init

.gitignore

@@ -0,0 +1,3 @@
+.env
+.env_*
+certs/*

Dockerfile

@@ -0,0 +1,11 @@
+FROM debian:stable-slim
+
+WORKDIR /etc/letsencrypt/live
+
+RUN apt update \
+ && apt install python3-certbot python3-certbot-dns-cloudflare -y
+
+COPY gencert.sh /root/
+RUN chmod +x /root/gencert.sh
+
+CMD /root/gencert.sh

compose.yml

@@ -0,0 +1,7 @@
+services:
+  certbot:
+    build: .
+    hostname: certgen
+    volumes:
+      - ./certs:/etc/letsencrypt/live
+    env_file: .env_omegetech

gencert.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+echo "Processing account: $CLOUDFLARE_EMAIL"
+
+echo "dns_cloudflare_email = $CLOUDFLARE_EMAIL" > /tmp/cloudflare.ini
+echo "dns_cloudflare_api_key = $CLOUDFLARE_API_KEY" >> /tmp/cloudflare.ini
+chmod 600 /tmp/cloudflare.ini
+
+IFS=',' read -ra DOMAIN_ARRAY <<< "$DOMAINS"
+domain_args=""
+
+for domain in "${DOMAIN_ARRAY[@]}"; do
+    domain_args="$domain_args -d $(echo $domain | xargs)"
+done
+
+echo "Generating certificate for domains: $DOMAINS"
+
+certbot certonly \
+    --dns-cloudflare \
+    --dns-cloudflare-credentials /tmp/cloudflare.ini \
+    --email "$CERTBOT_EMAIL" \
+    --agree-tos \
+    --non-interactive \
+    --dns-cloudflare-propagation-seconds 60 \
+    $domain_args
+
+rm -f /tmp/cloudflare.ini
+
+echo "Certificate generation completed!"