update 2024-04-22

Changes:
- add jinja2 template engine instead of string-replacing
- fix certbot cron usage
- replace json servers configuration with yaml

certbot/Dockerfile

@@ -6,15 +6,11 @@ ARG EMAIL
 
 RUN apk add certbot bash
 
-RUN echo "#!/bin/sh" > /usr/bin/update_certificates && \
-    echo "certbot renew --quiet" >> /usr/bin/update_certificates && \
-    echo "cp -rL /etc/letsencrypt/live/* /ssl/" >> /usr/bin/update_certificates && \
+RUN mkdir -p /etc/letsencrypt /etc/letsencrypt.bak /ssl/.well-known && \
     \
-    mkdir -p /etc/letsencrypt /ssl/.well-known && \
+    echo "webroot-path = /ssl/" > /etc/letsencrypt.bak/cli.ini && \
     \
-    echo "webroot-path = /ssl/" > /etc/letsencrypt/cli.ini && \
-    \
-    echo '15 2 */7 * * /usr/bin/update_certificates' > /etc/crontabs/root && \
+    echo '15 2 */7 * * /run_once' > /etc/crontabs/root && \
     \
     echo "echo 'running with cron'" > /run_with_cron && \
     echo "cp /etc/letsencrypt.bak/cli.ini /etc/letsencrypt/cli.ini" >> /run_with_cron && \
@@ -25,7 +21,7 @@ RUN echo "#!/bin/sh" > /usr/bin/update_certificates && \
     echo "if [ ! -f /ssl/domains.txt ]; then echo 'No domains.txt file found in /ssl, exiting' && exit 1; fi" >> /run_once && \
     echo 'for domain in $(cat /ssl/domains.txt); do case $domain in "#"*) :; ;; *) certbot certonly -n --authenticator webroot -d $domain; ;; esac; done' >> /run_once && \
     echo "cp -rL /etc/letsencrypt/live/* /ssl/" >> /run_once && \
-    chmod +x /usr/bin/update_certificates
+    chmod +x /run_once
 
 RUN certbot register --email $EMAIL --non-interactive --agree-tos