Comments (12)
sseemayer
commented on May 12, 2024
Thanks for the kind words! I'll look into what I can do for automatically adding a cronjob and / or documenting how to do it manually. Here are some initial thoughts to get you started:
- The new simp_le - based (cf. #17) plugin workflow can automatically detect whether a certificate needs renewal so it doesn't hurt to run the plugin more frequently than every two months (which is recommended by let's encrypt).
- The let's encrypt rate limits might be a problem if you try to renew a lot of certificates at any one time. It's probably best to stagger them somehow, although thanks to the auto-detection for when renewal is necessary, not everything will get renewed everytime anyways and since you were not able to request more certificates than the rate limit in the first place, there should be some kind of "natural" staggering in the renewals.
- You will have to make sure that the cronjob calls the renewal as the
dokkuuser.
It would help me out a lot if you let me know about the things that you figure out! And PRs on both code and documentation are always appreciated π
from dokku-letsencrypt.
Kikobeats
commented on May 12, 2024
maybe could be nice create a separate plugin like dokku-letsencrypt-crontab that simply do that you say in the point one
from dokku-letsencrypt.
fruitl00p
commented on May 12, 2024
@sseemayer cool. I have some thoughts on this as well. Just by adding a @monthly dokku letsencrypt $app would be sufficient but if the plugin itself were to have a ':auto-renew $app' that would allow the plugin to contain all the logic of staggering the calls to lets encrypt... (i.e. first fetch the renewal times, than queue them one by one if need be in the cron ?) That way the users wouldn't have to be bothered with the cron at all as the plugin taks care of everything :)
from dokku-letsencrypt.
sseemayer
commented on May 12, 2024
We could get even more fancy by having a letsencrypt:auto-renew without an app provided that will go over all apps, check if they're currently secured by let's encrypt, check whether they need renewal, and then take the appropriate steps.
This would be a really nice project for a medium-sized pull request wink wink π
from dokku-letsencrypt.
sseemayer
commented on May 12, 2024
I ended up implementing the super-fancy version of this: Once you've initially set up letsencrypt for an app, you can enable automatic renewal now by adding one entry to dokku letsencrypt:auto-renew to your crontab. This command will detect which apps need renewal and even prioritize renewals to renew the most urgent certificates first.
Let me know your experiences with this!
from dokku-letsencrypt.
fruitl00p
commented on May 12, 2024
@sseemayer awesome! Was trying it out this morning and after first updating dokku itself (due to a dokku_apps error) i received the following for dokku letsencrypt:ls
140668729374368:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/app1-without-tls/tls/server.crt','r')
140668729374368:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Error opening Certificate /home/dokku/mediaweb/tls/server.crt
140609668568736:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/app2-without-tls/tls/server.crt','r')
140609668568736:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Error opening Certificate /home/dokku/mediaweb2/tls/server.crt
140405065541280:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/app3-without-tls/tls/server.crt','r')
140405065541280:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Error opening Certificate /home/dokku/vraagsturing/tls/server.crt
139854962603680:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/app4-without-tls/tls/server.crt','r')
139854962603680:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Error opening Certificate /home/dokku/www-kerkenijmondnoord-nl/tls/server.crt
140535163012768:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/app4-without-tls/tls/server.crt','r')
140535163012768:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
followed by a listing of all apps and all of them had dates and expirations ;)
So before trying the :auto-renew (which relies on :ls) maybe this might deserve a bugfix?
from dokku-letsencrypt.
sseemayer
commented on May 12, 2024
Whoops - I missed this since I have all of my apps SSL-secured at the moment :) I've created issue #26 and will work on it as the next patch.
from dokku-letsencrypt.
fruitl00p
commented on May 12, 2024
π
from dokku-letsencrypt.
sseemayer
commented on May 12, 2024
Should be fixed now (ref. #26).
from dokku-letsencrypt.
sseemayer
commented on May 12, 2024
I've written a blog post about how I've set up automatic certificate renewal on my own server in the hope it will be helpful for others.
from dokku-letsencrypt.
Kikobeats
commented on May 12, 2024
You rocks! ππ
from dokku-letsencrypt.
fruitl00p
commented on May 12, 2024
@sseemayer cool! Had the cron already in place but more docs are always handy for newcomers :)
from dokku-letsencrypt.
Related Issues (20)
- Let's Encrypt in Docker - docker.env: no such file or directory HOT 4
- Error on adding cron job: new crontab file is missing newline before EOF, can't install HOT 4
- Is it possible to use a DNS-01 challenge for a non-wildcard domain? HOT 1
- Renewal fails with "Letsencrypt not enabled for app" HOT 10
- Error enable or update SSL HOT 11
- letsencrypt:report doesnβt show the dns-provider-* options
- Broken as of dokku 0.30.0 HOT 4
- Skip domain `_` (Nginx default domain name)
- Cloudflare DNS-01 howto HOT 2
- letsencrypt:cron-job --add does not add cronjob HOT 1
- Invalid response from acme-challenge HOT 16
- Cloudflare DNS: Failed to find zone HOT 1
- Can't Renew Ceritificate, returns Error: manifest for dokku/letsencrypt:0.1.0 not found: HOT 4
- Can't Renew SSL using dokku-letsencrypt: Manifest Unkown HOT 7
- set email for app is not possible HOT 1
- letsencrypt/internal-functions: line 84: syntax error near unexpected token `fi' HOT 6
- Running on old dokku installation HOT 1
- Unable to set email address HOT 2
- feature: Make it possible to enable letsencrypt by default HOT 1
- get_available_port: command not found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dokku-letsencrypt.