#jinja2: lstrip_blocks: "True" #!/bin/bash # For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled) # need to forward requests for `/.well-known/acme-challenge` to the certbot container. # # This can happen inside the container network by proxying to `http://matrix-certbot:8080` # or outside (on the host) by proxying to `http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`. docker run \ --rm \ --name=matrix-certbot \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network="{{ matrix_docker_network }}" \ -p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \ --mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \ --mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \ {{ matrix_ssl_lets_encrypt_certbot_docker_image }} \ renew \ --non-interactive \ --work-dir=/tmp \ --http-01-port 8080 \ {% if matrix_ssl_lets_encrypt_staging %} --staging \ {% endif %} --key-type {{ matrix_ssl_lets_encrypt_key_type }} \ --standalone \ --preferred-challenges http \ --agree-tos \ --email={{ matrix_ssl_lets_encrypt_support_email }} \ --no-random-sleep-on-renew