https://github.com/serversideup/docker-certbot-dns-cloudflare

A simple wrapper around certbot/dns-cloudflare to add a renewal interval.
https://github.com/serversideup/docker-certbot-dns-cloudflare

cloudflare docker letsencrypt

Last synced: 20 days ago
JSON representation

A simple wrapper around certbot/dns-cloudflare to add a renewal interval.

• Host: GitHub
• URL: https://github.com/serversideup/docker-certbot-dns-cloudflare
• Owner: serversideup
• License: gpl-3.0
• Created: 2024-08-29T17:18:39.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-04-18T16:41:19.000Z (22 days ago)
• Last Synced: 2025-04-19T04:49:34.895Z (21 days ago)
• Topics: cloudflare, docker, letsencrypt
• Language: Shell
• Homepage: https://hub.docker.com/r/serversideup/certbot-dns-cloudflare
• Size: 115 KB
• Stars: 25
• Watchers: 2
• Forks: 9
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        


		





	

	

	

	

  



# Certbot Cloudflare DNS Docker Container

This container is used to generate and automatically renew SSL certificates from Let's Encrypt using the Cloudflare DNS plugin. It's based off the [official Certbot image](https://hub.docker.com/r/certbot/dns-cloudflare) with some modifications to make it more flexible and configurable.

| Docker Image | Size |

|-------------|------|

| [serversideup/certbot-dns-cloudflare](https://hub.docker.com/r/serversideup/certbot-dns-cloudflare) | ![Docker Image Size](https://img.shields.io/docker/image-size/serversideup/certbot-dns-cloudflare/latest?style=flat-square) |

## Base Image

The image is based on `certbot/dns-cloudflare:latest`, providing a stable and up-to-date environment for running Certbot with Cloudflare DNS authentication.

## Features

- Automatic SSL certificate generation and renewal using Let's Encrypt

- No configs needed, this image generates the cloudflare.ini file for you

- Cloudflare DNS authentication for domain validation

- Customizable configuration via environment variables

- Periodic certificate renewal checks

- Windows support (set `REPLACE_SYMLINKS` to `true`)

- Native Docker health checks to ensure the server is running

### Works great for orchestrated deployments

We designed this image to work great in orchestrated deployments like Kubernetes, Docker Swarm, or even in Github Actions. Look how simple the syntax is:

```yaml

  certbot:

    image: serversideup/certbot-dns-cloudflare

    volumes:

      - certbot_data:/etc/letsencrypt

    environment:

      CLOUDFLARE_API_TOKEN: "${CLOUDFLARE_API_TOKEN}"

      CERTBOT_EMAIL: "${CERTBOT_EMAIL}"

      CERTBOT_DOMAINS: "${CERTBOT_DOMAINS}"

      CERTBOT_KEY_TYPE: "rsa"

  volumes:

    certbot_data:

```

## Environment Variables

The following environment variables can be used to customize the Certbot container:

| Variable               | Description                                                         | Default Value |

|------------------------|---------------------------------------------------------------------|---------------|

| `CERTBOT_DOMAINS`      | Comma-separated list of domains for which to obtain the certificate | - |

| `CERTBOT_EMAIL`        | Email address for Let's Encrypt notifications                       | - |

| `CERTBOT_KEY_TYPE`     | Type of private key to generate                                     | `ecdsa` |

| `CERTBOT_SERVER`       | The ACME server URL                                                 | `https://acme-v02.api.letsencrypt.org/directory` |

| `CLOUDFLARE_API_TOKEN` | Cloudflare API token for DNS authentication (see below how to create one)                         | - |

| `CLOUDFLARE_CREDENTIALS_FILE` | Path to the Cloudflare credentials file. | `/cloudflare.ini` |

| `CLOUDFLARE_PROPAGATION_SECONDS` | Wait time (in seconds) after setting DNS TXT records before validation. Useful if DNS propagation is slow. | `10` |

| `DEBUG`                | Enable debug mode (prints more information to the console)            | `false`                    |

| `PUID`                 | The user ID to run certbot as                                       | `0`                    |

| `PGID`                 | The group ID to run certbot as                                        | `0`                    |

| `RENEWAL_INTERVAL`     | Interval between certificate renewal checks. Set to `0` to disable renewals and only run once.                         | 43200 seconds (12 hours) |

| `REPLACE_SYMLINKS`     | Replaces symlinks with direct copies of the files they reference (required for Windows) | `false`                    |

### Creating a Cloudflare API Token

> [!WARNING]  

> Treat this token like a password. It will grant access to your Cloudflare account and can be used to modify DNS records.

