nginx and letsencrypt dns-01

compose.yml

version: '3'

services:
  nginx:
    image: nginx:mainline-alpine
    restart: always
    command: nginx -g "daemon off;"
    labels:
      - 'nginx-container'
    ports:
      - '80:80'
      - '443:443/tcp'
      - '443:443/udp'
    volumes:
      - "/opt/nginx/certs:/etc/nginx/certs:ro"

  certbot:
    image: certbot/dns-cloudflare:latest
    entrypoint: ["certbot", "certonly", "--dns-cloudflare", "--dns-cloudflare-credentials", "/opt/certbot/credentials/config.ini"]
    volumes:
      - "/opt/nginx/certs:/etc/letsencrypt"
      - "/opt/nginx/credentials:/opt/certbot/credentials"
    deploy:
      replicas: 0

  tasker:
    image: strm/tasker:latest
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      configuration: |-
        schedule:
          - every: day
            task: renew
          - every: day
            task: reload-nginx
        tasks:
          docker:
            - name: renew
              image: certbot/dns-cloudflare:latest
              entrypoint: certbot
              arguments: renew
              volumes:
                - "/opt/nginx/certs:/etc/letsencrypt"
                - "/opt/nginx/credentials:/opt/certbot/credentials"
            - name: reload-nginx
              image: docker:cli
              script:
                - docker kill --signal=HUP $(docker container ls -f 'label=nginx-container' --format '{{.ID}}')