From 375cf5da744e7800f538e99558f4da5c9d1c55ca Mon Sep 17 00:00:00 2001
From: MrMeeb <charles.macdonald@me.com>
Date: Mon, 20 Jun 2022 22:41:27 +0000
Subject: [PATCH] Add GENERATE_DHPARAM

---
 Dockerfile | 1 +
 README.md  | 3 ++-
 run.sh     | 6 ++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e06cf65..eaa0775 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,7 @@ ENV EMAIL=
 ENV INTERVAL="0 */6 * * *"
 ENV STAGING=false
 ENV PROPOGATION_TIME=10
+ENV GENERATE_DHPARAM=true
 
 ENTRYPOINT ["/usr/bin/tini", "-s", "/run.sh"]
 
diff --git a/README.md b/README.md
index db4a789..9fc3c86 100644
--- a/README.md
+++ b/README.md
@@ -25,8 +25,9 @@ docker run -d --name certbot-cron \
 | EMAIL | None | Email address for renewal information & other communications |
 | DOMAINS | None | Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported |
 | INTERVAL | 0 */6 * * * | How often certbot attempts to renew the certificate. Cron syntax |
-| STAGING | false | Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint |
+| STAGING | false | (case-sensitive) Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint |
 | PROPOGATION_TIME | 10 | The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need |
+| GENERATE_DHPARAM | true | (case-sensitive) Generate Diffie-Hellman keys in /config/letsencrypt/keys |
 
 
 ## Volumes
diff --git a/run.sh b/run.sh
index 1081cdd..ee64263 100644
--- a/run.sh
+++ b/run.sh
@@ -71,6 +71,12 @@ else
     exit 8
 fi
 
+if [[ $GENERATE_DHPARAM = true ]]
+then
+    echo "Generating Diffie-Hellman keys, saved to /config/letsencrypt/keys"
+    openssl dhparam -out /config/letsencrypt/keys/ssl-dhparams.pem 4096
+fi
+
 echo "$INTERVAL /renew.sh > /proc/1/fd/1 2>/proc/1/fd/2" > /crontab.txt
 
 echo "Starting automatic renewal job. Schedule is $INTERVAL"