Add support for expand

README.md

@@ -57,6 +57,7 @@ The following environment variables can be used to customize the Certbot contain
 | Variable               | Description                                                         | Default Value |
 |------------------------|---------------------------------------------------------------------|---------------|
 | `CERTBOT_DOMAINS`      | Comma-separated list of domains for which to obtain the certificate | - |
+| `CERTBOT_EXPAND`       | Expand existing certificate to add Subject Alternative Name domains | - |
 | `CERTBOT_EMAIL`        | Email address for Let's Encrypt notifications                       | - |
 | `CERTBOT_KEY_TYPE`     | Type of private key to generate                                     | `ecdsa` |
 | `CERTBOT_SERVER`       | The ACME server URL                                                 | `https://acme-v02.api.letsencrypt.org/directory` |

src/Dockerfile

@@ -33,4 +33,4 @@ RUN apk update && \
 ENTRYPOINT ["/entrypoint.sh"]
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
-    CMD [ -f "/etc/letsencrypt/live/$(echo "$CERTBOT_DOMAINS" | cut -d',' -f1)/fullchain.pem" ]
+    CMD [ -f "/etc/letsencrypt/live/$(echo "$CERTBOT_DOMAINS" | cut -d',' -f1)/fullchain.pem" ]

src/entrypoint.sh

@@ -105,6 +105,13 @@ run_certbot() {
     debug_flag=""
     [ "$DEBUG" = "true" ] && debug_flag="-v"
 
+    # Check if we need to expand
+    if [ "$CERTBOT_EXPAND" == "true" ]; then
+        expand="--expand"
+    else
+        expand=""
+    fi
+
     $certbot_cmd $debug_flag certonly \
         --dns-cloudflare \
         --dns-cloudflare-credentials "$CLOUDFLARE_CREDENTIALS_FILE" \
@@ -113,6 +120,7 @@ run_certbot() {
         --key-type "$CERTBOT_KEY_TYPE" \
         --email "$CERTBOT_EMAIL" \
         --server "$CERTBOT_SERVER" \
+        $expand \
         --agree-tos \
         --non-interactive \
         --strict-permissions