{"id":21698631,"url":"https://github.com/theohbrothers/docker-certbot-dns-cron","last_synced_at":"2026-03-04T21:02:27.295Z","repository":{"id":53508968,"uuid":"151594187","full_name":"theohbrothers/docker-certbot-dns-cron","owner":"theohbrothers","description":"Dockerized Certbot with DNS Plugins, with cron, deploy, email alert capabilities 🐳","archived":false,"fork":false,"pushed_at":"2024-04-27T12:08:15.000Z","size":351,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-01T17:54:25.976Z","etag":null,"topics":["buildx","certbot","cron","dns","docker","email","generate-dockerimagevariants","letsencrypt","letsencrypt-certificates","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/theohbrothers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-04T15:27:58.000Z","updated_at":"2024-04-27T12:08:18.000Z","dependencies_parsed_at":"2024-11-25T19:46:55.209Z","dependency_job_id":null,"html_url":"https://github.com/theohbrothers/docker-certbot-dns-cron","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/theohbrothers/docker-certbot-dns-cron","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theohbrothers%2Fdocker-certbot-dns-cron","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theohbrothers%2Fdocker-certbot-dns-cron/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theohbrothers%2Fdocker-certbot-dns-cron/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theohbrothers%2Fdocker-certbot-dns-cron/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/theohbrothers","download_url":"https://codeload.github.com/theohbrothers/docker-certbot-dns-cron/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theohbrothers%2Fdocker-certbot-dns-cron/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30092872,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T20:42:30.420Z","status":"ssl_error","status_checked_at":"2026-03-04T20:42:30.057Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildx","certbot","cron","dns","docker","email","generate-dockerimagevariants","letsencrypt","letsencrypt-certificates","tls-certificate"],"created_at":"2024-11-25T19:35:38.883Z","updated_at":"2026-03-04T21:02:27.278Z","avatar_url":"https://github.com/theohbrothers.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-certbot-dns-cron\n\n[![github-actions](https://github.com/theohbrothers/docker-certbot-dns-cron/actions/workflows/ci-master-pr.yml/badge.svg?branch=master)](https://github.com/theohbrothers/docker-certbot-dns-cron/actions/workflows/ci-master-pr.yml)\n[![github-release](https://img.shields.io/github/v/release/theohbrothers/docker-certbot-dns-cron?style=flat-square)](https://github.com/theohbrothers/docker-certbot-dns-cron/releases/)\n[![docker-image-size](https://img.shields.io/docker/image-size/theohbrothers/docker-certbot-dns-cron/latest)](https://hub.docker.com/r/theohbrothers/docker-certbot-dns-cron)\n\nDockerized [certbot](https://github.com/certbot/certbot) with [DNS Plugins](https://certbot.eff.org/docs/using.html#dns-plugins), based on [official certbot docker images](https://hub.docker.com/u/certbot), with cron, deploy, email alert capabilities.\n\nIt signs wildcards certificates for domains. For instance, the DNS Names for an obtained certificate for `example.com` would be: `example.com, *.example.com`.\n\nAll Certbot plugins are supported: `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53`\n\n## Deprecation notice\n\nThe present application is a 4-step tool for automating ACME certificate renewal using `certbox` for a container orchestrator like `docker` standalone or `docker` `swarm`.