## docker build
```sh
docker build -t nginx-certbot .
```

## docker run
```sh
docker run -d \
-v path:/etc/letsencrypt/ \
-v path:/etc/nginx/conf.d \
-v path:/etc/nginx/nginx.conf:ro \
-v path:/etc/nginx/sites-enabled \
-v path:/var/www \
-e CLOUDFLARE_EMAIL="youremail" \
-e CLOUDFLARE_API_KEY="yourkey" \
-e DOMAIN="your.domain.com,*.domain.com"
--net host \
--name nginx \
--restart=always \
nginx-certbot
```

## docker compose
```yml
version: "3.5"

services:
  nginx:
    build: .
    environment:
      DOMAIN: "domain.com,*.domain.com"     # 등록할 도메인 주소
      CLOUDFLARE_EMAIL: "your@email.com"    # 클라우드플레어 이메일주소
      CLOUDFLARE_API_KEY: "your-key"        # 클라우드플레어 api 키
    volumes:
      - path:/etc/letsencrypt/              # certbot 이 생성한 키 보관위치
      - path:/etc/nginx/conf.d              # nginx conf.d 폴더
      - path/nginx.conf:/etc/nginx/nginx.conf:ro # nginx.confg
      - path:/etc/nginx/sites-enabled       # nginx sites-enalbe 폴더
      - path:path:/var/www                  # 기본 www 폴더
    network_mode: host                      # 용도에 맞게 변환
```

## create certificate
```sh
# enter nginx bash shell
docker exec -it nginx bash

# excute shell script
./ create-cert-cloudflare.sh

# reload nginx
nginx -s reload
```

## acme-challenge.conf

`acme-challenge.conf` 을 conf.d 에 포함

```
server {
    listen 80;
    listen [::]:80;
    server_name your.domain;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/html;
    }
}
```