MrMeeb/certbot-cron-docker
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 7 Wiki Activity
28 Commits 2 Branches 7 Tags
3a6466612b4110c94bba3c98e25cd5748a26cf87
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
MrMeeb 3a6466612b
All checks were successful
continuous-integration/drone/push Build is passing
Details
enable tracking of env vars between runs
2023-07-15 16:04:45 +00:00
root
enable tracking of env vars between runs
2023-07-15 16:04:45 +00:00
.drone.yml
update build logic
2023-06-20 21:27:36 +00:00
.gitignore
add goreleaser
2023-06-20 21:27:27 +00:00
.goreleaser-gitea.yaml
add goreleaser
2023-06-20 21:27:27 +00:00
Dockerfile
add standalone and webroot methods
2023-07-09 21:53:06 +00:00
README.md
add standalone and webroot methods
2023-07-09 21:53:06 +00:00

README.md

Certbot Cron Docker

Drone (self-hosted) with branch Drone (self-hosted) with branch

Dockerised Certbot that utilises cron to schedule creating and renewing SSL certificates. Supports standalone, webroot or Cloudflare methods. Automatic renewal attempt happens every 6 hours by default.

Tags

Tag Description
latest Latest image built from the main branch. Usually coincides with a tagged release.
develop Latest image built from the develop branch. Commits are made to the develop branch before being merged to main. Old versions of develop are removed after 14 days.

Running

Docker CLI

docker run -d --name certbot \
    -e EMAIL=admin@domain.com \
    -e DOMAINS=domain.com \
    -e PLUGIN=cloudflare \
    -e CLOUDFLARE_TOKEN=123abc
    -v ./certbot-cron:/config \
    git.mrmeeb.stream/mrmeeb/certbot-cron:latest

Docker Compose

version: "3"
services:
  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
    container_name: certbot
    restart: unless-stopped
    volumes:
      - ./certbot:/config
    environment:
      - EMAIL=admin@domain.com
      - DOMAINS=domain.com,*.domain.com
      - PLUGIN=cloudflare
      - CLOUDFLARE_TOKEN=123abc

Environment Variables:

Core Options:

Core options to the container

Variable Default Description
PUID int 1000
PGID int 1000
TZ List of valid TZs UTC
GENERATE_DHPARAM true (case-sensitive) Generate Diffie-Hellman keys in /config/letsencrypt/keys
INTERVAL 0 */6 * * * How often certbot attempts to renew the certificate. Cron syntax
CERT_COUNT 1 How many certificates certbot will try to issue (more than 1 not yet implemented)

Certificate Options

These options apply when CERT_COUNT is 1

Variable Default Description
EMAIL None Email address for renewal information & other communications
DOMAINS None Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported
STAGING false (case-sensitive) Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint. Not supported when using a custom Certificate Authority.

Plugins

Plugins that can used for issuing a certificate

Variable Default Description
PLUGIN standalone Options are webroot, standalone, or cloudflare
  • webroot - relies on a webserver running on the FQDN for which you're trying to issue a certificate to serve validation files
    • Requires the webserver's root directory to be mounted to the container as /config/webroot
  • standalone - certbot spawns a webserver on port 80 for validation
    • Requires this container to be bound to port 80 on the host
  • cloudflare - Creates a TXT record with Cloudflare pointing to the domain you're requesting a certificate for
    • Requires the domain you're requesting a certificate for to be entered in Cloudflare

Cloudflare Plugin

Options that affect the behaviour of certbot running with the Cloudflare plugin

Variable Default Description
PROPOGATION_TIME 10 The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need
CLOUDFLARE_TOKEN null Cloudflare token for verification

Custom Certificate Authority

Options to use a custom Certificate Authority, for example when issuing internal certificates

Variable Default Description
CUSTOM_CA null Name of the root certificate Certbot/ACME will trust requesting the certificate, e.g root.pem. Must be placed in /config/custom_ca
CUSTOM_CA_SERVER null Custom server URL used by Certbot/ACME when requesting a certificate, e.g https://ca.internal/acme/acme/directory

Volumes

Docker path Purpose
/config Stores configs and LetsEncrypt output for mounting in other containers
/config/custom_ca Mountpoint for a custom Certificate Authority root certificate. Required if CUSTOM_CA is set
/config/webroot Mountpoint for the webroot of a separate webserver. Required if PLUGIN=webroot is set

Ports

Port Purpose
80 Used by ACME to verify domain ownership. Required if PLUGIN=standalone is set
Description
Docker container that runs certbot on a schedule to create and renew SSL certificates
Readme 361 KiB
Releases 7
1.3.0 Latest
2025-01-15 22:02:09 +00:00
Languages
Shell 93.2%
Dockerfile 6.8%