\n\nHowever, step `2.`, `3.`, and `4.` may be solved by using already existing tools, for instance:\n\n- Copying certs to another service can be done by sharing a volume or by some other means\n- Reloading another service by sending a signal can be done in many other ways which are more secure than doing it over `/var/run/docker.sock`\n- Notification can be done in many other ways other than email\n\nSince there only remains step `1.` to solve, there is no benefit to using this application. The `certbot` tool itself constantly evolves, and it makes no sense to maintain a wrapping entrypoint script around it.\n\nHence, it is simpler to just use the [official certbot docker images](https://hub.docker.com/u/certbot). If a cron is needed, create a crontab in `/etc/crontabs/\u003cuser\u003e` and run `crond`.\n\n## Tags\n\nEach variant is Certbot DNS provider plugin image.\n\n| Tag | Plugin name | Dockerfile Build Context  |\n|:-------:|:---------:|:---------:\n| `:v1.12.0-cloudflare`, `:latest` | [certbot-dns-cloudflare](https://certbot-dns-cloudflare.readthedocs.io) | [View](variants/v1.12.0-cloudflare) |\n| `:v1.11.0-cloudflare` | [certbot-dns-cloudflare](https://certbot-dns-cloudflare.readthedocs.io) | [View](variants/v1.11.0-cloudflare) |\n| `:v1.10.1-cloudflare` | [certbot-dns-cloudflare](https://certbot-dns-cloudflare.readthedocs.io) | [View](variants/v1.10.1-cloudflare) |\n| `:v1.9.0-cloudflare` | [certbot-dns-cloudflare](https://certbot-dns-cloudflare.readthedocs.io) | [View](variants/v1.9.0-cloudflare) |\n| `:v1.12.0-cloudxns` | [certbot-dns-cloudxns](https://certbot-dns-cloudxns.readthedocs.io) | [View](variants/v1.12.0-cloudxns) |\n| `:v1.11.0-cloudxns` | [certbot-dns-cloudxns](https://certbot-dns-cloudxns.readthedocs.io) | [View](variants/v1.11.0-cloudxns) |\n| `:v1.10.1-cloudxns` | [certbot-dns-cloudxns](https://certbot-dns-cloudxns.readthedocs.io) | [View](variants/v1.10.1-cloudxns) |\n| `:v1.9.0-cloudxns` | [certbot-dns-cloudxns](https://certbot-dns-cloudxns.readthedocs.io) | [View](variants/v1.9.0-cloudxns) |\n| `:v1.12.0-digitalocean` | [certbot-dns-digitalocean](https://certbot-dns-digitalocean.readthedocs.io) | [View](variants/v1.12.0-digitalocean) |\n| `:v1.11.0-digitalocean` | [certbot-dns-digitalocean](https://certbot-dns-digitalocean.readthedocs.io) | [View](variants/v1.11.0-digitalocean) |\n| `:v1.10.1-digitalocean` | [certbot-dns-digitalocean](https://certbot-dns-digitalocean.readthedocs.io) | [View](variants/v1.10.1-digitalocean) |\n| `:v1.9.0-digitalocean` | [certbot-dns-digitalocean](https://certbot-dns-digitalocean.readthedocs.io) | [View](variants/v1.9.0-digitalocean) |\n| `:v1.12.0-dnsimple` | [certbot-dns-dnsimple](https://certbot-dns-dnsimple.readthedocs.io) | [View](variants/v1.12.0-dnsimple) |\n| `:v1.11.0-dnsimple` | [certbot-dns-dnsimple](https://certbot-dns-dnsimple.readthedocs.io) | [View](variants/v1.11.0-dnsimple) |\n| `:v1.10.1-dnsimple` | [certbot-dns-dnsimple](https://certbot-dns-dnsimple.readthedocs.io) | [View](variants/v1.10.1-dnsimple) |\n| `:v1.9.0-dnsimple` | [certbot-dns-dnsimple](https://certbot-dns-dnsimple.readthedocs.io) | [View](variants/v1.9.0-dnsimple) |\n| `:v1.12.0-dnsmadeeasy` | [certbot-dns-dnsmadeeasy](https://certbot-dns-dnsmadeeasy.readthedocs.io) | [View](variants/v1.12.0-dnsmadeeasy) |\n| `:v1.11.0-dnsmadeeasy` | [certbot-dns-dnsmadeeasy](https://certbot-dns-dnsmadeeasy.readthedocs.io) | [