This image provides the official Certbot utility with the Cloudflare DNS plugin builtin.
-
Create local directories where lets encrypt files(keys, certs, renewal config, etc) and logs will be stored.
-
Create a .ini file with Cloudflare API credentials:
dns_cloudflare_email=<cloudflare_email>
dns_cloudflare_api_key=<cloudflare_api_key>
- Run/create the container with the added volumes and the certbot arguments:
docker run --interactive --tty \
-v </path/to/letsencrypt_files>:/etc/letsencrypt \
-v </path/to/letsencrypt_logs>:/var/log/letsencrypt \
-v </path/to/cloudflare_creds>:/etc/cloudflare.ini:ro \
horjulf/certbot-cloudflare \
<certbot_args>
- Request a certificate:
docker run --interactive --tty \
-v </path/to/letsencrypt_files>:/etc/letsencrypt \
-v </path/to/letsencrypt_logs>:/var/log/letsencrypt \
-v </path/to/cloudflare_creds>:/etc/cloudflare.ini:ro \
horjulf/certbot-cloudflare \
certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini -m <[email protected]> --agree-tos --no-eff-email -d <example.domain>
- Renew existing certificates:
docker run --interactive --tty \
-v </path/to/letsencrypt_files>:/etc/letsencrypt \
-v </path/to/letsencrypt_logs>:/var/log/letsencrypt \
-v </path/to/cloudflare_creds>:/etc/cloudflare.ini:ro \
horjulf/certbot-cloudflare \
renew --dns-cloudflare-credentials /etc/cloudflare.ini
- Cron usable container for renewal:
docker create \
--name=certbot_cloudflare_renew
-v </path/to/letsencrypt_files>:/etc/letsencrypt \
-v </path/to/letsencrypt_logs>:/var/log/letsencrypt \
-v </path/to/cloudflare_creds>:/etc/cloudflare.ini:ro \
horjulf/certbot-cloudflare \
renew --dns-cloudflare-credentials /etc/cloudflare.ini --quiet
docker start -a certbot_cloudflare_renew