Add proxy support and optional email#31
Conversation
Signed-off-by: aleskxyz <39186039+aleskxyz@users.noreply.github.com>
|
Hi @jaydrogers |
|
I know that LetsEncrypt stopped sending emails about the renewal, but does that make the email parameter redundant or are there other types of emails they send? I understand however that at the end of the day, this should wrap around the supported options that LetsEncrypt themselves support, so my feedback might be irrelevant in this case. The proxy implementation looks OK to me. |
Hi, |
Replace the proxychains-based proxy implementation from serversideup#31 with the standard HTTP_PROXY/HTTPS_PROXY/NO_PROXY environment variables, which certbot (requests) and the Cloudflare SDK (httpx) honor natively. The image now installs pysocks and socksio so SOCKS proxies work in both HTTP stacks, and the README documents the new usage. This avoids writing proxy credentials to disk and removes the LD_PRELOAD layer. CERTBOT_EMAIL is now optional: when unset, certbot registers with --register-unsafely-without-email (Let's Encrypt no longer sends expiration emails as of June 2025). The fallback is shown in the startup banner, and email flags use the entrypoint's existing positional-parameter pattern.
|
Hi @aleskxyz — thanks for the PR! Both features are great ideas. I pushed a commit to your branch that keeps your email change and reworks the proxy support. Here's the summary of the changes: Proxy support → standard env varsCertbot ( environment:
HTTPS_PROXY: "socks5h://user:pass@proxy.example.com:1080" # or http://proxy:3128Why the change:
Verified on the built image: proxy routing confirmed for both ACME and Cloudflare API traffic, Set emails as optional for Let's EncryptThis feature is kept, but I made a few small changes:
Regarding the question from @Rithari:
Since Let's Encrypt stopped sending expiration emails (June 2025), email-less registration loses nothing. Certbot itself removed its warnings about empty email for exactly this reason (certbot#10214). The tests I ran were against the Let's Encrypt staging server and it came back with: Next Steps@aleskxyz: Can you test the updated branch against your real proxy? You have the actual environment that motivated this proposal. Once confirmed, I'm happy to merge. 🚀 |
Summary
proxychains4.CERTBOT_EMAILoptional while still allowing non-interactive operation.Changes
PROXY_TYPE(supported:none,socks5,socks4,http,https)PROXY_HOSTPROXY_PORTPROXY_USERNAMEPROXY_PASSWORDentrypoint.shto:PROXY_TYPEand requirePROXY_HOST/PROXY_PORTwhen a proxy is enabled./etc/proxychains/proxychains.conffrom the proxy env vars (including optional auth).proxychains4whenPROXY_TYPE != none.CERTBOT_EMAILis set, pass--email $CERTBOT_EMAIL.CERTBOT_EMAILis empty, use--register-unsafely-without-emailto keep it non-interactive.README.md:CERTBOT_EMAILas optional and documented the fallback behavior.Notes
proxychains4.