Add support for "--expand" and "--cert-name" (#21)

* Add support for expand

When adding mulitple hosts on a single cloudflare domain, the additional domains will be added as "Subject Alternative Name" and the certificate will need to be updated. Since the default setting in certbot is to ask, this fails.

This change adds support for CERTBOT_EXPAND, which when set to true, will add the `--expand` option on the certbot run.

* Update docs and Dockerfile

Removed entry for CERTBOT_EXPAND in Dockerfile as it's optional.
Updated docs to include CERTBOT_EXPAND

* Enhance README and Dockerfile; deprecate CERTBOT_EXPAND
Updated README to clarify usage of CERTBOT_DOMAINS and introduced CERTBOT_CERT_NAME for explicit certificate management. Marked CERTBOT_EXPAND as deprecated, recommending the use of CERTBOT_CERT_NAME instead. Adjusted Dockerfile to include new environment variable and set default values accordingly.

---------

Co-authored-by: Henti Smith <henti.smith@oxa.tech>
Co-authored-by: Jay Rogers <jaydrogers@users.noreply.serversideup.net>
Co-authored-by: Jay Rogers <3174134+jaydrogers@users.noreply.github.com>

Author: 3 people

README.md

@@ -56,7 +56,9 @@ The following environment variables can be used to customize the Certbot contain
 
 | Variable               | Description                                                         | Default Value |
 |------------------------|---------------------------------------------------------------------|---------------|
-| `CERTBOT_DOMAINS`      | Comma-separated list of domains for which to obtain the certificate | - |
+| `CERTBOT_DOMAINS`      | Comma-separated list of domains for which to obtain the certificate (example: `example.com,www.example.com`) | - |
+| `CERTBOT_CERT_NAME`    | Explicit certificate name to update/modify ([See official docs →](https://eff-certbot.readthedocs.io/en/stable/using.html#changing-a-certificate-s-domains)) | - |
+| `CERTBOT_EXPAND`       | **DEPRECATED**: Expand existing certificate to add domains (use CERTBOT_CERT_NAME instead, [see official docs →](https://eff-certbot.readthedocs.io/en/stable/using.html#re-creating-and-updating-existing-certificates)) | `false` |
 | `CERTBOT_EMAIL`        | Email address for Let's Encrypt notifications                       | - |
 | `CERTBOT_KEY_TYPE`     | Type of private key to generate                                     | `ecdsa` |
 | `CERTBOT_SERVER`       | The ACME server URL                                                 | `https://acme-v02.api.letsencrypt.org/directory` |

src/Dockerfile

@@ -9,6 +9,8 @@ ARG CERTBOT_GID=9999
 
 ENV CERTBOT_DOMAINS="" \
     CERTBOT_EMAIL="" \
+    CERTBOT_EXPAND=false \
+    CERTBOT_CERT_NAME="" \
     CERTBOT_KEY_TYPE="ecdsa" \
     CERTBOT_SERVER="https://acme-v02.api.letsencrypt.org/directory" \
     CLOUDFLARE_API_TOKEN="" \

src/entrypoint.sh

@@ -105,6 +105,16 @@ run_certbot() {
     debug_flag=""
     [ "$DEBUG" = "true" ] && debug_flag="-v"
 
+     # Build additional certbot flags using positional parameters
+    set --  # Reset positional parameters
+    
+    if [ -n "$CERTBOT_CERT_NAME" ]; then
+        set -- "$@" --cert-name "$CERTBOT_CERT_NAME"
+    elif [ "$CERTBOT_EXPAND" = "true" ]; then
+        set -- "$@" --expand
+    fi
+
+    # Run certbot command
     $certbot_cmd $debug_flag certonly \
         --dns-cloudflare \
         --dns-cloudflare-credentials "$CLOUDFLARE_CREDENTIALS_FILE" \
@@ -115,7 +125,8 @@ run_certbot() {
         --server "$CERTBOT_SERVER" \
         --agree-tos \
         --non-interactive \
-        --strict-permissions
+        --strict-permissions \
+        "$@"
     exit_code=$?
     if [ $exit_code -ne 0 ]; then
         echo "Error: certbot command failed with exit code $exit_code"