README (1682B)
1 LETSENCRYPT CERTIFICATES FOR NOMAD 2 ---------------------------------- 3 4 Request and renew Letsencrypt certificates with Nomad. 5 6 USAGE 7 ----- 8 9 Register the volume for the Letsencrypt certificates: 10 11 nomad volume register certbot-volume.hcl 12 13 Install the periodic job: 14 15 nomad run certbot.nomad 16 17 LETSENCRYPT EMAIL 18 ----------------- 19 20 Add Letsencrypt plain-text email in Nomad variable "certbot/email" 21 22 DOMAINS 23 ------- 24 25 Add Letsencrypt domains in Nomad variable "certbot/domains" as list 26 27 cn1.example.com,san1.example.com",cn2.example.com,more.domains,.. 28 29 Hint: Don't automatically redirect http traffic to https ports. If enabled, 30 Letsencrypt fails to download the challenge files from the http endpoint 31 (always redirected straight to https, which is no desired in this scenario). 32 33 # don't redirect to https (disable https redirection to renew certificates) 34 #redirect scheme https if !{ ssl_fc } is_site 35 36 37 RENEWAL 38 ------- 39 40 https://eff-certbot.readthedocs.io/en/stable/using.html#re-creating-and-updating-existing-certificates 41 42 >If a certificate is requested with run or certonly specifying a certificate 43 >name that already exists, Certbot updates the existing certificate. Otherwise a 44 >new certificate is created and assigned the specified name. 45 46 LEVANT 47 ------ 48 49 Alternatively, use levant to dynamically template the tasks of this job. 50 51 Spins up n tasks for n certificates. 52 53 - Pro: Use JSON file on the host to provide domains as input. The approach with the 54 simple shell scripts orders all certificates in the same task (same script). 55 - Contra: No KV to provide domains as input 56 57 Howto: 58 - adjust the defaults file 59 - levant render certbot.levant 60 - levant {plan,run} certbot.levant