- Small syntax fixes recommended by shellcheck.
- PR by @ericstengard.
- Make it possible to override the
CERTBOT_PRODUCTION_URL
andCERTBOT_STAGING_URL
variables.- You can now point certbot to whichever ACME server you want.
- Recover and retry in case of failed
dhparam
creation.- PR by @staticfloat.
- Use latest version of Bash in the Alpine image again.
- The
wait
bug is fixed since Bash 5.1.10.
- The
- Small bugfix for the
dns-route53
authenticator. - Made so it is only bash that is installed from an older Alpine repository.
- PR by @dtcooper.
- Replace
sort -u
withawk '!a[$0]++'
to keep distinct order of the domain names.- PR by @dtcooper.
- Actually use ECDSA certificates by default.
- Eagerness to deploy latest version this update was forgotten.
- Add support for DNS-01 challenges.
- Check out the list of all currently supported authenticators.
- This also means it is now possible to request wildcard certificates!
- PR by @XaF.
- Make it possible to define which authenticator to use on a certificate basis.
- Like with ECDSA/RSA, you can
add the authenicator's name
in the
cert_name
to override the default. - PR by @XaF.
- Like with ECDSA/RSA, you can
add the authenicator's name
in the
- Make it possible to use same
cert_name
across multiple config files.- The scripts will remember all domain names associated with the cert name.
- This means you can now use as many config files as you want and have them all point to a single certificate.
- Add BATS.
- A lot unit tests for the Bash functions we use in the
util.sh
file. - Also add it as a GitHub action.
- A huge thank you to @XaF for providing the foundation for this.
- A lot unit tests for the Bash functions we use in the
- Add ability to override found
server_name
.- By adding a comment on the
server_name
line the script will now use that instead. - This enables you to easily group domains under a common wildcard certificate (example config).
- By adding a comment on the
- Any server name beginning with '
~
' will be ignored.- This character means that the server name is a regex, and we cannot use it when requesting certificates.
- Use ECDSA certificates by default.
- You now have to explicitly set
USE_ECDSA=0
to disable this.
- You now have to explicitly set
- We aren't actually introducing any breaking changes, but such a large change deserves a major release.
- Update documentation.
- Update examples.
- Fix missing quotes around variable.
- PR by @LucianDavies.
- Changed package mirror used by Alpine images. More info in issue #70.
- Added more documentation.
- Updated the
docker-compose
examples a bit.
- Create a script that can sign certificates with the help of a
local certificate authortiy.
- It is now possible to work completely offline.
- We can now create certificates for
localhost
.
- Restructure and add a lot of documentation.
openssl
is now a symlink tolibressl
in the Alpine images.- This is done to simplify the rest of the scripts since the arguments are the same.
- Add support for ECDSA certificates.
- It is possible to have Nginx serve both ECDSA and RSA certificates at the same time for the same server. Read more in its good to know section.
- Made so that the the "primary domain"/"cert name" can be
whatever
you want.
- This was actually already possible from
v0.12
, but it is first now we allow it.
- This was actually already possible from
- Listen to IPv6 in the redirector.conf
in addition to IPv4.
- PR by @staticfloat.
- Add
reuseport
in the redirector.conf, which improves latency and parallelization.- PR by @staticfloat.
- Add mentions in the changelog to people who have helped with issues.
- Made the
create_dhparams.sh
script capable of creating missing directories.- Our small
/docker-entrypoint.d/40-create-dhparam-folder.sh
script is therefore no longer necessary.
- Our small
- Made so that we run
symlink_user_configs
at startup so we do not run into a race condition with Nginx. - Some minor cleanup in the Dockerfiles related to the above changes.
- There now exist a Dockerfile for building from the Nginx Alpine image as well.
- It is possible to use the Alpine version by appending
-alpine
to any of the tags from now on. - There are now so many tags available, see dockerhub_tags.md for the possible combinations.
- NOTE: There exists a bug in Bash 5.1.0, which is described in detail here.
- Suggested by @tudddorrr.
- It is possible to use the Alpine version by appending
- Small fix to the
create_dhparams.sh
script to handle the use of libressl in Alpine. - Added a small sleep in order to mitigate a rare race condition between Nginx startup and the symlink script.
- Fix an ugly printout in the case when the sleep function exited naturally.
- Big change on how we recommend users to get their
.conf
files into the container.- Created a script that creates symlinks from
conf.d/
to the files inuser_conf.d/
. - Users can now start the container without having to build anything.
- Still compatible with the old way, but I still think it's a "major" change.
- Suggested by @MauriceNino.
- Created a script that creates symlinks from
- Examples are updated to reflect changes.
- Add more logging.
- Add more
"
around variables for extra safety. - Big overhaul of how the documentation is structured.
- Even more tags now available on Docker Hub!
- See dockerhub_tags.md for the list.
- Ignore values starting with
data:
andengine:
when verifying that all files exists.- PR by @bblanchon.
- Add a debug mode which is enabled by setting the environment variable
DEBUG=1
.
- Fix dependencies so that it is possible to build in 32-bit ARM architectures.
- Reported by RtKelleher.
- Added Dependabot to monitor and update the Dockerfiles.
- PR by @odin568.
- Added GitHub Actions/Workflows so that each tag now is built for multiple arches (issue #28).
