Hi, I am currently using Certbot to manage and renew my SSL certificates for my domain. I have a setup where Certbot runs inside a Docker container, and I would like to automatically upload the renewed SSL certificates to my DigitalOcean Spaces custom subdomain.
Here are the details of my current setup:
Currently I am using a shell script as a Certbot deploy hook to handle the upload process. This script is supposed to use s3cmd
to upload the certificates to my DigitalOcean Space. However, I am facing challenges with generating the necessary .s3cfg
configuration file and ensuring s3cmd
is correctly configured within the Docker environment.
Here are my questions:
s3cmd
or any other recommended tool for this purpose within a Docker container?Here is the current script I am using as the deploy hook:
#!/bin/sh
# Configuration
DOMAIN="images.expertly.co.il"
BUCKET=$AWS_BUCKET
CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
S3_CMD_CONF="/root/.s3cfg"
S3_CMD_TEMPLATE="/aws_cert/s3cfg.template"
# Generate s3cmd config file from template
envsubst < $S3_CMD_TEMPLATE > $S3_CMD_CONF
# Upload the certificate files to DigitalOcean Spaces
s3cmd --config=$S3_CMD_CONF put $CERT_DIR/fullchain.pem s3://$BUCKET/fullchain.pem
s3cmd --config=$S3_CMD_CONF put $CERT_DIR/privkey.pem s3://$BUCKET/privkey.pem
And here is the template for the .s3cfg
file:
[default]
access_key = ${AWS_ACCESS_KEY_ID}
secret_key = ${AWS_SECRET_ACCESS_KEY}
host_base = ${AWS_REGION}.${AWS_DOMAIN}
host_bucket = %(bucket)s.${AWS_REGION}.${AWS_DOMAIN}
I would appreciate any guidance or suggestions.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi there,
If I got this correctly, you don’t need to upload the certificate files to your Spaces S3 storage directly, but instead update the SSL certificate of your custom domain name that you’ve associated with your spaces.
To do that, you don’t really have to use the
s3cmd
CLI but instead use the DigitalOcean API to create the new certificate.You can check out the official HTTP API documentation here:
There are endpoints for adding a new certificate, retrieving existing certificates and deleting old ones.
For example, to create a new certificate using the SSL files that you generate using
certbot
, you could do something like this:An alternative option here is to use the
doctl
CLI tool instead of the HTTP API which also allows you to manage your certificates that way:Let me know if this works for you!
- Bobby