View](variants/v1.11.0-dnsmadeeasy) |\n| `:v1.10.1-dnsmadeeasy` | [certbot-dns-dnsmadeeasy](https://certbot-dns-dnsmadeeasy.readthedocs.io) | [View](variants/v1.10.1-dnsmadeeasy) |\n| `:v1.9.0-dnsmadeeasy` | [certbot-dns-dnsmadeeasy](https://certbot-dns-dnsmadeeasy.readthedocs.io) | [View](variants/v1.9.0-dnsmadeeasy) |\n| `:v1.12.0-google` | [certbot-dns-google](https://certbot-dns-google.readthedocs.io) | [View](variants/v1.12.0-google) |\n| `:v1.11.0-google` | [certbot-dns-google](https://certbot-dns-google.readthedocs.io) | [View](variants/v1.11.0-google) |\n| `:v1.10.1-google` | [certbot-dns-google](https://certbot-dns-google.readthedocs.io) | [View](variants/v1.10.1-google) |\n| `:v1.9.0-google` | [certbot-dns-google](https://certbot-dns-google.readthedocs.io) | [View](variants/v1.9.0-google) |\n| `:v1.12.0-linode` | [certbot-dns-linode](https://certbot-dns-linode.readthedocs.io) | [View](variants/v1.12.0-linode) |\n| `:v1.11.0-linode` | [certbot-dns-linode](https://certbot-dns-linode.readthedocs.io) | [View](variants/v1.11.0-linode) |\n| `:v1.10.1-linode` | [certbot-dns-linode](https://certbot-dns-linode.readthedocs.io) | [View](variants/v1.10.1-linode) |\n| `:v1.9.0-linode` | [certbot-dns-linode](https://certbot-dns-linode.readthedocs.io) | [View](variants/v1.9.0-linode) |\n| `:v1.12.0-luadns` | [certbot-dns-luadns](https://certbot-dns-luadns.readthedocs.io) | [View](variants/v1.12.0-luadns) |\n| `:v1.11.0-luadns` | [certbot-dns-luadns](https://certbot-dns-luadns.readthedocs.io) | [View](variants/v1.11.0-luadns) |\n| `:v1.10.1-luadns` | [certbot-dns-luadns](https://certbot-dns-luadns.readthedocs.io) | [View](variants/v1.10.1-luadns) |\n| `:v1.9.0-luadns` | [certbot-dns-luadns](https://certbot-dns-luadns.readthedocs.io) | [View](variants/v1.9.0-luadns) |\n| `:v1.12.0-nsone` | [certbot-dns-nsone](https://certbot-dns-nsone.readthedocs.io) | [View](variants/v1.12.0-nsone) |\n| `:v1.11.0-nsone` | [certbot-dns-nsone](https://certbot-dns-nsone.readthedocs.io) | [View](variants/v1.11.0-nsone) |\n| `:v1.10.1-nsone` | [certbot-dns-nsone](https://certbot-dns-nsone.readthedocs.io) | [View](variants/v1.10.1-nsone) |\n| `:v1.9.0-nsone` | [certbot-dns-nsone](https://certbot-dns-nsone.readthedocs.io) | [View](variants/v1.9.0-nsone) |\n| `:v1.12.0-ovh` | [certbot-dns-ovh](https://certbot-dns-ovh.readthedocs.io) | [View](variants/v1.12.0-ovh) |\n| `:v1.11.0-ovh` | [certbot-dns-ovh](https://certbot-dns-ovh.readthedocs.io) | [View](variants/v1.11.0-ovh) |\n| `:v1.10.1-ovh` | [certbot-dns-ovh](https://certbot-dns-ovh.readthedocs.io) | [View](variants/v1.10.1-ovh) |\n| `:v1.9.0-ovh` | [certbot-dns-ovh](https://certbot-dns-ovh.readthedocs.io) | [View](variants/v1.9.0-ovh) |\n| `:v1.12.0-rfc2136` | [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io) | [View](variants/v1.12.0-rfc2136) |\n| `:v1.11.0-rfc2136` | [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io) | [View](variants/v1.11.0-rfc2136) |\n| `:v1.10.1-rfc2136` | [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io) | [View](variants/v1.10.1-rfc2136) |\n| `:v1.9.0-rfc2136` | [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io) | [View](variants/v1.9.0-rfc2136) |\n| `:v1.12.0-route53` | [certbot-dns-route53](https://certbot-dns-route53.readthedocs.io) | [View](variants/v1.12.0-route53) |\n| `:v1.11.0-route53` | [certbot-dns-route53](https://certbot-dns-route53.readthedocs.io) | [View](variants/v1.11.0-route53) |\n| `:v1.10.1-route53` | [certbot-dns-route53](https://certbot-dns-route53.readthedocs.io) | [View](variants/v1.10.1-route53) |\n| `:v1.9.0-route53` | [certbot-dns-route53](https://certbot-dns-route53.readthedocs.io) | [View](variants/v1.9.0-route53) |\n\n## Usage\n\n### Example: