certbot: use certbot-auto & pip instead to get the latest version

we need this, because otherwise we don't get Cloudflare token support 
:-/

README.md

@@ -42,4 +42,4 @@ UID     | GID	| Container				| Notes
 70		| 70	| etherpad				| 
 80		| 80	| serve					| Static HTTP Server based on Node.js
 90		| 90	| jellyfin				| 
-100		| 100	| certbot				| 
+2000	| 2000	| certbot				| 

images/certbot/Dockerfile

@@ -1,15 +1,29 @@
 ARG REPO_LOCATION
 # ARG BASE_VERSION
 
+FROM ${REPO_LOCATION}minideb AS builder
+
+RUN install_packages curl ca-certificates && \
+	curl -sS https://dl.eff.org/certbot-auto -o /srv/certbot-auto
+
+
 FROM ${REPO_LOCATION}minideb
 
-RUN install_packages certbot python3-certbot-dns-cloudflare
+COPY --from=builder /srv/certbot-auto /srv/certbot-auto
+
+RUN /srv/certbot-auto --debug --noninteractive --install-only && \
+	install_packages python3-pip
+
+WORKDIR /opt/eff.org/certbot/venv
+RUN source bin/activate \
+	&& pip install certbot-dns-cloudflare \
+	&& deactivate
 
 # Only required if we use acme.sh instead of certbot: openssl openssh-client coreutils dnsutils curl socat tzdata tar oathtool
 
 VOLUME /srv/configdir /srv/workdir /srv/logsdir
 
-USER 100:100
+USER 2000:2000
 ENTRYPOINT [ "/usr/bin/certbot", \
 	"--config-dir", "/srv/configdir", \
 	"--work-dir", "/srv/workdir", \