Add support for CLOUDFLARE_PROPAGATION_SECONDS and CLOUDFLARE_CREDENTIALS_FILE environment variable (#18)

* Support optional CLOUDFLARE_PROPAGATION_SECONDS to control DNS propagation wait time

* Sorted ENV A-Z. Set CLOUDFLARE_PROPAGATION_SECONDS to 10

* Removed conditional and always include the --dns-cloudflare-propagation-seconds flag

* Added output for CLOUDFLARE_PROPAGATION_SECONDS

* Added ability to adjust CLOUDFLARE_CREDENTIALS_FILE

* Fix syntax error. Remove trailing slash

---------

Co-authored-by: Jay Rogers <[email protected]>

Author: lmerega

README.md

@@ -60,6 +60,8 @@ The following environment variables can be used to customize the Certbot contain
 | `CERTBOT_EMAIL`        | Email address for Let's Encrypt notifications                       | - |
 | `CERTBOT_KEY_TYPE`     | Type of private key to generate                                     | `ecdsa` |
 | `CLOUDFLARE_API_TOKEN` | Cloudflare API token for DNS authentication (see below how to create one)                         | - |
+| `CLOUDFLARE_CREDENTIALS_FILE` | Path to the Cloudflare credentials file. | `/cloudflare.ini` |
+| `CLOUDFLARE_PROPAGATION_SECONDS` | Wait time (in seconds) after setting DNS TXT records before validation. Useful if DNS propagation is slow. | `10` |
 | `DEBUG`                | Enable debug mode (prints more information to the console)            | `false`                    |
 | `PUID`                 | The user ID to run certbot as                                       | `0`                    |
 | `PGID`                 | The group ID to run certbot as                                        | `0`                    |

src/Dockerfile

@@ -11,6 +11,8 @@ ENV CERTBOT_DOMAINS="" \
     CERTBOT_EMAIL="" \
     CERTBOT_KEY_TYPE="ecdsa" \
     CLOUDFLARE_API_TOKEN="" \
+    CLOUDFLARE_CREDENTIALS_FILE="/cloudflare.ini" \
+    CLOUDFLARE_PROPAGATION_SECONDS="10" \
     DEBUG=false \
     PUID=0 \
     PGID=0 \

src/entrypoint.sh

@@ -107,7 +107,8 @@ run_certbot() {
 
     $certbot_cmd $debug_flag certonly \
         --dns-cloudflare \
-        --dns-cloudflare-credentials /cloudflare.ini \
+        --dns-cloudflare-credentials "$CLOUDFLARE_CREDENTIALS_FILE" \
+        --dns-cloudflare-propagation-seconds "$CLOUDFLARE_PROPAGATION_SECONDS" \
         -d "$CERTBOT_DOMAINS" \
         --key-type "$CERTBOT_KEY_TYPE" \
         --email "$CERTBOT_EMAIL" \
@@ -172,14 +173,15 @@ echo "🌐 Domain(s): $CERTBOT_DOMAINS"
 echo "📧 Email: $CERTBOT_EMAIL"
 echo "🔑 Key Type: $CERTBOT_KEY_TYPE"
 echo "⏰ Renewal Interval: $RENEWAL_INTERVAL seconds"
+echo "🕒 DNS Propagation Wait: $CLOUDFLARE_PROPAGATION_SECONDS seconds"
 echo "Let's Encrypt, shall we?"
 echo "-----------------------------------------------------------"
 
 # Create Cloudflare configuration file
-echo "dns_cloudflare_api_token = $CLOUDFLARE_API_TOKEN" > /cloudflare.ini
-chmod 600 /cloudflare.ini
+echo "dns_cloudflare_api_token = $CLOUDFLARE_API_TOKEN" > "$CLOUDFLARE_CREDENTIALS_FILE"
+chmod 600 "$CLOUDFLARE_CREDENTIALS_FILE"
 if ! is_default_privileges; then
-    chown "${PUID}:${PGID}" /cloudflare.ini
+    chown "${PUID}:${PGID}" "$CLOUDFLARE_CREDENTIALS_FILE"
 fi
 
 # Check if a command was passed to the container