Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client certbot, built on top of the nginx server.
Find out more about letsencrypt: https://letsencrypt.org
Certbot github: https://github.com/certbot/certbot
This repository was originally forked from @henridwyer
, many thanks to him for the good idea. I've rewritten about 90% of this repository, so it bears almost no resemblance to the original. This repository is much more opinionated about the structure of your webservers/containers, however it is easier to use as long as all of your webservers follow that pattern.
Use this image with a Dockerfile
such as:
FROM staticfloat/nginx-certbot
COPY *.conf /etc/nginx/conf.d/
And a .conf
file such as:
server {
listen 443 ssl;
server_name server.company.com;
ssl_certificate /etc/letsencrypt/live/server.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server.company.com/privkey.pem;
location / {
...
}
}
Wrap this all up with a docker-compose.yml
file:
version: '3'
services:
frontend:
restart: unless-stopped
build: frontend
ports:
- 80:80/tcp
- 443:443/tcp
environment:
- CERTBOT_EMAIL=owner@company.com
...
- Ditch cron, it never liked me anway. Just use
sleep
and awhile
loop instead.
- Complete rewrite, build this image on top of the
nginx
image, and runcron
/certbot
alongsidenginx
so that we can have nginx configs dynamically enabled as we get SSL certificates.
- Add
nginx_auto_enable.sh
script to/etc/letsencrypt/
so that users can bring nginx up before SSL certs are actually available.
- Change the name to
docker-certbot-cron
, update documentation, strip out even more stuff I don't care about.
- Rip out a bunch of stuff because
@staticfloat
is a monster, and likes to do things his way
- Add support for webroot mode.
- Run certbot once with all domains.
- Upgraded to use certbot client
- Changed image to use alpine linux
- Initial release