Move certbot out of main compose file

check-and-renew-certs.sh

@@ -8,6 +8,7 @@ set -e
 
 # Configuration
 COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.yml"
+CERTBOT_COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.certbot.yml"
 DEPLOY_TRIGGER="/etc/letsencrypt/deploy-hook-triggered"
 
 # Ensure we're in the right directory
@@ -19,7 +20,7 @@ export PYTHONUNBUFFERED=1
 
 # Run certbot container with explicit non-interactive settings and timeout
 echo "[$(date)] Starting certificate renewal check..."
-if timeout --signal=KILL 5m docker compose -f "$COMPOSE_FILE" run --rm \
+if timeout --signal=KILL 5m docker compose -f "$CERTBOT_COMPOSE_FILE" run --rm --no-deps \
     -e TERM=dumb \
     -e PYTHONUNBUFFERED=1 \
     --no-TTY \

docker-compose.certbot.yml

@@ -0,0 +1,14 @@
+services:
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - /etc/letsencrypt:/etc/letsencrypt
+      - /var/lib/letsencrypt:/var/lib/letsencrypt
+      - /home/moeny/AppFlowy-Cloud/renew-certs.sh:/renew-certs.sh
+      - /home/moeny/keys/tsig.key:/tsig.key:ro
+    environment:
+      - BIND_SERVER=ns1.moeny.ai
+      - DOMAIN=appflowy.moeny.ai
+      - EMAIL=appflowy-certbot@moeny.ai
+      - TSIG_KEY=/tsig.key
+    entrypoint: sh /renew-certs.sh 

docker-compose.yml

@@ -220,20 +220,6 @@ services:
       - AF_BASE_URL=${APPFLOWY_BASE_URL:?err}
       - AF_GOTRUE_URL=${API_EXTERNAL_URL}
 
-  certbot:
-    image: certbot/certbot
-    volumes:
-      - /etc/letsencrypt:/etc/letsencrypt
-      - /var/lib/letsencrypt:/var/lib/letsencrypt
-      - /home/moeny/AppFlowy-Cloud/renew-certs.sh:/renew-certs.sh
-      - /home/moeny/keys/tsig.key:/tsig.key:ro
-    environment:
-      - BIND_SERVER=ns1.moeny.ai
-      - DOMAIN=appflowy.moeny.ai
-      - EMAIL=appflowy-certbot@moeny.ai
-      - TSIG_KEY=/tsig.key
-    entrypoint: sh /renew-certs.sh
-
 volumes:
   postgres_data:
   minio_data: