diff --git a/README.md b/README.md index e2d03fa..6cfe845 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ The following environment variables can be used to customize the Certbot contain | Variable | Description | Default Value | |------------------------|---------------------------------------------------------------------|---------------| | `CERTBOT_DOMAINS` | Comma-separated list of domains for which to obtain the certificate | - | +| `CERTBOT_EXPAND` | Expand existing certificate to add Subject Alternative Name domains | - | | `CERTBOT_EMAIL` | Email address for Let's Encrypt notifications | - | | `CERTBOT_KEY_TYPE` | Type of private key to generate | `ecdsa` | | `CERTBOT_SERVER` | The ACME server URL | `https://acme-v02.api.letsencrypt.org/directory` | diff --git a/src/Dockerfile b/src/Dockerfile index eec6266..139a452 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -33,4 +33,4 @@ RUN apk update && \ ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ - CMD [ -f "/etc/letsencrypt/live/$(echo "$CERTBOT_DOMAINS" | cut -d',' -f1)/fullchain.pem" ] \ No newline at end of file + CMD [ -f "/etc/letsencrypt/live/$(echo "$CERTBOT_DOMAINS" | cut -d',' -f1)/fullchain.pem" ] diff --git a/src/entrypoint.sh b/src/entrypoint.sh index e3b2a35..1b089b5 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -105,6 +105,13 @@ run_certbot() { debug_flag="" [ "$DEBUG" = "true" ] && debug_flag="-v" + # Check if we need to expand + if [ "$CERTBOT_EXPAND" == "true" ]; then + expand="--expand" + else + expand="" + fi + $certbot_cmd $debug_flag certonly \ --dns-cloudflare \ --dns-cloudflare-credentials "$CLOUDFLARE_CREDENTIALS_FILE" \ @@ -113,6 +120,7 @@ run_certbot() { --key-type "$CERTBOT_KEY_TYPE" \ --email "$CERTBOT_EMAIL" \ --server "$CERTBOT_SERVER" \ + $expand \ --agree-tos \ --non-interactive \ --strict-permissions