Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Setup Letsencrypt and DuckDNS for a CherryPy web application

Setup DuckDNS and Letsencrypt for a CherryPy web application

Disclaimer: only tested on Ubuntu 18.04, with a single domain.

Set the DUCKDNS_TOKEN environment variable. For example create a /etc/profile.d/duckdns.sh file like :

export DUCKDNS_TOKEN='ab0cd123-4567-8ef9-012g-h345ij6k78lm'

DuckDNS setup:

Create base directory:

mkdir -p /opt/duckdns

Create /opt/duckdns/duck.sh :

#!/bin/sh

DOMAINS='example' # <= replace this

echo url="https://www.duckdns.org/update?domains=${DOMAINS}&token=${DUCKDNS_TOKEN}&verbose=true&ip=" | curl -k -o /opt/duckdns/duck.log -K -

Create /opt/duckdns/duck.cron:

*/5 * * * * root /opt/duckdns/duck.sh >/dev/null 2>&1

Set permissions :

chmod 700 duck.sh

Link to cron.d :

ln -s /opt/duckdns/duck.cron /etc/cron.d/duck

Letsencrypt/Dehydrated setup:

cd /opt
git clone https://github.com/dehydrated-io/dehydrated
cd dehydrated
mkdir hooks
git clone https://github.com/floudet/letsencrypt-DuckDNS-hook.git hooks/duckdns
chmod 755 /opt/dehydrated/hooks/duckdns/hook.sh
ln -s /opt/dehydrated/dehydrated /usr/local/sbin/dehydrated
mkdir /etc/dehydrated
mkdir -p /etc/ssl/letsencrypt

Create /etc/dehydrated/domains.txt, containing a space separated list of your domains

example.duckdns.org

See domains.txt for examples.

Create /etc/dehydrated/config:

CHALLENGETYPE="dns-01"
CERTDIR="/etc/ssl/letsencrypt"
HOOK='/opt/dehydrated/hooks/duckdns/hook.sh'
CONTACT_EMAIL=name@example.com # <= change this

See config for more options

First run

dehydrated --register --accept-terms
dehydrated -c -f /etc/dehydrated/config

Create /etc/cron.d/dehydrated :

0 4 * * 6 root /usr/local/sbin/dehydrated -c -f /etc/dehydrated/config

(This cron will run every Sunday at 4:00 AM.)

CherryPy configuration

In your CherryPy app server.conf file, add the following lines on the [global] section :

server.ssl_module: 'pyopenssl'
server.ssl_certificate = "/etc/ssl/letsencrypt/example.duckdns.org/cert.pem"
server.ssl_private_key = "/etc/ssl/letsencrypt/example.duckdns.org/privkey.pem"
server.ssl_certificate_chain = "/etc/ssl/letsencrypt/example.duckdns.org/fullchain.pem"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment