You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Nicolas Massé
5828e563f8
|
2 weeks ago | |
|---|---|---|
| .. | ||
| config | 4 weeks ago | |
| Makefile | 4 weeks ago | |
| README.md | 2 weeks ago | |
| lego-renew.container | 4 weeks ago | |
| lego-renew.timer | 4 weeks ago | |
| lego-run.container | 4 weeks ago | |
| lego.target | 4 weeks ago | |
| overlay.bu | 4 weeks ago | |
README.md
Podman Quadlet: Lego
Overview
Lego is a Let's Encrypt/ACME client started as a Podman Quadlet. It handles automatic SSL/TLS certificate issuance and renewal.
This cookbook:
- Runs an initial certificate fetch via lego-run.service when no certificates exist.
- Schedules automatic certificate renewal via lego-renew.timer.
- Stores certificates with secure permissions (umask 0077).
- Supports renewal hooks to reload dependent services when certificates are renewed.
Prerequisites
- Configuration file
/etc/quadlets/lego/config.envmust exist with ACME configuration. - DNS or HTTP challenge must be properly configured.
Usage
In a separate terminal, follow the logs.
sudo make tail-logs
Install the Podman Quadlets and fetch the initial certificate.
sudo make clean install
You should see the lego-run.service fetching a certificate from Let's Encrypt.
The certificate will be stored in /var/lib/quadlets/lego/certificates/.
Check the certificate:
sudo ls -la /var/lib/quadlets/lego/certificates/
The lego-renew.timer will periodically check and renew the certificate before expiration.
To manually trigger a renewal check:
sudo systemctl start lego-renew.service
Restart the lego.target unit.
sudo systemctl restart lego.target
Finally, remove the quadlets, their configuration and their data.
sudo make uninstall clean
Integration tests
sudo make test