Not using Swarm Secrets\n\nThis example signs 2 wildcard certificates, one certificate for `example.com`, and one for `ns.example.com` :\n\n1. `example.com`, `*.example.com`\n2. `ns.example.com`, `*.ns.example.com`\n\n```sh\ndocker service create --name certbot-dns-cron \\\n    -e STAGING=1 \\\n    -e 'DOMAINS=example.com;ns.example.com' \\\n    -e PLUGIN_DNS_PROVIDER=cloudflare \\\n    -e PLUGIN_DNS_CREDENTIALS_FILE=/etc/letsencrypt/certbot_dns_cloudflare_credentials.ini \\\n    -e PLUGIN_DNS_PROPAGATION_SECONDS=10 \\\n    --mount type=bind,source=/var/run/certbot_dns_cloudflare_credentials.ini,target=/etc/letsencrypt/certbot_dns_cloudflare_credentials.ini,readonly \\\n    --mount type=bind,source=/path/to/data/certs/,target=/certs \\\n    --mount type=bind,source=/path/to/data/letsencrypt,target=/etc/letsencrypt \\\n    --replicas=1 \\\n    theohbrothers/docker-certbot-dns-cron:v1.12.0-cloudflare\n```\n\nContents of secret `certbot_dns_cloudflare_credentials.ini`\n\n```ini\n# Cloudflare API credentials used by Certbot\ndns_cloudflare_email = cloudflare@example.com\ndns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567\n```\n\n### Example: Using Swarm Secrets\n\nThis example signs 2 wildcard certificates, one certificate for `example.com`, and one for `ns.example.com` :\n\n1. `example.com`, `*.example.com`\n2. `ns.example.com`, `*.ns.example.com`\n\nLetsEncrypt expiry notification emails will be sent to: `admin@example.com`\n\n```sh\ndocker service create --name certbot-dns-cron \\\n    -e STAGING=1 \\\n    --secret certbot_domains.txt \\\n    --secret certbot_dns_cloudflare_credentials.ini \\\n    -e PLUGIN_DNS_PROVIDER=cloudflare \\\n    -e PLUGIN_DNS_CREDENTIALS_FILE=/run/secrets/certbot_dns_cloudflare_credentials.ini \\\n    -e PLUGIN_DNS_PROPAGATION_SECONDS=10 \\\n    --mount type=bind,source=/path/to/data/certs/,target=/certs \\\n    --mount type=bind,source=/path/to/data/letsencrypt,target=/etc/letsencrypt \\\n    --replicas=1 \\\n    theohbrothers/docker-certbot-dns-cron:v1.12.0-cloudflare\n```\n\nContents of secret `certbot_dns_cloudflare_credentials.ini`\n\n```ini\n# Cloudflare API credentials used by Certbot\ndns_cloudflare_email = cloudflare@example.com\ndns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567\n```\n\nContents of secret `certbot_domains.txt`\n\n```txt\nexample.com\nns.example.com\n```\n\n### Full Example: Using Swarm Secrets\n\nThis example will sign, deploy certs, reload a target container (requires mounting the `docker.sock`), and email a summary report about the success of those tasks (requires email credential secrets). Four wildcard certificates will be obtained:\n\n- `example.com`, `*.example.com`\n- `ns.example.com`, `*.ns.example.com`\n- `example2.com`, `*.example2.com`\n- `ns.example2.com`, `*.ns.example2.com`\n\nLetsEncrypt expiry notification emails will be sent to: `admin@example.com`\n\n```sh\ndocker service create --name certbot-dns-cron \\\n    -e STAGING=1 \\\n    -e PLUGIN_DNS_PROVIDER=cloudflare \\\n    -e PLUGIN_DNS_CREDENTIALS_FILE=/run/secrets/certbot_dns_cloudflare_credentials.ini \\\n    -e PLUGIN_DNS_PROPAGATION_SECONDS=10 \\\n    --secret certbot_domains.txt \\\n    --secret certbot_dns_cloudflare_credentials.ini \\\n    -e DOMAIN_ADMIN_EMAIL_LOCALPART=admin\n    \\\n    -e DEPLOY_CERTS=1 \\\n    \\\n    -e TARGET_CONTAINER_NAME=nginx-proxy_docker-gen \\\n    \\\n    -e EMAIL_REPORT=1 \\\n    --secret certbot_email_from \\\n    --secret certbot_email_to \\\n    --secret certbot_email_user \\\n    --secret certbot_email_password \\\n    --secret certbot_email_smtp_server \\\n    --secret certbot_email_smtp_port \\\n    \\\n    --mount type=bind,source=/path/to/data/certs/,target=/certs \\\n    --mount type=bind,source=/path/to/data/letsencrypt,target=/etc/letsencrypt \\\n    --mount type=bind,source=/var/run/docker.sock,target=/tmp/docker.sock \\\n    --replicas=1 \\\n    theohbrothers/docker-certbot-dns-cron:v1.12.0-cloudflare\n```\n\nContents of secret `certbot_domains.txt`\n\n```txt\nexample.com\nns.example.com\nexample2.com\nns.example2.com\n```\n\nContents of secret `certbot_dns_cloudflare_credentials.ini`\n\n```ini\n# Cloudflare API credentials used by Certbot\ndns_cloudflare_email = cloudflare@example.com\ndns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567\n```\n\nContents of secret `certbot_email_from`\n\n```txt\nme@example.com\n```\n\nContents of secret `certbot_email_to`\n\n```txt\nme@example.com\n```\n\nContents of secret `certbot_email_user`\n\n```txt\nme@example.com\n```\n\nContents of secret `certbot_email_password`\n\n```txt\nmyPassword\n```\n\nContents of secret `certbot_email_smtp_server`\n\n```txt\nsmtp.example.com\n```\n\nContents of secret `certbot_email_smtp_port`\n\n```txt\n587\n```\n\n## Environment variables\n\nEnvironment variables are used to configure various stages of the automation process.\n\n### 1. `certbot` Certificate Signing stage\n\n| Name | Default value | Description | Corresponds to `certbot` argument |\n|:-------:|:---------------:|:---------:|:---------:|\n| `STAGING` | `0` |  Whether to use production or staging LetsEncrypt endpoint. 0 for production, 1 for staging\n| `RSA_KEY_SIZE` | `4096` | Size of the RSA key. | `--rsa-key-size`\n| `DOMAINS` | `\"\"` | Domains (delimited by ';' ) | `--domains`, `-d`\n| `DOMAINS_FILE` | `4096` | Same as `DOMAINS`, but this should point to a file. Domains should be delimited by \"\\n\". Useful when using secrets. | `--domains`, `-d`\n| `DOMAIN_ADMIN_EMAIL_LOCALPART` | `admin` | Admin Email's Local-part for LetsEncrypt expiry-notification emails. The final email will be `\u003cDOMAIN_ADMIN_EMAIL_LOCALPART\u003e@domain.com` | `--email`, `-m`\n| `PLUGIN_DNS_PROVIDER` | `\"\"` | DNS Provider. Valid values are: `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53`  | `--dns-\u003cPLUGIN_DNS_PROVIDER\u003e`\n| `PLUGIN_DNS_CREDENTIALS_FILE` | `\"\"` | Path to the dns credentials file | `--dns-\u003cPLUGIN_DNS_PROVIDER\u003e-credentials`.\n| `PLUGIN_DNS_PROPAGATION_SECONDS` | certbot plugin default, check plugin documentation | The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. | `--dns-\u003cPLUGIN_DNS_PROVIDER\u003e-propagation-seconds`.\n\n### 2. Deploy stage\n\n| Name | Default value | Description |\n|:-------:|:---------------:|:---------:|\n| `DEPLOY_CERTS` | `\"\"` | Whether to deploy the signed cert, key, fullchain cert, and chain cert. This copies `/etc/letsencrypt/live/\u003cdomain\u003e/privkey.pem` to `/certs/\u003cdomain\u003e.key`, `/etc/letsencrypt/live/\u003cdomain\u003e/cert.pem` to `/certs/\u003cdomain\u003e.crt`, `/etc/letsencrypt/live/\u003cdomain\u003e/fullchain.pem` to `/certs/\u003cdomain\u003e.fullchain.pem`, and `/etc/letsencrypt/live/\u003cdomain/chain.pem` to `/certs/\u003cdomain\u003e.chain.pem`. Omit environment variable to disable deploy\n\n### 3. Reload stage\n\n| Name | Default value | Description |\n|:-------:|:---------------:|:---------:|\n| `TARGET_CONTAINER_NAME` | `\"\"` | Container name to reload (with SIGHUP) after signing and obtaining cert. In Swarm mode, specify `\u003cstack\u003e\u003cservice\u003e` and any container with name starting with `\u003cstack\u003e\u003cservice\u003e` will be sent a signal. Only one container name may be matched, so ensure this is as unique as possible. Omit environment variable to disable reload\n\n### 4. Email notification stage\n\n| Name | Default value | Description |\n|:-------:|:---------------:|:---------:|\n| `EMAIL_REPORT` | `\"\"` | Whether to email the summary report on successful cert-signing, deployment, and reloading of target container. Omit environment variable to disable email\n| `EMAIL_FROM` | `\"\"` | Email sender address\n| `EMAIL_TO` | `\"\"` | Email receipient address\n| `EMAIL_USER` | `\"\"` | SMTP sender account user\n| `EMAIL_PASSWORD` | `\"\"` | SMTP sender account password\n| `SMTP_SERVER` | `\"\"` | SMTP server DNS / hostname / IP address. E.g. `smtp.example.com`, `1.2.3.4`\n| `SMTP_PORT` | `\"\"` | SMTP server port. E.g. `587`, `465`\n\n#### If using Swarm Secrets\n\nInstead of specifying your email credentials in the `docker-stack.yml`, use environment variables suffixed with `_FILE`, each pointing to Swarm Secrets' mountpoints `/run/secrets/\u003csecret_name\u003e`. These files will be read to obtain the email credentials.\n\n| Name | Default value | Description |\n|:-------:|:---------------:|:---------:|\n| `EMAIL_FROM_FILE` | `/run/secrets/certbot_email_from` | Email sender address\n| `EMAIL_TO_FILE` | `/run/secrets/certbot_email_to` | Email receipient address\n| `EMAIL_USER_FILE` | `/run/secrets/certbot_email_user` | SMTP sender account user\n| `EMAIL_PASSWORD_FILE` | `/run/secrets/certbot_email_password` | SMTP sender account password\n| `SMTP_SERVER_FILE` | `/run/secrets/certbot_email_smtp_server` | SMTP server DNS / hostname / IP address. E.g. `smtp.example.com`, `1.2.3.4`\n| `SMTP_PORT_FILE` | `/run/secrets/certbot_email_smtp_port` | SMTP server port. E.g. `587`, `465`\n\n## Cron interval\n\nBy default, the cron invokes the main script every hour.\n\n## Script usage\n\n### Manually sign a certificate\n\nTo do so, invoke the main script, passing domain(s) as arguments.\n\nIf a certificate for a given domain doesn't yet exist, a new certificate will be obtained.\nIf a certificate for a given domain is not due for renewal, certbot shows a message that no renewal is done.\n\n```sh\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/signcert-deploy-sendmail.sh example.com'\n\n# For multiple domains\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/signcert-deploy-sendmail.sh example.com example2.com example3.com'\n```\n\nTo force certificate renewal even if the certificate is not yet due for renewal, use the `--force` flag:\n\n```sh\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/signcert-deploy-sendmail.sh --force example.com'\n\n# For multiple domains\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/signcert-deploy-sendmail.sh --force example.com example2.com example3.com'\n```\n\n### Manually deploy a signed certificate\n\nThis can either be done by using the provided script `deploy.sh`\n\n```sh\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/deploy.sh example.com'\n```\n\n### Manually