MrMeeb/certbot-cron-docker
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 7 Wiki Activity
78 Commits 2 Branches 7 Tags
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
Renovate Bot b05b79fffb
All checks were successful
Build Image / Validate Image (push) Successful in 2m35s
Details
Build Image / Publish Image (push) Successful in 4m16s
Details
Build Image / Notify (push) Successful in 3s
Details
Update certbot to v3 (major) (#42) 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [certbot](https://github.com/certbot/certbot) | major | `==2.11.0` -> `==3.1.0` |
| [certbot-dns-cloudflare](https://github.com/certbot/certbot) | major | `==2.11.0` -> `==3.1.0` |

---

### Release Notes

<details>
<summary>certbot/certbot (certbot)</summary>

### [`v3.1.0`](https://github.com/certbot/certbot/releases/tag/v3.1.0): Certbot 3.1.0

[Compare Source](https://github.com/certbot/certbot/compare/v3.0.1...v3.1.0)

##### Added

-

##### Changed

-   Python 3.8 support was removed.
-   certbot-dns-rfc2136's minimum required version of dnspython is now 2.6.1.
-   Updated our Docker images to be based on Alpine Linux 3.20.
-   Our runtime dependency on setuptools has been dropped from all Certbot
    components.
-   Certbot's packages no longer depend on library importlib_resources.

##### Fixed

-   Included an OpenSSL library that was missing in our Certbot snap fixing
    crashes affecting 32-bit ARM users.

More details about these changes can be found on our GitHub repo.

### [`v3.0.1`](https://github.com/certbot/certbot/releases/tag/v3.0.1): Certbot 3.0.1

[Compare Source](https://github.com/certbot/certbot/compare/v3.0.0...v3.0.1)

##### Fixed

-   Removed a CryptographyDeprecationWarning that was being displayed to users
    when checking OCSP status.

More details about these changes can be found on our GitHub repo.

### [`v3.0.0`](https://github.com/certbot/certbot/releases/tag/v3.0.0): Certbot 3.0.0

[Compare Source](https://github.com/certbot/certbot/compare/v2.11.0...v3.0.0)

##### Added

-

##### Changed

-   The update_symlinks command was removed.
-   The `csr_dir` and `key_dir` attributes on
    `certbot.configuration.NamespaceConfig` were removed.
-   The `--manual-public-ip-logging-ok` command line flag was removed.
-   The `--dns-route53-propagation-seconds` command line flag was removed.
-   The `certbot_dns_route53.authenticator` module has been removed. This should
    not affect any users of the plugin and instead would only affect developers
    trying to develop on top of the old code.
-   Support for Python 3.8 was deprecated and will be removed in our next planned
    release.

##### Fixed

-

More details about these changes can be found on our GitHub repo.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS40Mi4xIiwidXBkYXRlZEluVmVyIjoiMzkuNDIuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

Reviewed-on: #42
Co-authored-by: Renovate Bot <renovate@mrmeeb.stream>
Co-committed-by: Renovate Bot <renovate@mrmeeb.stream>
2025-01-15 11:06:00 +00:00
.gitea/workflows
Move to Feature Branch Workflow [skip ci] (#23)
2024-06-04 17:51:56 +00:00
root
Fix s6-overlay format error (#29)
2024-06-15 15:55:18 +00:00
.gitignore
add goreleaser
2023-06-20 21:27:27 +00:00
.goreleaser-gitea.yaml
Change release formatting
2024-05-12 09:25:01 +00:00
Dockerfile
Update alpine Docker tag to v3.21.1
2025-01-14 06:00:10 +00:00
README.md
Add renewal notifications (#24)
2024-06-04 17:52:26 +00:00
renovate.json
Delay Renovate from picking up new releases by 7 days (#31) [skip ci]
2024-06-22 15:37:03 +00:00
requirements.txt
Update certbot to v3 (major) (#42)
2025-01-15 11:06:00 +00:00

README.md

Certbot Cron Docker

Dockerised Certbot that utilises cron to schedule creating and renewing SSL certificates. Supports standalone, webroot or Cloudflare methods. Automatic renewal attempt happens every 6 hours by default.

Tags

I use the Feature Branch workflow. The latest tag contains all of the latest changes that have been merged from individual feature branches. Feature branches are squashed into master.

Pinned releases are created by creating a tag off master to capture the repo in a particular state. They are recommended for stability.

Running

Docker CLI

docker run -d --name certbot \
    -e EMAIL=admin@domain.com \
    -e DOMAINS=domain.com \
    -e PLUGIN=cloudflare \
    -e CLOUDFLARE_TOKEN=123abc
    -v ./certbot-cron:/config \
    git.mrmeeb.stream/mrmeeb/certbot-cron:latest

Docker Compose

version: "3"
services:
  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
    container_name: certbot
    restart: unless-stopped
    volumes:
      - ./certbot:/config
    environment:
      - EMAIL=admin@domain.com
      - DOMAINS=domain.com,*.domain.com
      - PLUGIN=cloudflare
      - CLOUDFLARE_TOKEN=123abc

Environment Variables:

Core Options:

Core options to the container

Variable Default Description
PUID int 1000
PGID int 1000
TZ List of valid TZs UTC
ONE_SHOT false Whether container exits after first run of certbot, or starts cron-based auto-renewal
GENERATE_DHPARAM true (case-sensitive) Generate Diffie-Hellman keys in /config/letsencrypt/keys
INTERVAL 0 */6 * * * How often certbot attempts to renew the certificate. Cron syntax
CERT_COUNT 1 How many certificates certbot will try to issue. Details here
APPRISE_URL None URL for Apprise notifications. Syntax
NOTIFY_ON_SUCCESS false Notify on a successful renewal attempt. Note that this isn't just when the cert is renewed, but on every renewal attempt.
NOTIFY_ON_FAILURE false Notify on a failed renewal attempt.

