Skip to content

serversideup/docker-certbot-dns-cloudflare

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker Images Logo

Build Status License Support us Discourse users Discord

Certbot Cloudflare DNS Docker Container

This container is used to generate and automatically renew SSL certificates from Let's Encrypt using the Cloudflare DNS plugin. It's based off the official Certbot image with some modifications to make it more flexible and configurable.

Docker Image Size
serversideup/certbot-dns-cloudflare Docker Image Size

Base Image

The image is based on certbot/dns-cloudflare:latest, providing a stable and up-to-date environment for running Certbot with Cloudflare DNS authentication.

Features

  • Automatic SSL certificate generation and renewal using Let's Encrypt
  • No configs needed, this image generates the cloudflare.ini file for you
  • Cloudflare DNS authentication for domain validation
  • Customizable configuration via environment variables
  • Periodic certificate renewal checks
  • Windows support (set REPLACE_SYMLINKS to true)
  • Native Docker health checks to ensure the server is running

Works great for orchestrated deployments

We designed this image to work great in orchestrated deployments like Kubernetes, Docker Swarm, or even in Github Actions. Look how simple the syntax is:

  certbot:
    image: serversideup/certbot-dns-cloudflare
    volumes:
      - certbot_data:/etc/letsencrypt
    environment:
      CLOUDFLARE_API_TOKEN: "${CLOUDFLARE_API_TOKEN}"
      CERTBOT_EMAIL: "${CERTBOT_EMAIL}"
      CERTBOT_DOMAINS: "${CERTBOT_DOMAINS}"
      CERTBOT_KEY_TYPE: "rsa"

  volumes:
    certbot_data:

Environment Variables

The following environment variables can be used to customize the Certbot container:

Variable Description Default Value
CERTBOT_DOMAINS Comma-separated list of domains for which to obtain the certificate -
CERTBOT_EMAIL Email address for Let's Encrypt notifications -
CERTBOT_KEY_TYPE Type of private key to generate ecdsa
CLOUDFLARE_API_TOKEN Cloudflare API token for DNS authentication (see below how to create one) -
DEBUG Enable debug mode (prints more information to the console) false
PUID The user ID to run certbot as 0
PGID The group ID to run certbot as 0
RENEWAL_INTERVAL Interval between certificate renewal checks. Set to 0 to disable renewals and only run once. 43200 seconds (12 hours)
REPLACE_SYMLINKS Replaces symlinks with direct copies of the files they reference (required for Windows) false

Creating a Cloudflare API Token

Warning

Treat this token like a password. It will grant access to your Cloudflare account and can be used to modify DNS records.

  1. Go to the Cloudflare API Tokens page.
  2. Click on "Create Token".
  3. Click "Use template" for the "Edit Zone DNS" template.
  4. Change the token name (optional)
  5. Set a specific zone under "Zone Resources" (optional)
  6. Click on "Continue to summary".
  7. Click on "Create Token".

Usage

  1. Pull the Docker image:

    docker pull serversideup/certbot-dns-cloudflare:latest
  2. Run the container with the required environment variables:

Caution

Make sure to replace the -v /path/to/your/certs:/etc/letsencrypt with a valid path on your host machine.

docker run \
 -e CERTBOT_DOMAINS="yourdomain.com" \
 -e CERTBOT_EMAIL="[email protected]" \
 -e CLOUDFLARE_API_TOKEN="your-cloudflare-api-token" \
 -v /path/to/your/certs:/etc/letsencrypt \
serversideup/certbot-dns-cloudflare:latest
  1. The container will automatically generate and renew the certificate.

Resources

  • Discord for friendly support from the community and the team.
  • GitHub for source code, bug reports, and project management.
  • Get Professional Help - Get video + screen-sharing help directly from the core contributors.

Contributing

As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project.

Need help getting started? Join our Discord community and we'll help you out!

Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.

Sponsors

Black Level Sponsors

Sevalla

Bronze Sponsors

No bronze sponsors yet. Become a sponsor →

Individual Supporters

GeekDougle  JQuilty  MaltMethodDev  harrisonratcliffe  

About Us

We're Dan and Jay - a two person team with a passion for open source products. We created Server Side Up to help share what we learn.

Dan Pastori
Jay Rogers


Find us at:

  • 📖 Blog - Get the latest guides and free courses on all things web/mobile development.
  • 🙋 Community - Get friendly help from our community members.
  • 🤵‍♂️ Get Professional Help - Get video + screen-sharing support from the core contributors.
  • 💻 GitHub - Check out our other open source projects.
  • 📫 Newsletter - Skip the algorithms and get quality content right to your inbox.
  • 🐥 Twitter - You can also follow Dan and Jay.
  • ❤️ Sponsor Us - Please consider sponsoring us so we can create more helpful resources.

Our products

If you appreciate this project, be sure to check out our other projects.

📚 Books

🛠️ Software-as-a-Service

  • Bugflow: Get visual bug reports directly in GitHub, GitLab, and more.
  • SelfHost Pro: Connect Stripe or Lemonsqueezy to a private docker registry for self-hosted apps.

🌍 Open Source

  • AmplitudeJS: Open-source HTML5 & JavaScript Web Audio Library.
  • Spin: Laravel Sail alternative for running Docker from development → production.
  • Financial Freedom: Open source alternative to Mint, YNAB, & Monarch Money.