lego_domains, lego_dns_provider, [lego_run_hook], [lego_server])

Setup automatic LetsEncrypt certificate creation using the lego ACME client. For potential LetsEncrypt account creation lego_email is used as contact email address and created certificates will be written to lego_path. A certificate is issued for all domains provided via lego_domains (separated with blanks). Set lego_dns_provider to a lego compatible DNS provider(see for available options) and make sure to set the environment variables needed for the specific provider.

This command will also configure a systemd timer that checks for certificate renewal every night. Because of the implicit configuration of the DNS resolvers via environment variables the content of those variables will be written to /solidblocks/secrets/lego.env

If a fully qualified path to a lego_run_hook script is provided, this will be executed after certificate retrieval with the environment as described in lego run hook

It is possible to optionally override the LetsEncrypt server to use, using lego_server (for example to for testing purposes).


export HETZNER_API_KEY="${hetzner_dns_api_key}"

lego_setup_dns "/storage/data/ssl" "" "" "hetzner"