Certificates not saved

[mickael-palma-argus]

Hi,

The Dockerfile I use:

FROM certbot/dns-cloudflare:v0.37.2

ARG CLOUDFLARE_API_KEY=__SET_CLOUDFLARE_API_KEY__

ENV APP_FOLDER /app
ENV CLOUDFLARE_EMAIL my@email.fr
ENV CLOUDFLARE_API_KEY $CLOUDFLARE_API_KEY
ENV DOMAIN_NAME *.domain.com

WORKDIR $APP_FOLDER

COPY cloudflare.ini $APP_FOLDER/cloudflare.ini.tmp

RUN set -x && \
    apk update && \
    apk --no-cache add gettext && \
    envsubst '${CLOUDFLARE_EMAIL} ${CLOUDFLARE_API_KEY}' < cloudflare.ini.tmp > cloudflare.ini && \
    chmod 600 cloudflare.ini && \
    certbot certonly \
              --dns-cloudflare \
              --dns-cloudflare-credentials $APP_FOLDER/cloudflare.ini \
              -d "${DOMAIN_NAME}" \
              --non-interactive \
              --agree-tos \
              -m my@email.fr \
              --server https://acme-v02.api.letsencrypt.org/directory

The Cloudflare.ini file:

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = $CLOUDFLARE_EMAIL
dns_cloudflare_api_key = $CLOUDFLARE_API_KEY

I build the image with this command:

$ docker image build --build-arg CLOUDFLARE_API_KEY=__my_cloudflare_key__ -t certbot --no-cache .

The build succeeds but /etc/letsencrypt is empty.

But if I run the container:

$ docker container run -it --rm --entrypoint=/bin/ash certbot

then execute the same command, it works!!!

/app # certbot certonly \
>               --dns-cloudflare \
>               --dns-cloudflare-credentials $APP_FOLDER/cloudflare.ini \
>               -d "${DOMAIN_NAME}" \
>               --non-interactive \
>               --agree-tos \
>               -m mpalma@largus.fr \
>               --server https://acme-v02.api.letsencrypt.org/directory

This is driving me crazy, can you help ?

[mickael-palma-argus]

I think we found the problem!

You declare VOLUME /etc/letsencrypt /var/lib/letsencrypt in the base image.

Since certbot writes to /etc/letsencrypt, the changes done to the volume are discarded when the build ends.