feat: implement server url environment variable (#15)

austonpramodh · jaydrogers · web-flow · commit de8c7875c1fb · 2025-04-18T11:31:27.000-05:00
* feat: implement server url environment variable

* Update entrypoint.sh to include additional environment variables for validation

* Fix formatting

* Enhance entrypoint.sh to check for existing Cloudflare credentials file before creating a new one, improving efficiency and preventing unnecessary overwrites.

---------

Co-authored-by: Jay Rogers &lt;jay@521dimensions.com&gt;
diff --git a/README.md b/README.md
@@ -59,6 +59,7 @@ The following environment variables can be used to customize the Certbot contain
 | `CERTBOT_DOMAINS`      | Comma-separated list of domains for which to obtain the certificate | - |
 | `CERTBOT_EMAIL`        | Email address for Let's Encrypt notifications                       | - |
 | `CERTBOT_KEY_TYPE`     | Type of private key to generate                                     | `ecdsa` |
+| `CERTBOT_SERVER`       | The ACME server URL                                                 | `https://acme-v02.api.letsencrypt.org/directory` |
 | `CLOUDFLARE_API_TOKEN` | Cloudflare API token for DNS authentication (see below how to create one)                         | - |
 | `CLOUDFLARE_CREDENTIALS_FILE` | Path to the Cloudflare credentials file. | `/cloudflare.ini` |
 | `CLOUDFLARE_PROPAGATION_SECONDS` | Wait time (in seconds) after setting DNS TXT records before validation. Useful if DNS propagation is slow. | `10` |
diff --git a/src/Dockerfile b/src/Dockerfile
@@ -10,6 +10,7 @@ ARG CERTBOT_GID=9999
 ENV CERTBOT_DOMAINS="" \
     CERTBOT_EMAIL="" \
     CERTBOT_KEY_TYPE="ecdsa" \
+    CERTBOT_SERVER="https://acme-v02.api.letsencrypt.org/directory" \
     CLOUDFLARE_API_TOKEN="" \
     CLOUDFLARE_CREDENTIALS_FILE="/cloudflare.ini" \
     CLOUDFLARE_PROPAGATION_SECONDS="10" \
diff --git a/src/entrypoint.sh b/src/entrypoint.sh
@@ -26,7 +26,7 @@ debug_print() {
 
 configure_uid_and_gid() {
     debug_print "Preparing environment for $PUID:$PGID..."
-    
+
     # Handle existing user with the same UID
     if id -u "${PUID}" >/dev/null 2>&1; then
         old_user=$(id -nu "${PUID}")
@@ -112,6 +112,7 @@ run_certbot() {
         -d "$CERTBOT_DOMAINS" \
         --key-type "$CERTBOT_KEY_TYPE" \
         --email "$CERTBOT_EMAIL" \
+        --server "$CERTBOT_SERVER" \
         --agree-tos \
         --non-interactive \
         --strict-permissions
@@ -122,13 +123,13 @@ run_certbot() {
     fi
 
     if [ "$REPLACE_SYMLINKS" = "true" ]; then
-      replace_symlinks "/etc/letsencrypt/live";
+        replace_symlinks "/etc/letsencrypt/live"
     fi
 }
 
 validate_environment_variables() {
     # Validate required environment variables
-    for var in CLOUDFLARE_API_TOKEN CERTBOT_DOMAINS CERTBOT_EMAIL CERTBOT_KEY_TYPE; do
+    for var in CLOUDFLARE_API_TOKEN CERTBOT_DOMAINS CERTBOT_EMAIL CERTBOT_KEY_TYPE CERTBOT_SERVER CLOUDFLARE_CREDENTIALS_FILE CLOUDFLARE_PROPAGATION_SECONDS; do
         if [ -z "$(eval echo \$$var)" ]; then
             echo "Error: $var environment variable is not set"
             exit 1
@@ -144,7 +145,7 @@ trap cleanup TERM INT
 
 # Ensure backwards compatibility with the old CERTBOT_DOMAIN environment variable
 if [ -n "$CERTBOT_DOMAIN" ] && [ -z "$CERTBOT_DOMAINS" ]; then
-  CERTBOT_DOMAINS=$CERTBOT_DOMAIN
+    CERTBOT_DOMAINS=$CERTBOT_DOMAIN
 fi
 
 validate_environment_variables
@@ -157,7 +158,7 @@ if [ "$REPLACE_SYMLINKS" = "true" ]; then
     configure_windows_file_permissions
 fi
 
-cat << "EOF"
+cat <<"EOF"
  ____________________
 < Certbot, activate! >
  --------------------
@@ -171,17 +172,22 @@ EOF
 echo "🚀 Let's Get Encrypted! 🚀"
 echo "🌐 Domain(s): $CERTBOT_DOMAINS"
 echo "📧 Email: $CERTBOT_EMAIL"
+echo "🌐 Certbot Server: $CERTBOT_SERVER"
 echo "🔑 Key Type: $CERTBOT_KEY_TYPE"
 echo "⏰ Renewal Interval: $RENEWAL_INTERVAL seconds"
 echo "🕒 DNS Propagation Wait: $CLOUDFLARE_PROPAGATION_SECONDS seconds"
 echo "Let's Encrypt, shall we?"
 echo "-----------------------------------------------------------"
 
 # Create Cloudflare configuration file
-echo "dns_cloudflare_api_token = $CLOUDFLARE_API_TOKEN" > "$CLOUDFLARE_CREDENTIALS_FILE"
-chmod 600 "$CLOUDFLARE_CREDENTIALS_FILE"
-if ! is_default_privileges; then
-    chown "${PUID}:${PGID}" "$CLOUDFLARE_CREDENTIALS_FILE"
+if [ -f "$CLOUDFLARE_CREDENTIALS_FILE" ]; then
+    echo "Using existing Cloudflare credentials file: $CLOUDFLARE_CREDENTIALS_FILE"
+else
+    echo "dns_cloudflare_api_token = $CLOUDFLARE_API_TOKEN" > "$CLOUDFLARE_CREDENTIALS_FILE"
+    chmod 600 "$CLOUDFLARE_CREDENTIALS_FILE"
+    if ! is_default_privileges; then
+        chown "${PUID}:${PGID}" "$CLOUDFLARE_CREDENTIALS_FILE"
+    fi
 fi
 
 # Check if a command was passed to the container
@@ -210,20 +216,20 @@ else
         echo "Next certificate renewal check will be at ${next_run}"
 
         # Store PID of sleep process and wait for it
-        sleep "$RENEWAL_INTERVAL" & 
+        sleep "$RENEWAL_INTERVAL" &
         sleep_pid=$!
         wait $sleep_pid
         wait_status=$?
 
         # Check if we received a signal (more portable check)
         case $wait_status in
-            0) : ;; # Normal exit
-            *) cleanup ;;
+        0) : ;; # Normal exit
+        *) cleanup ;;
         esac
 
         if ! run_certbot; then
             echo "Error: Certificate renewal failed. Exiting."
             exit 1
         fi
     done
-fi
+fi
