From 2e5f1cddb6899592420c0ec01983819b1ee68278 Mon Sep 17 00:00:00 2001
From: rodley82 <rodolfo.leyes@gmail.com>
Date: Thu, 30 Oct 2025 23:28:16 -0300
Subject: [PATCH] rough idea based on a working project

---
 Dockerfile           |  6 ++++++
 aws_config.example   |  3 +++
 docker-compose.yml   | 18 ++++++++++++++++++
 docker-entrypoint.sh | 35 +++++++++++++++++++++++++++++++++++
 output/.keep         |  0
 5 files changed, 62 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 aws_config.example
 create mode 100644 docker-compose.yml
 create mode 100755 docker-entrypoint.sh
 create mode 100644 output/.keep

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5910949
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,6 @@
+FROM certbot/dns-route53:latest
+
+# Set the working directory in the container
+COPY docker-entrypoint.sh docker-entrypoint.sh
+
+ENTRYPOINT [ "./docker-entrypoint.sh" ]
diff --git a/aws_config.example b/aws_config.example
new file mode 100644
index 0000000..a315f25
--- /dev/null
+++ b/aws_config.example
@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id=AWS_ACCESS_KEY_ID
+aws_secret_access_key=AWS_SECRET_ACCESS_KEY
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e292cea
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,18 @@
+version: "3.7"
+services:
+  certbot:
+    build: .
+    image: route53-wildcard-certbot
+    environment:
+      - AWS_CONFIG_FILE=/opt/certbot/aws_config
+      - CERT_FILES_OUTPUT_PATH=/opt/certbot/output
+      - DOMAIN=mydomain.com
+      - REGULAR_USER_UID=1000
+      - REGULAR_USER_GID=1000
+      - CERTBOT_EMAIL=sample@email.com
+    volumes:
+      - ./output:/opt/certbot/output
+      - ./aws_config:/opt/certbot/aws_config
+    # Uncomment the following lines to start the container and keep it running for troubleshooting and manual execution
+    # entrypoint: ""
+    # command: tail -f /dev/null
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000..842d5a4
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,35 @@
+#! /bin/sh
+
+EMAIL=$CERTBOT_EMAIL
+if [ -z "$EMAIL" ]; then
+  echo "CERTBOT_EMAIL is not set. A valid email has to be defined in the env variable. Exiting."
+  exit 1
+fi
+
+OUTPUT_PATH=$CERT_FILES_OUTPUT_PATH
+if [ -z "$OUTPUT_PATH" ]; then
+  echo "CERT_FILES_OUTPUT_PATH is not set. A valid path has to be defined in the env variable. Exiting."
+  exit 1
+fi
+
+DOMAIN=$DOMAIN
+
+certbot certonly -v --dns-route53 -d $DOMAIN -d *.$DOMAIN -i nginx --non-interactive --agree-tos --email $EMAIL
+if [ $? -ne 0 ]; then
+  echo "Failed to obtain certificate. Exiting."
+  exit 1
+fi
+
+if [ -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem ]; then
+  echo "Certificate obtained successfully. Copying files to output path."
+  cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $OUTPUT_PATH/fullchain.pem
+  cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $OUTPUT_PATH/privkey.pem
+  if [ -n "$REGULAR_USER_UID" ] && [ -n "$REGULAR_USER_GID" ]; then
+    echo "Changing owner of files to $REGULAR_USER_UID:$REGULAR_USER_GID"
+    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/fullchain.pem
+    chown $REGULAR_USER_UID:$REGULAR_USER_GID $OUTPUT_PATH/privkey.pem
+  fi
+else
+  echo "Certificate not found. Exiting."
+  exit 1
+fi
diff --git a/output/.keep b/output/.keep
new file mode 100644
index 0000000..e69de29