From 9ea5be22cb3eedc27a26b9ce316fd6614b8cb242 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sun, 29 Nov 2020 01:35:24 +0000
Subject: [PATCH] certbot: use certbot-auto & pip instead to get the latest
 version

we need this, because otherwise we don't get Cloudflare token support
:-/
---
 README.md                 |  2 +-
 images/certbot/Dockerfile | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index a3d0caf..51f1b43 100644
--- a/README.md
+++ b/README.md
@@ -42,4 +42,4 @@ UID     | GID	| Container				| Notes
 70		| 70	| etherpad				| 
 80		| 80	| serve					| Static HTTP Server based on Node.js
 90		| 90	| jellyfin				| 
-100		| 100	| certbot				| 
+2000	| 2000	| certbot				| 
diff --git a/images/certbot/Dockerfile b/images/certbot/Dockerfile
index 4a1f4a0..fcc9f56 100644
--- a/images/certbot/Dockerfile
+++ b/images/certbot/Dockerfile
@@ -1,15 +1,29 @@
 ARG REPO_LOCATION
 # ARG BASE_VERSION
 
+FROM ${REPO_LOCATION}minideb AS builder
+
+RUN install_packages curl ca-certificates && \
+	curl -sS https://dl.eff.org/certbot-auto -o /srv/certbot-auto
+
+
 FROM ${REPO_LOCATION}minideb
 
-RUN install_packages certbot python3-certbot-dns-cloudflare
+COPY --from=builder /srv/certbot-auto /srv/certbot-auto
+
+RUN /srv/certbot-auto --debug --noninteractive --install-only && \
+	install_packages python3-pip
+
+WORKDIR /opt/eff.org/certbot/venv
+RUN source bin/activate \
+	&& pip install certbot-dns-cloudflare \
+	&& deactivate
 
 # Only required if we use acme.sh instead of certbot: openssl openssh-client coreutils dnsutils curl socat tzdata tar oathtool
 
 VOLUME /srv/configdir /srv/workdir /srv/logsdir
 
-USER 100:100
+USER 2000:2000
 ENTRYPOINT [ "/usr/bin/certbot", \
 	"--config-dir", "/srv/configdir", \
 	"--work-dir", "/srv/workdir", \