Alpine Docker image with Certbot preconfigured to autorenew SSL certificates using Cloudflare DNS. Built on top of the Scalified CRON image
Certbot is used in certonly mode and runs with the --keep-until-expiring flag, which ensures that an existing certificate is reused until it is
within 30 days of expiration. A CRON job is configured to run Certbot at container startup and once daily at night, helping to ensure that SSL certificates are always up to date
- Generate a Cloudflare User API Token with
Zone:DNS:Editpermissions - Save the generated token in a Cloudflare credentials file
- Launch the
scalified/certbot-cloudflareDocker image:
docker run \
--name certbot \
-e CF_EMAIL="admin@example.com" \
-e CF_CREDENTIALS_FILE="/etc/certbot/cloudflare.ini" \
-e CF_PROPAGATION_SECONDS="60" \
-e DOMAINS="*.example.com example.com" \
-e LETSENCRYPT_DIR="/etc/letsencrypt" \
-e DEPLOY_HOOK="docker exec nginx nginx -s reload" \
-e CERTBOT_CRON_SCHEDULE="27 1 * * *" \
-v ./cloudflare.ini:/etc/certbot/cloudflare.ini:ro \
-v ./letsencrypt:/etc/letsencrypt \
-v /var/run/docker.sock:/var/run/docker.sock \
--detach \
--restart always \
scalified/certbot-cloudflare| Environment Variable | Description | Default Value |
|---|---|---|
CF_EMAIL |
Email address associated with Cloudflare account | |
CF_CREDENTIALS_FILE |
Path to the Cloudflare credentials file used for DNS authentication | /etc/certbot/cloudflare.ini |
CF_PROPAGATION_SECODS |
Number of seconds to wait for DNS propagation before requesting validation from the ACME server | 60 |
LETSENCRYPT_DIR |
Directory where Certbot stores the generated Let's Encrypt SSL certificates | /etc/letsencrypt |
DOMAINS |
Space-separated list of domains for which SSL certificates should be generated | |
DEPLOY_HOOK |
Shell command to run once per successfully issued certificate | |
CERTBOT_CRON_SCHEDULE |
CRON expression that defines when to run the Certbot renewal | 27 1 * * * |