This repo contains a way to generate SSL certificate (with Let's Encrypt) and add it automatically to your IPLB instance. To do that, the domain you want to get SSL certificates must be managed by OVH.
To use that tool, we provide an docker container tracesoftware/ovh-ssl-iplb.
To run it, you should just define some environments variables:
docker run -ti --rm -e application_key=XXXX -e application_secret=XXXX -e consumer_key=XXXX -e iplb_name=ip-XXXXXX tracesoftware/ovh-ssl-iplb
By default the tool will update the SSL certificate already present in the IPLB instance.
You can use the option -d to add a domain new domains in your IPLB.
docker run -ti --rm -e application_key=XXXX -e application_secret=XXXX -e consumer_key=XXXX -e iplb_name=ip-XXXXXX tracesoftware/ovh-ssl-iplb -d app.example.com -d app2.example.com
We expose some volumes in the docker container:
/etc/dehydrated/certswhich will contains SSL certificate/etc/dehydrated/accountswhich will contains your Let's Encrypt account information
You must configure this script by setting some environments variables:
application_key- Your OVH API application key
- Optional: false
application_secret- Your OVH API application secret
- Optional: false
consumer_key- Your OVH API consumer key
- Optional: false
iplb_name- The name of IPLB you want to manage SSL certificate
- Optional: false
max_retry- Number of retry can be perform for the validation of SSL certificate
- Default value:
5 - Optional: true
DEBUG- Define it to
Trueif you want to print some extra informations and use the Let’s Encrypt staging server - Optional: true
- Define it to
To found application_key, application_secret and consumer_key you should check this ovh documenation and this page.
Your credentials must have access to:
- DNS
GET /domain/zonePOST /domain/zone/*/recordPOST /domain/zone/*/refreshDELETE /domain/zone/*/record/*
- IPLB
GET /ipLoadbalancingGET /ipLoadbalancing/*/sslPOST /ipLoadbalancing/*/sslGET /ipLoadbalancing/*/ssl/*DELETE /ipLoadbalancing/*/ssl/*