The following is a docker compose file that is meant to use the cloudflare API in order to generate certificates for a given domain using letsencrypt and certbot.

The compose file can be used in a Docker swarm and several copies of the same file can be created with the domain changed in order to generate certificates for multiple domains.

version: '3.9'

services:
  certbot-DOMAIN:
    image: certbot/dns-cloudflare:latest
    command: certonly --dns-cloudflare --dns-cloudflare-credentials /run/secrets/cloudflare.ini -d DOMAIN -m EMAIL --agree-tos --non-interactive
    volumes:
      - /mnt/docker/data/certbot/DOMAIN/certs/:/etc/letsencrypt/
      - /mnt/docker/data/certbot/DOMAIN/logs/:/var/log/letsencrypt/
      - /mnt/docker/data/certbot/DOMAIN/secrets/:/run/secrets/

where:

• EMAIL is an administrative E-mail,
• DOMAIN is the domain for which to generate certificates

Additionally, a file named cloudflare.ini must be placed at /mnt/docker/data/certbot/secrets/cloudflare.ini with the following contents:

dns_cloudflare_email = CLOUDFLARE_ACCOUNT_EMAIL
dns_cloudflare_api_key = API_KEY

where:

• CLOUDFLARE_ACCOUNT_EMAIL is the E-mail address managing the DOMAIN for which to generate certificates for,
• API_KEY is the Cloudflare global API key

Alternatively, the same can be achieved by using a Cloudflare token via the dns_cloudflare_api_token configuration key in secrets.ini such that the Cloudflare E-Mail and global API key can be kept private.