shihaam/gen-ssl-letsencrypt-cf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e23083c55a89fc3c1a9ad2d65b6ef0f3eaf9ba97
gen-ssl-letsencrypt-cf/README.md
Shihaam Abdul Rahman e23083c55a update readme
2025-08-09 16:08:28 +05:00

3.8 KiB
Raw Blame History

Generate Free SSL Certificates

This Docker container generates free SSL certificates using Let's Encrypt with the Cloudflare DNS plugin.
It supports wildcard certificates and multiple domains per certificate.

Prerequisites

  • Docker and Docker Compose installed
  • Domains managed through Cloudflare DNS
  • Cloudflare Global API Key or API Token with Zone:Read and DNS:Edit permissions

How to Use

1. Set up environment file

Generate .env file View example

Example .env file:

CLOUDFLARE_EMAIL=user@example.com
CLOUDFLARE_API_KEY=your_global_api_key_here
CERTBOT_EMAIL=admin@example.com
DOMAINS=example.com,*.example.com,api.example.com

Environment Variables:

  • CLOUDFLARE_EMAIL= - Your Cloudflare account email address
  • CLOUDFLARE_API_KEY= - Get from Cloudflare Dashboard > Profile > API Tokens
    • Use either Global API Key or create a custom token with Zone:Read and DNS:Edit permissions
  • CERTBOT_EMAIL= - Email for Let's Encrypt notifications (certificate expiry warnings)
  • DOMAINS= - Comma-separated list of domains for the certificate
    • Supports wildcards: *.example.com,example.com
    • Multiple domains: example.com,api.example.com,*.sub.example.com

2. Create Docker Compose file

Save the following as compose.yml:

services:
  certgen:
    image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
    hostname: certgen
    volumes:
      - ./certs:/etc/letsencrypt/archive
    env_file: .env
    restart: no
#  certgen2:
#    image: git.shihaam.dev/shihaam/gen-ssl-letsencrypt-cf
#    hostname: certgen2
#    volumes:
#      - ./certs:/etc/letsencrypt/archive
#    env_file: .env_account2
#    restart: no
  • You can uncomment 2nd service to genereate certs for domain in another account.

3. Generate certificates

Run the container:

docker compose up

The container will:

  • Validate your Cloudflare credentials
  • Create DNS TXT records for domain validation
  • Generate and download certificates
  • Clean up DNS records
  • Exit automatically when complete

4. Access your certificates

Certificates are saved in the certs/ directory:

certs/
├── omegatechsolution.org
│   ├── cert1.pem
│   ├── chain1.pem
│   ├── fullchain1.pem
│   └── privkey1.pem
└── sar.sh
    ├── cert1.pem
    ├── chain1.pem
    ├── fullchain1.pem
    └── privkey1.pem

Note: The folder name is the first domain in the array, Certs will be valid for all domains.

For web servers:

  • Nginx: Use fullchain.pem + privkey.pem
  • Apache: Use cert.pem + chain.pem + privkey.pem

Multiple Accounts/Certificate Sets

To generate certificates for multiple Cloudflare accounts or different domain sets:

  1. Create additional environment files:
cp .env .env_account2
# Edit .env_account2 with different credentials/domains

  1. Uncomment and modify the second service in compose.yml

  2. Run specific services:

# Generate for primary account
docker compose up certgen

# Generate for secondary account
docker compose up certgen2

# Generate for all accounts
docker compose up

Certificate Renewal

Certificates are valid for 90 days. To renew:

  1. Run the same docker compose up command
  2. Let's Encrypt will automatically renew certificates expiring within 30 days

Troubleshooting

Common Issues:

  • "Invalid credentials": Verify your Cloudflare email and API key
  • "Domain not found": Ensure domains are managed by your Cloudflare account
  • "Rate limited": Let's Encrypt has rate limits (50 certificates per week per domain)

Supported Features

  • Wildcard certificates (*.example.com)
  • Multiple domains per certificate
  • Multiple Cloudflare accounts
  • Automatic DNS validation
  • Certificate renewal