Certificate Options

These options apply when CERT_COUNT is 1

Variable Default Description
EMAIL None Email address for renewal information & other communications
DOMAINS None Domains to be included in the certificate. Comma separated list, no spaces. Wildcards supported
STAGING false (case-sensitive) Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint. Not supported when using a custom Certificate Authority.

Plugins

Plugins that can used for issuing a certificate

Variable Default Description
PLUGIN standalone Options are webroot, standalone, or cloudflare
  • webroot - relies on a webserver running on the FQDN for which you're trying to issue a certificate to serve validation files
    • Requires the webserver's root directory to be mounted to the container as /config/webroot
  • standalone - certbot spawns a webserver on port 80 for validation
    • Requires this container to be bound to port 80 on the host
  • cloudflare - Creates a TXT record with Cloudflare pointing to the domain you're requesting a certificate for
    • Requires the domain you're requesting a certificate for to be entered in Cloudflare

Cloudflare Plugin

Options that affect the behaviour of certbot running with the Cloudflare plugin

Variable Default Description
PROPOGATION_TIME 10 The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need
CLOUDFLARE_TOKEN null Cloudflare token for verification

Custom Certificate Authority

Options to use a custom Certificate Authority, for example when issuing internal certificates

Variable Default Description
CUSTOM_CA null Name of the root certificate Certbot/ACME will trust requesting the certificate, e.g root.pem. Must be placed in /config/custom_ca
CUSTOM_CA_SERVER null Custom server URL used by Certbot/ACME when requesting a certificate, e.g https://ca.internal/acme/acme/directory

Multiple Certificates

This container can issue multiple certificates each containing different domains. This could be used to issue a certificate for a public domain on Cloudflare, but then also for a local certificate from an internal Certificate Authority, for example. Another example would be you have a web-server hosting two separate websites and you want them to have dedicated SSL certificates instead of sharing one.

When issuing multiple certificates, first CERT_COUNT must be set to a value greater than 1.

Global Environment Variables

Some environment variables can be set globally, where they apply to all certificates (unless otherwise specifically specified). The following can be used globally:

Variable DESCRIPTION
EMAIL Email address for renewal information & other communications
STAGING Uses the LetsEncrypt staging endpoint for testing - avoids the aggressive rate-limiting of the production endpoint. Not supported when using a custom Certificate Authority.
CUSTOM_CA Name of the root certificate Certbot/ACME will trust requesting the certificate, e.g root.pem. Must be placed in /config/custom_ca
CUSTOM_CA_SERVER Custom server URL used by Certbot/ACME when requesting a certificate, e.g https://ca.internal/acme/acme/directory
PLUGIN Options are webroot, standalone, or cloudflare
PROPOGATION_TIME (Applies to Cloudflare plugin) The amount of time (seconds) that certbot waits for the TXT records to propogate to Cloudflare before verifying - the more domains in the certificate, the longer you might need

More detail on these environment variables may be found further up.

Certificate-specific Environment Variables

Any variable other than those described as Core Options can be set per-certificate in a multi-certificate environment. The syntax is ${VARIABLE_NAME}_${CERT_NUMBER}. The only certificate-specific option that must be set is the DOMAINS option.

Multi-certificate container using global variables:
  certbot:
    container_name: certbot
    image: git.mrmeeb.stream/mrmeeb/certbot-cron
    volumes:
      - /docker/certbot-cron:/config
      - /docker/nginx/www:/config/webroot
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - GENERATE_DHPARAM=false
      - CERT_COUNT=2
      - EMAIL=admin@domain.com
      - CUSTOM_CA=root.pem
      - CUSTOM_CA_SERVER=https://ca.internal/acme/acme/directory
      - PLUGIN=webroot
      - STAGING=false
      - DOMAINS_1=website1.com
      - DOMAINS_2=website2.com
Multi-certificate container using different options for each certificate:
  certbot:
    container_name: certbot
    image: git.mrmeeb.stream/mrmeeb/certbot-cron
    volumes:
      - /docker/certbot-cron:/config
      - /docker/nginx/www:/config/webroot
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - GENERATE_DHPARAM=false
      - CERT_COUNT=2
      - EMAIL=admin@domain.com
      - DOMAINS_1=website1.com
      - CUSTOM_CA_1=root.pem
      - CUSTOM_CA_SERVER_1=https://ca.internal/acme/acme/directory
      - PLUGIN_1=webroot
      - STAGING_1=false
      - DOMAINS_2=website2.com
      - PLUGIN_2=cloudflare
      - CLOUDFLARE_TOKEN_2=abc123
      - PROPOGATION_TIME_2=30
      - STAGING_2=true

Volumes

Docker path Purpose
/config Stores configs and LetsEncrypt output for mounting in other containers
/config/webroot Mountpoint for the webroot of a separate webserver. Required if PLUGIN=webroot is set

Ports

Port Purpose
80 Used by ACME to verify domain ownership. Required if PLUGIN=standalone is set
Description
Docker container that runs certbot on a schedule to create and renew SSL certificates
Readme 325 KiB
Releases 7
1.3.0 Latest
2025-01-15 22:02:09 +00:00
Languages
Shell 93.2%
Dockerfile 6.8%