first commit

Dockerfile

@@ -0,0 +1,22 @@
+FROM debian:bullseye-slim
+
+RUN apt update && apt install -y bash cron python3 python3-venv procps tini
+
+RUN python3 -m venv /opt/certbot/ && /opt/certbot/bin/pip install --upgrade pip
+
+RUN /opt/certbot/bin/pip install certbot certbot-dns-cloudflare && \
+    ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+
+RUN mkdir -p /config
+
+COPY run.sh / renew.sh /
+
+RUN chmod +x /run.sh /renew.sh
+
+ENV DOMAINS=
+ENV EMAIL=
+ENV INTERVAL="0 */6 * * *"
+ENV STAGING=false
+
+ENTRYPOINT ["/usr/bin/tini", "-s", "/run.sh"]
+

README.md

@@ -1,3 +1,35 @@
-# certbot-cron-docker
+## Cerbot Docker
 
-Docker container that runs certbot on a schedule to create and renew SSL certificates
+Docker Certbot that runs on a schedule to create and renew SSL certificates. Uses Cloudflare for DNS-01 verification. Automatic renewal attempt happens every 6 hours.
+
+# Building
+
+```git clone https://git.mrmeeb.stream/certbot-cron-docker
+
+cd certbot-cron-docker
+
+docker build -t certbot-cron .
+
+docker run -d --name certbot-cron \
+    -e EMAIL=admin@domain.com \
+    -e DOMAINS=domain.com \
+    -v /docker/certbot-cron:/config \
+    certbot-cron
+```
+
+# Environment Variables:
+
+| Variable | Default Value | Description |
+| --- | --- | --- |
+| EMAIL | None | Email address for renewal information & other communications |
+| DOMAINS | None | Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported |
+| INTERVAL | 0 */6 * * * | How often certbot attempts to renew the certificate. Cron syntax |
+| STAGING | false | Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint |
+
+# Volumes
+
+| Docker path | Purpose |
+| --- | --- |
+| /config | Stores configs and LetsEncrypt output for mounting in other containers
+
+Thanks to [this guy](https://stackoverflow.com/questions/63447441/docker-stop-for-crond-times-out) for explaining how to make cron actually shutdown when stopping the container.

renew.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+echo "Attempting to renew certificates"
+if [[ $STAGING = true ]] 
+then
+    echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
+    certbot certonly --staging --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Renewal attempt complete"
+elif [[ $STAGING = false ]] 
+then
+    echo "Using production endpoint"
+    certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Renewal attempt complete"
+else
+    echo "Unrecognised option for STAGING variable - check your configuration"
+
+    exit 8
+fi

run.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+echo ""
+echo ""
+echo "================================================"
+echo "|      __  _______  __  ___________________    |" 
+echo "|     /  |/  / __ \/  |/  / ____/ ____/ __ )   |"
+echo "|    / /|_/ / /_/ / /|_/ / __/ / __/ / __  |   |"
+echo "|   / /  / / _, _/ /  / / /___/ /___/ /_/ /    |"
+echo "|  /_/  /_/_/ |_/_/  /_/_____/_____/_____/     |"
+echo "|                                              |"
+echo "================================================"
+echo ""
+echo ""
+                                         
+
+#Creating needed folders and files if they don't already exist
+if [ ! -d /config/.secrets ]
+then
+    mkdir /config/.secrets
+fi
+
+if [ ! -d /config/letsencrypt ]
+then
+    mkdir /config/letsencrypt
+fi
+
+if [ ! -f /config/.secrets/cloudflare.ini ]
+then
+    touch /config/.secrets/cloudflare.ini
+fi
+
+if [ ! -f /crontab.txt ]
+then
+    touch /crontab.txt
+fi
+
+if [ ! -s /config/.secrets/cloudflare.ini ]
+then
+    echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing"
+
+    exit 8
+fi
+
+#Securing cloudflare.ini to supress warnings
+chmod 600 /config/.secrets/cloudflare.ini
+
+#Outputting Environment Variables to /etc/environment for use by cron-based scripts
+env >> /etc/environment
+
+ln -s /config/letsencrypt /etc/letsencrypt
+
+echo "Domains being added to the certificate are "$DOMAINS
+
+echo "Creating certificates, or attempting to renew if they already exist"
+
+if [[ $STAGING = true ]] 
+then
+    echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
+    certbot certonly --staging --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Creation/renewal attempt complete"
+elif [[ $STAGING = false ]] 
+then
+    echo "Using production endpoint"
+    certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Creation/renewal attempt complete"
+else
+    echo "Unrecognised option for STAGING variable - check your configuration"
+
+    exit 8
+fi
+
+echo "$INTERVAL /renew.sh > /proc/1/fd/1 2>/proc/1/fd/2" > /crontab.txt
+
+echo "Starting automatic renewal job. Schedule is $INTERVAL"
+crontab /crontab.txt
+
+exec cron -f