Generate Free SSL Certificates

This Docker container generates free SSL certificates using Let's Encrypt with the Cloudflare DNS plugin.
It supports wildcard certificates and multiple domains per certificate.

Prerequisites

• Docker and Docker Compose installed
• Domains managed through Cloudflare DNS
• Cloudflare Global API Key or API Token with Zone:Read and DNS:Edit permissions

How to Use

1. Set up environment file

Generate .env file View example

Example .env file:

CLOUDFLARE_EMAIL=user@example.com
CLOUDFLARE_API_KEY=your_global_api_key_here
CERTBOT_EMAIL=admin@example.com
DOMAINS=example.com,*.example.com,api.example.com

Environment Variables:

• CLOUDFLARE_EMAIL= - Your Cloudflare account email address
• CLOUDFLARE_API_KEY= - Get from Cloudflare Dashboard > Profile > API Tokens
  • Use either Global API Key or create a custom token with Zone:Read and DNS:Edit permissions
• CERTBOT_EMAIL= - Email for Let's Encrypt notifications (certificate expiry warnings)
• DOMAINS= - Comma-separated list of domains for the certificate
  • Supports wildcards: *.example.com,example.com
  • Multiple domains: example.com,api.example.com,*.sub.example.com

2. Create Docker Compose file

Save the following as compose.yml:

services:
  certgen:
    image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
    hostname: certgen
    volumes:
      - ./certs:/etc/letsencrypt/archive
    env_file: .env
    restart: no
#  certgen2:
#    image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
#    hostname: certgen2
#    volumes:
#      - ./certs:/etc/letsencrypt/archive
#    env_file: .env_account2
#    restart: no

• You can uncomment 2nd service to genereate certs for domain in another account.

3. Generate certificates

Run the container:

docker compose up

The container will:

• Validate your Cloudflare credentials
• Create DNS TXT records for domain validation
• Generate and download certificates
• Clean up DNS records
• Exit automatically when complete

4. Access your certificates

Certificates are saved in the certs/ directory:

certs/
├── omegatechsolution.org
│   ├── cert1.pem
│   ├── chain1.pem
│   ├── fullchain1.pem
│   └── privkey1.pem
└── sar.sh
    ├── cert1.pem
    ├── chain1.pem
    ├── fullchain1.pem
    └── privkey1.pem

Note: The folder name is the first domain in the array, Certs will be valid for all domains.

For web servers:

• Nginx: Use fullchain.pem + privkey.pem
• Apache: Use cert.pem + chain.pem + privkey.pem

Multiple Accounts/Certificate Sets

To generate certificates for multiple Cloudflare accounts or different domain sets:

1. Create additional environment files:

cp .env .env_account2
# Edit .env_account2 with different credentials/domains

2. Uncomment and modify the second service in compose.yml

3. Run specific services:

# Generate for primary account
docker compose up certgen

# Generate for secondary account
docker compose up certgen2

# Generate for all accounts
docker compose up

Certificate Renewal

Certificates are valid for 90 days. To renew:

1. Run the same docker compose up command
2. Let's Encrypt will automatically renew certificates expiring within 30 days

Troubleshooting

Common Issues:

• "Invalid credentials": Verify your Cloudflare email and API key
• "Domain not found": Ensure domains are managed by your Cloudflare account
• "Rate limited": Let's Encrypt has rate limits (50 certificates per week per domain)

Supported Features

• ✅ Wildcard certificates (*.example.com)
• ✅ Multiple domains per certificate
• ✅ Multiple Cloudflare accounts
• ✅ Automatic DNS validation
• ✅ Certificate renewal