Skip to content

Commit 0913231

Browse files
committed
Bump v0.5.0
1 parent 18a52d3 commit 0913231

3 files changed

Lines changed: 11 additions & 15 deletions

File tree

README.md

Lines changed: 9 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
A [Rancher](http://rancher.com/rancher/) service that obtains free SSL/TLS certificates from the [Let's Encrypt CA](https://letsencrypt.org/), adds them to Rancher's certificate store and manages renewal and propagation of updated certificates to load balancers.
1515

1616
#### Requirements
17-
* Rancher Server >= v1.2.0
17+
* Rancher Server >= v1.5.0
1818
* If using a DNS-based challenge, existing account with one of the supported DNS providers:
1919
* `Aurora DNS`
2020
* `AWS Route 53`
@@ -28,7 +28,7 @@ A [Rancher](http://rancher.com/rancher/) service that obtains free SSL/TLS certi
2828
* `Ovh`
2929
* `Vultr`
3030

31-
* If using the HTTP challenge, a proxy that routes `example.com/.well-known/acme-challenge` to `rancher-letsencrypt`.
31+
* If using the HTTP challenge, a reverse proxy that routes `example.com/.well-known/acme-challenge` to `rancher-letsencrypt`.
3232

3333
### How to use
3434

@@ -39,23 +39,19 @@ Then locate the `Let's Encrypt` template in the Catalog section of the UI and fo
3939

4040
### Storing certificate in shared storage volume
4141

42-
By default the created SSL certificate is stored in Rancher for usage in load balancers.
42+
By default the created SSL certificate is stored in Rancher's certificate store for usage in Rancher load balancers.
4343

44-
If you specify an existing volume storage driver (e.g. rancher-nfs) then the account data, certificate and private key will be stored in a stack scoped volume named `lets-encrypt`, allowing you to access them from other services in the same stack. See the [Storage Service documentation](https://docs.rancher.com/rancher/v1.3/en/rancher-services/storage-service/).
44+
You can specify a volume name to store account data, certificate and private key in a (host scoped) named Docker volume.
45+
To share the certificates with other services you may specify a persistent storage driver (e.g. rancher-nfs).
4546

46-
#### Example
47-
48-
When mounting the `lets-encrypt` storage volume to `/etc/letsencrypt` in another container, then production certificates and keys are located at:
49-
50-
- `/etc/letsencrypt/production/certs/<certificate name>/fullchain.pem`
51-
- `/etc/letsencrypt/production/certs/<certificate name>/privkey.pem`
52-
53-
where `<certificate name>` is the name of the certificate sanitized to consist of only the following characters: `[a-zA-Z0-9-_.]`.
47+
See the README in the Rancher catalog for more information.
5448

5549
### Provider specific usage
5650

5751
#### AWS Route 53
5852

53+
Note: If you have both a private and public zone in Route53 for the domain, you need to run the service configured with public DNS resolvers (this is now the default).
54+
5955
The following IAM policy describes the minimum permissions required when using AWS Route 53 for domain authorization.
6056
Replace `<HOSTED_ZONE_ID>` with the ID of the hosted zone that encloses the domain(s) for which you are going to obtain certificates. You may use a wildcard (*) in place of the ID to make this policy work with all of the hosted zones associated with an AWS account.
6157

@@ -106,7 +102,7 @@ Then deploy this service using the generated key, application secret and consume
106102

107103
If you prefer not to use a DNS-based challenge or your provider is not supported, you can use the HTTP challenge.
108104
Simply choose `HTTP` from the list of providers.
109-
Then make sure that HTTP requests to `domain.com/.well-known/acme-challenge` are forwarded to the `rancher-letsencrypt` service, e.g. by configuring a Rancher load balancer accordingly.
105+
Then make sure that HTTP requests to `domain.com/.well-known/acme-challenge` are forwarded to port 80 of the `rancher-letsencrypt` service, e.g. by configuring a Rancher load balancer accordingly. If you are using another reverse proxy (e.g. Nginx) you need to make sure it passed the original `host` header through to the backend.
110106

111107
![Rancher Load Balancer Let's Encrypt Targets](https://cloud.githubusercontent.com/assets/198988/22224463/0d1eb4aa-e1bf-11e6-955c-5f0d085ce8cd.png)
112108

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
v0.4.0
1+
v0.5.0

package/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ FROM alpine:3.5
22

33
RUN apk add --no-cache ca-certificates openssl bash
44

5-
ENV LETSENCRYPT_RELEASE v0.4.0
5+
ENV LETSENCRYPT_RELEASE v0.5.0
66
ENV SSL_SCRIPT_COMMIT 08278ace626ada71384fc949bd637f4c15b03b53
77

88
RUN wget -O /usr/bin/update-rancher-ssl https://raw.githubusercontent.com/rancher/rancher/${SSL_SCRIPT_COMMIT}/server/bin/update-rancher-ssl && \

0 commit comments

Comments
 (0)