add argument to create 1 certificate per domain

Dockerfile

@@ -2,6 +2,7 @@ FROM python:2-alpine
 MAINTAINER Henri Dwyer <henri@dwyer.io>
 
 VOLUME /certs
+VOLUME /etc/letsencrypt
 EXPOSE 80
 
 RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\

README.md

@@ -11,7 +11,8 @@ In docker-compose.yml, change the environment variables:
 - WEBROOT: set this variable to the webroot path if you want to use the webroot plugin. Leave to use the standalone webserver.
 - DOMAINS: a space separated list of domains for which you want to generate certificates.
 - EMAIL: where you will receive updates from letsencrypt.
-- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
+- CONCAT: true or false, whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
+- SEPARATE: true or false, whether you want one certificate per domain or one certificate valid for all domains. 
 
 ## Running
 

docker-compose.yml

@@ -12,3 +12,4 @@ services:
       - DOMAINS=domain1.com domain2.com
       - EMAIL=webmaster@domain1.com
       - CONCAT=true
+      - SEPARATE=true

scripts/run_certbot.sh

@@ -1,34 +1,23 @@
 echo "Running certbot for domains $DOMAINS"
 
-# build arg string
-args=""
-if [ $WEBROOT ]
-then
-  args=" --webroot -w $WEBROOT"
-else
-  args=" --standalone --standalone-supported-challenges
-  http-01"
-fi
+get_certificate() {
+  # Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
+  # The certificate will be named after the first domain in the list
+  # To work, the following variables must be set:
+  # - CERT_DOMAINS : comma separated list of domains
+  # - EMAIL
+  # - CONCAT
+  # - args
 
-if $DEBUG
-then
-  args=$args" --debug"
-fi
-
-for d in $DOMAINS
-do
-  args=$args" -d $d"
-done
-
-certbot certonly --agree-tos --renew-by-default \
---text --server https://acme-v01.api.letsencrypt.org/directory \
---email $EMAIL $args
-ec=$?
-echo "certbot exit code $ec"
-if [ $ec -eq 0 ]
-then
-  for d in $DOMAINS
-  do
+  local d=${CERT_DOMAINS//,*/} # read first domain
+  echo "Getting certificate for $CERT_DOMAINS"
+  certbot certonly --agree-tos --renew-by-default -n \
+  --text --server https://acme-v01.api.letsencrypt.org/directory \
+  --email $EMAIL -d $CERT_DOMAINS $args
+  ec=$?
+  echo "certbot exit code $ec"
+  if [ $ec -eq 0 ]
+  then
     if $CONCAT
     then
       # concat the full chain with the private key (e.g. for haproxy)
@@ -38,8 +27,33 @@ then
       cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
       cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
     fi
-  done
-  echo "Success! Your new certificates are in /certs/"
+    echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs"
+  else
+    echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
+  fi
+}
+
+args=""
+if [ $WEBROOT ]
+then
+  args=" --webroot -w $WEBROOT"
 else
-  echo "Cerbot failed. Check the logs for details."
+  args=" --standalone --standalone-supported-challenges http-01"
+fi
+
+if $DEBUG
+then
+  args=$args" --debug"
+fi
+
+if $SEPARATE
+then
+  for d in $DOMAINS
+  do
+    CERT_DOMAINS=$d
+    get_certificate
+  done
+else
+  CERT_DOMAINS=${DOMAINS// /,}
+  get_certificate
 fi