remove a certificate\n\nThis can either be done by using the provided script `removecert.sh`, or manually deleting the domain folder in the `letsencrypt` data folder. For `example.com`, delete the folder named `example.com`\n\n```sh\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/removecert.sh example.com'\n```\n\n### Read a certificate\n\n```sh\ndocker exec -it \"$container_name_or_id\" sh -c '/app/scripts/readcert.sh example.com'\n```\n\n## Script behaviour\n\n### `certbot` Certificate Signing stage\n\nAssuming you passed in the necessary environment variables, renewing certs would be as simple as invoking the main script, whether through `docker exec`, or directly inside the container. The script reads environment variables each time it is invoked.\n\n### Deploy stage\n\nThe script copies each successfully signed domain certificate, key, full chain, and chain certificates to the folder `/certs`.\n\nTo disable this stage, omit the environment variable `DEPLOY_CERTS`.\n\n### Reload stage\n\nThe script sends a `SIGHUP` (`1`) to a container with name starting with `TARGET_CONTAINER_NAME`.\n\nWhen `Swarm Mode` is used, all services go by the naming convention `\u003cstack\u003e\u003cservice\u003e`. `\u003cstack\u003e` is the name given when using `docker stack up`, and `\u003cservice\u003e` is the service key in the `docker-compose.yml` or `docker-stack.yml`. If a container name starts with `\u003cstack\u003e\u003cservice\u003e`, ignoring the suffix, that container is sent the signal. As an example, if the value of `TARGET_CONTAINER_NAME` variable is `mystack_docker-gen`, the service called `mystack_docker-gen.1.jb2xwgp3ktnmsmp1eo31563jw` is sent the reload signal. The signal is sent to one container only; if multiple containers names match `mystack_docker-gen`, no signal is sent. Therefore keep the container name as unique as possible.\n\nMounting the `/var/run/docker.sock` is necessary for reloading to take place.\n\nTo disable this stage, omit the environment variable `TARGET_CONTAINER_NAME`.\n\n### Email notification stage\n\nThis sends a summarized report of all the previous steps and their success status. Only one email is sent each time the script is invoked.\n\nNo email is sent in these cases:\n\n1. The email functionality is disabled by omitting `EMAIL_REPORT`\n2. One or more email credentials were not specified, among: `EMAIL_FROM`, `EMAIL_TO`, `EMAIL_USER`, `EMAIL_PASSWORD`, `SMTP_SERVER`, `SMTP_PORT`\n3. The email credentials were wrong\n4. All the given domains' certificates are not due for renewal\n\nAssuming all variables are set correctly, as long as one certificate is obtained / renewed, a summary report will be sent.\n\nTo disable this stage, omit the environment variable `EMAIL_REPORT`.\n\n## Development\n\nRequires Windows `powershell` or [`pwsh`](https://github.com/PowerShell/PowerShell).\n\n```powershell\n# Install Generate-DockerImageVariants module: https://github.com/theohbrothers/Generate-DockerImageVariants\nInstall-Module -Name Generate-DockerImageVariants -Repository PSGallery -Scope CurrentUser -Force -Verbose\n\n# Edit ./generate templates\n\n# Generate the variants\nGenerate-DockerImageVariants .\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheohbrothers%2Fdocker-certbot-dns-cron","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftheohbrothers%2Fdocker-certbot-dns-cron","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheohbrothers%2Fdocker-certbot-dns-cron/lists"}