Skip to content

Instantly share code, notes, and snippets.

@fridgerator
Created November 14, 2019 23:48
Show Gist options
  • Save fridgerator/db607d268f1f99329c8f9449e89abb4f to your computer and use it in GitHub Desktop.
Save fridgerator/db607d268f1f99329c8f9449e89abb4f to your computer and use it in GitHub Desktop.
Auto-renewing Lets Encrypt certificates for Rancher 1.6

Lets Encrypt has removed their ACME V1 api in favor of ACME V2. The Rancher 1.6 catalog entry for Lets Encrypt certificates doesn't support this api. There is a forked version of the repo, however the service has to be created manually instead of from the catalog.

  1. Create a new service, give it a name, use vxcontrol/rancher-letsencrypt:v1.0.0 for the image
  2. In the "Volumes" tab, add a volume /var/lib/rancher:/var/lib/rancher
  3. In the "Command" tab, set the "Console" option to none
  4. Click to add an Environment Variable, and paste the following into the first "Variable" input field.
  • All of the environment variables should auto-fill.
  • Fill in the necessary values
API_VERSION=Production
AURORA_ENDPOINT=
AURORA_KEY=
AURORA_USER_ID=
AWS_ACCESS_KEY=
AWS_SECRET_KEY=
AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=
AZURE_RESOURCE_GROUP=
AZURE_SUBSCRIPTION_ID=
AZURE_TENANT_ID=
CERT_NAME=**ENTER CERT NAME**
CLOUDFLARE_EMAIL=
CLOUDFLARE_KEY=
DNSIMPLE_EMAIL=
DNSIMPLE_KEY=
DNS_RESOLVERS=8.8.8.8:53,8.8.4.4:53
DOMAINS=**ENTER DOMAIN NAME**
DO_ACCESS_TOKEN=
DYN_CUSTOMER_NAME=
DYN_PASSWORD=
DYN_USER_NAME=
EMAIL=**ENTER YOUR EMAIL**
EULA=Yes
GANDI_API_KEY=
NS1_API_KEY=
OVH_APPLICATION_KEY=
OVH_APPLICATION_SECRET=
OVH_CONSUMER_KEY=
PROVIDER=HTTP
PUBLIC_KEY_TYPE=RSA-2048
RENEWAL_PERIOD_DAYS=20
RENEWAL_TIME=12
RUN_ONCE=false
VULTR_API_KEY=
@fridgerator
Copy link
Author

fridgerator commented Nov 25, 2019

I missed a step

  • In the "Labels" tab, create the following 2 labels:
io.rancher.container.agent.role=environment
io.rancher.container.create_agent=true

@timothystewart6
Copy link

timothystewart6 commented May 5, 2020

This is in case you didn't already create the service using janeczku/rancher-letsencrypt:v0.5.0 correct?

@lgaticaq
Copy link

Hi. I am create a rancher catalog with the new template for letsencrypt https://github.com/escaleno-ltda/rancher-catalog/tree/master/templates/letsencrypt/0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment