Update 'README.md'

.drone.yml

@@ -0,0 +1,40 @@
+kind: pipeline
+type: docker
+name: build-multiarch-images
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: make-tags
+  image: node
+  commands:
+    - echo -n "${DRONE_COMMIT_SHA:0:10}, latest" > .tags
+
+- name: build  
+  image: thegeeklab/drone-docker-buildx
+  privileged: true
+  settings:
+    registry: git.mrmeeb.stream
+    username: 
+      from_secret: docker_username
+    password: 
+      from_secret: docker_password
+    repo: git.mrmeeb.stream/mrmeeb/certbot-cron
+    platforms:
+      - linux/arm64
+      - linux/amd64
+
+- name: notify
+  image: plugins/slack
+  settings:
+    webhook: 
+      from_secret: slack_webhook
+
+trigger:
+  branch:
+    - master
+  event:
+    exclude:
+    - pull_request

Dockerfile

@@ -0,0 +1,24 @@
+FROM debian:bullseye-slim
+
+RUN apt update && apt install -y bash cron python3 python3-venv procps tini
+
+RUN python3 -m venv /opt/certbot/ && /opt/certbot/bin/pip install --upgrade pip
+
+RUN /opt/certbot/bin/pip install certbot certbot-dns-cloudflare && \
+    ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+
+RUN mkdir -p /config
+
+COPY run.sh / renew.sh /
+
+RUN chmod +x /run.sh /renew.sh
+
+ENV DOMAINS=
+ENV EMAIL=
+ENV INTERVAL="0 */6 * * *"
+ENV STAGING=false
+ENV PROPOGATION_TIME=10
+ENV GENERATE_DHPARAM=true
+
+ENTRYPOINT ["/usr/bin/tini", "-s", "/run.sh"]
+

README.md

@@ -1,3 +1,69 @@
-# certbot-cron-docker
+# Certbot Cron Docker
 
-Docker container that runs certbot on a schedule to create and renew SSL certificates
+[![Build Status](https://drone.mrmeeb.stream/api/badges/MrMeeb/certbot-cron-docker/status.svg)](https://drone.mrmeeb.stream/MrMeeb/certbot-cron-docker)
+
+Dockerised Certbot that utilises cron to schedule creating and renewing SSL certificates. Uses Cloudflare for DNS-01 verification. Automatic renewal attempt happens every 6 hours.
+
+## Running
+
+### Docker CLI
+```
+docker run -d --name certbot \
+    -e EMAIL=admin@domain.com \
+    -e DOMAINS=domain.com \
+    -v /docker/certbot-cron:/config \
+    git.mrmeeb.stream/mrmeeb/certbot-cron:latest
+```
+
+### Docker Compose
+```
+version: "3"
+services:
+  certbot:
+    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
+    container_name: certbot
+    restart: unless-stopped
+    volumes:
+      - ./certbot:/config
+    environment:
+      - EMAIL=admin@domain.com
+      - DOMAINS=domain.com,*.domain.com
+```
+
+## Environment Variables:
+
+| Variable | Default Value | Description |
+| --- | --- | --- |
+| EMAIL | None | Email address for renewal information & other communications |
+| DOMAINS | None | Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported |
+| INTERVAL | 0 */6 * * * | How often certbot attempts to renew the certificate. Cron syntax |
+| STAGING | false (case-sensitive) | Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint |
+| PROPOGATION_TIME | 10 | The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need |
+| GENERATE_DHPARAM | true (case-sensitive) | Generate Diffie-Hellman keys in /config/letsencrypt/keys |
+
+
+## Volumes
+
+| Docker path | Purpose |
+| --- | --- |
+| /config | Stores configs and LetsEncrypt output for mounting in other containers
+
+## Building
+
+```
+git clone https://git.mrmeeb.stream/certbot-cron-docker
+
+cd certbot-cron-docker
+
+docker build -t certbot-cron .
+
+docker run -d --name certbot-cron \
+    -e EMAIL=admin@domain.com \
+    -e DOMAINS=domain.com \
+    -v /docker/certbot-cron:/config \
+    certbot-cron
+```
+
+## Other
+
+Thanks to [this guy](https://stackoverflow.com/questions/63447441/docker-stop-for-crond-times-out) for explaining how to make cron actually shutdown when stopping the container.

renew.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+echo "Attempting to renew certificates"
+if [[ $STAGING = true ]] 
+then
+    echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
+    certbot certonly --staging --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Renewal attempt complete"
+elif [[ $STAGING = false ]] 
+then
+    echo "Using production endpoint"
+    certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Renewal attempt complete"
+else
+    echo "Unrecognised option for STAGING variable - check your configuration"
+
+    exit 8
+fi

run.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+echo ""
+echo ""
+echo "================================================"
+echo "|      __  _______  __  ___________________    |" 
+echo "|     /  |/  / __ \/  |/  / ____/ ____/ __ )   |"
+echo "|    / /|_/ / /_/ / /|_/ / __/ / __/ / __  |   |"
+echo "|   / /  / / _, _/ /  / / /___/ /___/ /_/ /    |"
+echo "|  /_/  /_/_/ |_/_/  /_/_____/_____/_____/     |"
+echo "|                                              |"
+echo "================================================"
+echo ""
+echo ""
+                                         
+
+#Creating needed folders and files if they don't already exist
+if [ ! -d /config/.secrets ]
+then
+    mkdir /config/.secrets
+fi
+
+if [ ! -d /config/letsencrypt ]
+then
+    mkdir /config/letsencrypt
+fi
+
+if [ ! -f /config/.secrets/cloudflare.ini ]
+then
+    touch /config/.secrets/cloudflare.ini
+fi
+
+if [ ! -f /crontab.txt ]
+then
+    touch /crontab.txt
+fi
+
+if [ ! -s /config/.secrets/cloudflare.ini ]
+then
+    echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing"
+
+    exit 8
+fi
+
+#Securing cloudflare.ini to supress warnings
+chmod 600 /config/.secrets/cloudflare.ini
+
+#Outputting Environment Variables to /etc/environment for use by cron-based scripts
+env >> /etc/environment
+
+ln -s /config/letsencrypt /etc/letsencrypt
+
+echo "Domains being added to the certificate are "$DOMAINS
+
+echo "Propogation time is $PROPOGATION_TIME seconds"
+
+echo "Creating certificates, or attempting to renew if they already exist"
+
+if [[ $STAGING = true ]] 
+then
+    echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
+    certbot certonly --staging --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Creation/renewal attempt complete"
+elif [[ $STAGING = false ]] 
+then
+    echo "Using production endpoint"
+    certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
+    echo "Creation/renewal attempt complete"
+else
+    echo "Unrecognised option for STAGING variable - check your configuration"
+
+    exit 8
+fi
+
+if [[ $GENERATE_DHPARAM = true ]] && [[ ! -s /config/letsencrypt/keys/ssl-dhparams.pem ]]
+then
+    echo "Generating Diffie-Hellman keys, saved to /config/letsencrypt/keys"
+    openssl dhparam -out /config/letsencrypt/keys/ssl-dhparams.pem 4096
+fi
+
+echo "$INTERVAL /renew.sh > /proc/1/fd/1 2>/proc/1/fd/2" > /crontab.txt
+
+echo "Starting automatic renewal job. Schedule is $INTERVAL"
+crontab /crontab.txt
+
+exec cron -f