coreos-home-server/service/letsencrypt/systemd/letsencrypt-dns-renew@.service

[Unit]
Description="Let's Encrypt DNS01 certificate renewal for %I"
Wants=container-build@letsencrypt.service
After=container-build@letsencrypt.service

[Service]
Type=oneshot
SyslogIdentifier=%N
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
ExecStart=/bin/podman run --replace --rm --name letsencrypt-renew-%i \
                          --env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
                          --volume letsencrypt:/var/lib/letsencrypt:z \
                          --volume letsencrypt-certificates:/var/lib/letsencrypt-certificates:z \
                          --volume "letsencrypt-certificate-%i:/var/lib/letsencrypt-certificate-%i:z" \
                          localhost/letsencrypt:latest \
                          --pem --path --renew-hook /run-hook /var/lib/letsencrypt --domains "%i" \
                          --server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} renew

[Install]
WantedBy=multi-user.target