commit b083f2b89c01e5c1d2a74c14410c5c0c43420074
Author: Minecon724 <minecon724@noreply.git.m724.eu>
Date:   Sun Aug 17 21:45:52 2025 +0200

    Initial commit

diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..6c43f08
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,10 @@
+FROM docker.io/neilpang/acme.sh:dev
+
+COPY --chmod=0755 docker-entrypoint.sh /docker-entrypoint.sh
+COPY --chmod=0755 scripts/ /opt/scripts/
+
+ENV ACME_SERVER=letsencrypt
+
+EXPOSE 80
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d86ba08
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+Quick tutorial:
+1. set `DOMAINS` and `SERVER_x` (can be multiple)
+2. run
+3. good to go
+
+Quirks:
+- alpha
+- runs as root inside container
+- adding / removing domains not supported
+
+TODO: Use certbot. It should be easier to extend with Python 3.
\ No newline at end of file
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100644
index 0000000..d5915a3
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -euo pipefail
+
+if cat /trusted-certificates/* >> /etc/ssl/certs/ca-certificates.crt; then
+    echo "One or more trusted certificates have been copied"
+fi
+
+if ! [ -f /acme.sh/renewer-setup ]; then
+    echo "Performing initial setup"
+    /opt/scripts/initial-setup.sh
+fi
+
+echo "Renewer welcomes you"
+
+# trap 'exit' INT TODO something like this
+/entry.sh daemon
\ No newline at end of file
diff --git a/scripts/initial-setup.sh b/scripts/initial-setup.sh
new file mode 100644
index 0000000..504e59b
--- /dev/null
+++ b/scripts/initial-setup.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -euo pipefail
+
+: "${DOMAINS?Error: DOMAINS environment variable is not set.}"
+
+acme.sh --register-account --server $ACME_SERVER
+
+for domain in ${DOMAINS//,/ }; do
+    acme.sh --issue --standalone -d $domain --server $ACME_SERVER
+
+    acme.sh --install-cert -d $domain \
+        --key-file       /tmp/${domain}_key.pem  \
+        --fullchain-file /tmp/${domain}_cert.pem \
+        --reloadcmd     "/opt/scripts/upload-certificate.sh \"$domain\""
+done
+
diff --git a/scripts/upload-certificate.sh b/scripts/upload-certificate.sh
new file mode 100755
index 0000000..1cd4fba
--- /dev/null
+++ b/scripts/upload-certificate.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+#set -euo pipefail
+
+domain=$1
+: "${1?Error: Please specify a domain.}"
+
+PRIVATE_KEY_FILE=/tmp/${domain}_key.pem
+CERTIFICATE_FILE=/tmp/${domain}_cert.pem
+
+env | while read -r line; do
+    case "$line" in
+        SERVER_*)
+            ;;
+        *)
+            continue
+            ;;
+    esac
+
+    value="${line#*=}"
+
+    url="${value%% *}"
+    key="${value#* }"
+
+    echo "Uploading to $url"
+
+    curl -H "Authorization: Bearer $key" -X POST -F "private_key=@$PRIVATE_KEY_FILE" -F "certificate=@$CERTIFICATE_FILE" $url/certificate/$domain
+    curl -H "Authorization: Bearer $key" $url/reload
+done
+
+rm $PRIVATE_KEY_FILE $CERTIFICATE_FILE
+
+touch /acme.sh/renewer-setup
\ No newline at end of file