MrMeeb/certbot-cron-docker
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 7 Wiki Activity
57 Commits 2 Branches 7 Tags
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
MrMeeb 4983cfb5ef revert c12eb0b381ba146398e8e7dc63c67e07b2fb4455 
revert Update alpine Docker tag to v3.20.0
2024-05-27 22:24:29 +00:00
.gitea/workflows
Fix incorrect reference to default branch
2024-05-27 20:53:20 +00:00
root
add ONE_SHOT so container exits after run
2023-07-17 17:49:02 +00:00
.gitignore
add goreleaser
2023-06-20 21:27:27 +00:00
.goreleaser-gitea.yaml
Change release formatting
2024-05-12 09:25:01 +00:00
Dockerfile
revert c12eb0b381ba146398e8e7dc63c67e07b2fb4455
2024-05-27 22:24:29 +00:00
README.md
Remove Drone build badges
2024-05-12 10:58:19 +00:00
renovate.json
Update base renovate branch
2024-05-27 15:57:57 +00:00
requirements.txt
Update certbot to v2.10.0
2024-05-27 22:12:33 +00:00

README.md

Certbot Cron Docker

Dockerised Certbot that utilises cron to schedule creating and renewing SSL certificates. Supports standalone, webroot or Cloudflare methods. Automatic renewal attempt happens every 6 hours by default.

Tags

Tag Description
latest Latest image built from the main branch. Usually coincides with a tagged release.
develop Latest image built from the develop branch. Commits are made to the develop branch before being merged to main. Old versions of develop are removed after 14 days.

Running

Docker CLI

docker run -d --name certbot \
    -e EMAIL=admin@domain.com \
    -e DOMAINS=domain.com \
    -e PLUGIN=cloudflare \
    -e CLOUDFLARE_TOKEN=123abc
    -v ./certbot-cron:/config \
    git.mrmeeb.stream/mrmeeb/certbot-cron:latest

Docker Compose

version: "3"
services:
  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
    container_name: certbot
    restart: unless-stopped
    volumes:
      - ./certbot:/config
    environment:
      - EMAIL=admin@domain.com
      - DOMAINS=domain.com,*.domain.com
      - PLUGIN=cloudflare
      - CLOUDFLARE_TOKEN=123abc

Environment Variables:

Core Options:

Core options to the container

Variable Default Description
PUID int 1000
PGID int 1000
TZ List of valid TZs UTC
ONE_SHOT false Whether container exits after first run of certbot, or starts cron-based auto-renewal
GENERATE_DHPARAM true (case-sensitive) Generate Diffie-Hellman keys in /config/letsencrypt/keys
INTERVAL 0 */6 * * * How often certbot attempts to renew the certificate. Cron syntax
CERT_COUNT 1 How many certificates certbot will try to issue. Details here

Certificate Options

These options apply when CERT_COUNT is 1

Variable Default Description
EMAIL None Email address for renewal information & other communications
DOMAINS None Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported
STAGING false (case-sensitive) Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint. Not supported when using a custom Certificate Authority.

Plugins

Plugins that can used for issuing a certificate

Variable Default Description
PLUGIN standalone Options are webroot, standalone, or cloudflare
  • webroot - relies on a webserver running on the FQDN for which you're trying to issue a certificate to serve validation files
    • Requires the webserver's root directory to be mounted to the container as /config/webroot
  • standalone - certbot spawns a webserver on port 80 for validation
    • Requires this container to be bound to port 80 on the host
  • cloudflare - Creates a TXT record with Cloudflare pointing to the domain you're requesting a certificate for
    • Requires the domain you're requesting a certificate for to be entered in Cloudflare

Cloudflare Plugin

Options that affect the behaviour of certbot running with the Cloudflare plugin

Variable Default Description
PROPOGATION_TIME 10 The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need
CLOUDFLARE_TOKEN null Cloudflare token for verification

Custom Certificate Authority

Options to use a custom Certificate Authority, for example when issuing internal certificates

Variable Default Description
CUSTOM_CA null Name of the root certificate Certbot/ACME will trust requesting the certificate, e.g root.pem. Must be placed in /config/custom_ca
CUSTOM_CA_SERVER null Custom server URL used by Certbot/ACME when requesting a certificate, e.g https://ca.internal/acme/acme/directory

Multiple Certificates

This container can issue multiple certificates each containing different domains. This could be used to issue a certificate for a public domain on Cloudflare, but then also for a local certificate from an internal Certificate Authority, for example. Another example would be you have a web-server hosting two separate websites and you want them to have dedicated SSL certificates instead of sharing one.

When issuing multiple certificates, first CERT_COUNT must be set to a value greater than 1.

Global Environment Variables

Some environment variables can be set globally, where they apply to all certificates (unless otherwise specifically specified). The following can be used globally:

Variable DESCRIPTION
EMAIL Email address for renewal information & other communications
STAGING Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint. Not supported when using a custom Certificate Authority.
CUSTOM_CA Name of the root certificate Certbot/ACME will trust requesting the certificate, e.g root.pem. Must be placed in /config/custom_ca
CUSTOM_CA_SERVER Custom server URL used by Certbot/ACME when requesting a certificate, e.g https://ca.internal/acme/acme/directory
PLUGIN Options are webroot, standalone, or cloudflare
PROPOGATION_TIME (Applies to Cloudflare plugin) The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need

More detail on these environment variables may be found further up.

Certificate-specific Environment Variables

Any variable other than those described as Core Options can be set per-certificate in a multi-certificate environment. The syntax is ${VARIABLE_NAME}_${CERT_NUMBER}. The only certificate-specific option that must be set is the DOMAINS option.

Multi-certificate container using global variables:
  certbot:
    container_name: certbot
    image: git.mrmeeb.stream/mrmeeb/certbot-cron
    volumes:
      - /docker/certbot-cron:/config
      - /docker/nginx/www:/config/webroot
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - GENERATE_DHPARAM=false
      - CERT_COUNT=2
      - EMAIL=admin@domain.com
      - CUSTOM_CA=root.pem
      - CUSTOM_CA_SERVER=https://ca.internal/acme/acme/directory
      - PLUGIN=webroot
      - STAGING=false
      - DOMAINS_1=website1.com
      - DOMAINS_2=website2.com
Multi-certificate container using different options for each certificate:
  certbot:
    container_name: certbot
    image: git.mrmeeb.stream/mrmeeb/certbot-cron
    volumes:
      - /docker/certbot-cron:/config
      - /docker/nginx/www:/config/webroot
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - GENERATE_DHPARAM=false
      - CERT_COUNT=2
      - EMAIL=admin@domain.com
      - DOMAINS_1=website1.com
      - CUSTOM_CA_1=root.pem
      - CUSTOM_CA_SERVER_1=https://ca.internal/acme/acme/directory
      - PLUGIN_1=webroot
      - STAGING_1=false
      - DOMAINS_2=website2.com
      - PLUGIN_2=cloudflare
      - CLOUDFLARE_TOKEN_2=abc123
      - PROPOGATION_TIME_2=30
      - STAGING_2=true

Volumes

Docker path Purpose
/config Stores configs and LetsEncrypt output for mounting in other containers
/config/webroot Mountpoint for the webroot of a separate webserver. Required if PLUGIN=webroot is set

Ports

Port Purpose
80 Used by ACME to verify domain ownership. Required if PLUGIN=standalone is set
Description
Docker container that runs certbot on a schedule to create and renew SSL certificates
Readme 325 KiB
Releases 7
1.3.0 Latest
2025-01-15 22:02:09 +00:00
Languages
Shell 93.2%
Dockerfile 6.8%