1. Go to the [Cloudflare API Tokens](https://dash.cloudflare.com/profile/api-tokens) page.

2. Click on "Create Token".

3. Click "Use template" for the "Edit Zone DNS" template.

4. Change the token name (optional)

5. Set a specific zone under "Zone Resources" (optional)

6. Click on "Continue to summary".

7. Click on "Create Token".

## Usage

1. Pull the Docker image:

   ```sh

   docker pull serversideup/certbot-dns-cloudflare:latest

   ```

2. Run the container with the required environment variables:

> [!CAUTION]

> Make sure to replace the `-v /path/to/your/certs:/etc/letsencrypt` with a valid path on your host machine.

   ```sh

   docker run \

    -e CERTBOT_DOMAINS="yourdomain.com" \

    -e CERTBOT_EMAIL="[email protected]" \

    -e CLOUDFLARE_API_TOKEN="your-cloudflare-api-token" \

    -v /path/to/your/certs:/etc/letsencrypt \

   serversideup/certbot-dns-cloudflare:latest

   ```

> [!TIP]

> For Wildcard Certificates, use the following order for the Docker instance health check: `domain.name, *.domain.name`

3. The container will automatically generate and renew the certificate.

## Resources

- **[Discord](https://serversideup.net/discord)** for friendly support from the community and the team.

- **[GitHub](https://github.com/serversideup/docker-certbot-dns-cloudflare)** for source code, bug reports, and project management.

- **[Get Professional Help](https://serversideup.net/professional-support)** - Get video + screen-sharing help directly from the core contributors.

## Contributing

As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project.

- **Bug Report**: If you're experiencing an issue while using these images, please [create an issue](https://github.com/serversideup/docker-certbot-dns-cloudflare/issues/new/choose).

- **Security Report**: Report critical security issues via [our responsible disclosure policy](https://www.notion.so/Responsible-Disclosure-Policy-421a6a3be1714d388ebbadba7eebbdc8).

Need help getting started? Join our Discord community and we'll help you out!



## Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.



### Black Level Sponsors



#### Bronze Sponsors

No bronze sponsors yet. Become a sponsor →

#### Individual Supporters

        

## About Us

We're [Dan](https://twitter.com/danpastori) and [Jay](https://twitter.com/jaydrogers) - a two person team with a passion for open source products. We created [Server Side Up](https://serversideup.net) to help share what we learn.



| 
Dan Pastori
                  | 
Jay Rogers
                                 |

| ----------------------------- | ------------------------------------------ |

| 





                        | 





                                       |




### Find us at:

* **📖 [Blog](https://serversideup.net)** - Get the latest guides and free courses on all things web/mobile development.

* **🙋 [Community](https://community.serversideup.net)** - Get friendly help from our community members.

* **🤵‍♂️ [Get Professional Help](https://serversideup.net/professional-support)** - Get video + screen-sharing support from the core contributors.

* **💻 [GitHub](https://github.com/serversideup)** - Check out our other open source projects.

* **📫 [Newsletter](https://serversideup.net/subscribe)** - Skip the algorithms and get quality content right to your inbox.

* **🐥 [Twitter](https://twitter.com/serversideup)** - You can also follow [Dan](https://twitter.com/danpastori) and [Jay](https://twitter.com/jaydrogers).

* **❤️ [Sponsor Us](https://github.com/sponsors/serversideup)** - Please consider sponsoring us so we can create more helpful resources.

## Our products

If you appreciate this project, be sure to check out our other projects.

### 📚 Books

- **[The Ultimate Guide to Building APIs & SPAs](https://serversideup.net/ultimate-guide-to-building-apis-and-spas-with-laravel-and-nuxt3/)**: Build web & mobile apps from the same codebase.

- **[Building Multi-Platform Browser Extensions](https://serversideup.net/building-multi-platform-browser-extensions/)**: Ship extensions to all browsers from the same codebase.

### 🛠️ Software-as-a-Service

- **[Bugflow](https://bugflow.io/)**: Get visual bug reports directly in GitHub, GitLab, and more.

- **[SelfHost Pro](https://selfhostpro.com/)**: Connect Stripe or Lemonsqueezy to a private docker registry for self-hosted apps.

### 🌍 Open Source

- **[AmplitudeJS](https://521dimensions.com/open-source/amplitudejs)**: Open-source HTML5 & JavaScript Web Audio Library.

- **[Spin](https://serversideup.net/open-source/spin/)**: Laravel Sail alternative for running Docker from development → production.

- **[Financial Freedom](https://github.com/serversideup/financial-freedom)**: Open source alternative to Mint, YNAB, & Monarch Money.