- Fix that scripts inside
/docker-entrypoint.d/
were never run (issue #21).- Found while helping @isomerpages move from @staticfloats image.
- Fix for issue where the script failed in case the
/etc/letsencrypt/dhparams
folder was missing.- Reported by @pmkyl.
- Move over to semantic versioning.
- The version number will now be given like this:
[MAJOR].[MINOR].[PATCH]
- This is done to signify that I feel like this code is stable, since I have been running this for quite a while.
- The version number will now be given like this:
- Build from a defined version of Nginx.
- This is done to facilitate a way to lock this container to a more specific version.
- This also allows us to more often trigger rebuilds of this container on Docker Hub.
- New tags are available on Docker Hub.
- There will now be tags on the following form:
- latest
- 1.0.0
- 1.0.0-nginx1.19.7
- There will now be tags on the following form:
- Container now listens to
SIGHUP
and will reload all configs if this signal is received.- More details can be found in the commit message: bf2c135
- Made Docker image slightly smaller by including
--no-install-recommends
. - There is now also a
dev
branch/tag if you are brave and want to run experimental builds. - JonasAlfredsson/docker-nginx-certbot is now its own independent repository (i.e. no longer just a fork).
- It is now possible to
manually trigger a renewal of
certificates.
- It is also possible to include "force" to add
--force-renewal
to the request.
- It is also possible to include "force" to add
- The "clean exit" trap now handle that parent container changed to
SIGQUIT
as stop signal. - The "certbot" server block (in Nginx) now prints to stdout by default.
- Massive refactoring of both code and files:
- Our "start command" file is now called
start_nginx_certbot.sh
instead ofentrypoint.sh
. - Both
create_dhparams.sh
andrun_certbot.sh
can now be run by themselves inside the container. - I have added
set -e
in most of the files so the program exit as intended when unexpected errors occurs. - Added
{}
and""
around most of the bash variables. - Change some log messages and where they appear.
- Our "start command" file is now called
- Our
/scripts/startup/
folder has been removed.- The parent container will run any
*.sh
file found inside the/docker-entrypoint.d/
folder.
- The parent container will run any
- Made so that the container now exits gracefully and reports the correct exit
code.
- More details can be found in the commit message: 43dde6e
- Bash script now correctly monitors both the Nginx and the certbot renewal
process PIDs.
- If either one of these processes dies, the container will exit with the same exit code as that process.
- This will also trigger a graceful exit for the rest of the processes.
- Removed unnecessary and empty
ENTRYPOINT
from Dockerfile. - A lot of refactoring of the code, cosmetic changes and editing of comments.
- Fixed the regex used in all of the
sed
commands.- Now makes sure that the proper amount of spaces are present in the right places.
- Now allows comments at the end of the lines in the configs.
# Nice!
- Made the expression a little bit more readable thanks to the
-r
flag.
- Now made certbot solely responsible for checking if the certificates needs to
be renewed.
- Certbot is actually smart enough to not send any renewal requests if it doesn't have to.
- The time interval used to trigger the certbot renewal check is now user
configurable.
- The environment variable to use is
RENEWAL_INTERVAL
.
- The environment variable to use is
- Added
--cert-name
flag to the certbot certificate request command.- This allows for both adding and subtracting domains to the same certificate file.
- Makes it possible to have path names that are not domain names (but this is not allowed yet).
- Made the file parsing functions smarter so they only find unique file paths.
- Cleaned up some log output.
- Updated the
docker-compose
example. - Fixed some spelling in the documentation.
- Python 2 is EOL, so it's time to move over to Python 3.
- From now on Docker Hub will also automatically build with tags.
- Lock the version by specifying the tag:
jonasal/nginx-certbot:0.11
- Lock the version by specifying the tag:
- Update to new ACME v2 servers.
- PR by @seaneshbaugh.
- I am now confident enough to remove the version suffixes.
nginx:mainline
is now using Debian 10 Buster.- Updated documentation.
- Make both Nginx and the update script child processes of the
entrypoint.sh
script. - Container will now die along with Nginx like it should.
- The Diffie-Hellman parameters now have better permissions.
- Container now exist on Docker Hub under
jonasal/nginx-certbot:latest
- More documentation.
@JonasAlfredsson
enters the battle.- Diffie-Hellman parameters are now automatically generated.
- Nginx now handles everything HTTP related -> certbot set to webroot mode.
- Better checking to see if necessary files exist.
- Will now request a certificate that includes all domain variants listed
on the
server_name
line. - More extensive documentation.
- Ditch cron, it never liked me anyway. Just use
sleep
and awhile
loop instead.
- Complete rewrite, build this image on top of the
nginx
image, and runcron
/certbot
alongsidenginx
so that we can have Nginx configs dynamically enabled as we get SSL certificates.
- Add
nginx_auto_enable.sh
script to/etc/letsencrypt/
so that users can bring Nginx up before SSL certs are actually available.
- Change the name to
docker-certbot-cron
, update documentation, strip out even more stuff I don't care about.
- Rip out a bunch of stuff because
@staticfloat
is a monster, and likes to do things his way
- Add support for webroot mode.
- Run certbot once with all domains.
- Upgraded to use certbot client
- Changed image to use alpine linux
- Initial release