Skip to content

foorschtbar/routeros-letsencrypt-docker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Let's Encrypt for RouterOS Webserver/API

MikroTik

This Docker container automatically renews certificates from Let's Encrypt, copies them to a MikroTik device running RouterOS, and activates them in the Webserver, API and OpenVPN Server.

Configuration

  • Map a SSH private keyfile for login into RouterOS
  • Map a volume/folder to store persistent authorization information between container restarts
  • Configure environment variables to controll the automation process:
Name Default Description
ROUTEROS_USER (none) User with policies ssh, write, ftp, read
ROUTEROS_HOST (none) RouterOS IP or Hostname
ROUTEROS_SSH_PORT 22 RouterOS SSH Port
ROUTEROS_PRIVATE_KEY (none) Private Key file to connect to RouterOS (set permissions to 0400!)
ROUTEROS_DOMAIN (none) Domainname for catch up certs from LEGO Client. Usually the first Domain you set in the LEGO_DOMAINS variable
LEGO_STAGING 1 Whether to use production or staging LetsEncrypt endpoint. 0 for production, 1 for staging
LEGO_KEY_TYPE ec384 Type of key
LEGO_DOMAINS (none) Domains (delimited by ';' )
LEGO_EMAIL_ADDRESS (none) Email used for registration and recovery contact.
LEGO_PROVIDER (none) DNS Provider. Valid values are: acmedns, alidns, arvancloud, auroradns, autodns, azure, bindman, bluecat, checkdomain, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, desec, designate, digitalocean, dnsimple, dnsmadeeasy, dnspod, dode, dreamhost, duckdns, dyn, dynu, easydns, edgedns, exec, exoscale, fastdns, gandi, gandiv5, gcloud, glesys, godaddy, hetzner, hostingde, httpreq, iij, internal, inwx, joker, lightsail, linode, linodev4, liquidweb, luadns, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, netcup, netlify, nifcloud, ns1, oraclecloud, otc, ovh, pdns, rackspace, regru, rfc2136, rimuhosting, route53, sakuracloud, scaleway, selectel, servercow, stackpath, transip, vegadns, versio, vscale, vultr, yandex, zoneee, zonomi
LEGO_DNS_TIMEOUT 10 Set the DNS timeout value to a specific value in seconds
LEGO_ARGS (none) Send arguments directly to lego, e.g. "--dns.disable-cp" or "--dns.resolvers 1.1.1.1"
<KEY/TOKEN_FROM_PROVIDER> (none) See Configuration of DNS Providers
SET_ON_WEB true Set the new certificate on the WebServer
SET_ON_API true Set the new certificate on the API
SET_ON_OVPN false Set the new certificate on the OpenVPN Server
SET_ON_HOTSPOT false Set the new certificate for the HotSpot/CaptivePortal
HOTSPOT_PROFILE_NAME (none) HotSpot/CaptivePortal profile name

SSH Setup

  • Generate SSH Key Pair
  • Upload Public key to RouterOS
  • Add User/Group and import Public SSH Key
  • Pass private key into Docker container

Example

version: "3"

services:
  app:
    image: foorschtbar/routeros-letsencrypt
    environment:
      - LEGO_STAGING=1 # 0 for production, 1 for staging (default)
      - LEGO_PROVIDER=digitalocean # Example
      - LEGO_DOMAINS=mydomain.tld # or *.mydomain.tld for a wildcard cert.
      - [email protected]
      - DO_AUTH_TOKEN=changeme # Example
      - ROUTEROS_USER=letsencrypt
      - ROUTEROS_HOST=router.mydomain.tld
      - ROUTEROS_PRIVATE_KEY=/id-rsa
      - ROUTEROS_DOMAIN=mydomain.tld # or *.mydomain.tld for a wildcard cert.
    volumes:
      - ./data:/letsencrypt # To store persistent authorization information between container restarts
      - ./id-rsa:/id-rsa
    restart: unless-stopped

Credits

Inspired by

About

Let's Encrypt for RouterOS Webserver/API

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published