search

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.12k stars 339 forks source link

New feature: Certbot dry-run #168

Closed bognolo closed 3 years ago

bognolo commented 3 years ago

What's needed and why ? To avoid running into letsencrypt rate limits when configuring bunkerized-nginx for the first time, it would be useful to have the option to use certbot's --dry-run option to generate certificates against letsencrypt's staging environment.

Adding a boolean environment variable to add the switch to the certbot call should be sufficient.

Thanks!

fl0ppy-d1sk commented 3 years ago

Hello @bognolo,

I'm not sure if --dry-run will write a test certificate to the disk (from the doc) : 

--dry-run         Test "renew" or "certonly" without saving any certificates to disk

But looks like --staging will do the trick : 

--test-cert, --staging
                        Use the staging server to obtain or revoke test
                        (invalid) certificates; equivalent to --server
                        https://acme-staging-v02.api.letsencrypt.org/directory
bognolo commented 3 years ago

Thank you fl0ppy-d1sk, you are right, I must have got confused there. Hopefully we will get the functionality soon ;-)

fl0ppy-d1sk commented 3 years ago

Hello @bognolo

The USE_LETS_ENCRYPT_STAGING environment variable has been added to the v1.3.0 release. More info here.