Dockerized certbot.
The container will run certbot against all the domains provided with the environment variable domains.
If -e distinct=true is passed, certbot will be run separately for every listed domain.
docker volume create --name nginx-certs
# docker stop nginx
docker run \
-v nginx-certs:/etc/letsencrypt \
-e http_proxy=$http_proxy \
-e domains="example.com,example.org" \
-e email="me@example.com" \
-p 80:80 \
-p 443:443 \
--rm pierreprinetti/certbot:latest
# docker start nginx
You can put in crontab a call to a script shaped like this one.
Spin your favorite reverse proxy with something like:
docker run \
--name some-nginx \
-v nginx-certs:/etc/nginx/certs:ro \
-p 80:80 \
-p 443:443 \
--restart unless-stopped \
-d nginx:mainline-alpine
Example configuration for example.com in your dockerized nginx:
server {
listen 443 http2;
listen [::]:443 http2;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/certs/live/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/live/example.com/privkey.pem;
[...]