Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client certbot, built on top of the nginx server.
Find out more about letsencrypt: https://letsencrypt.org
Certbot github: https://github.com/certbot/certbot
This repository was originally forked from @henridwyer, many thanks to him for the good idea. I've rewritten about 90% of this repository, so it bears almost no resemblance to the original. This repository is much more opinionated about the structure of your webservers/containers, however it is easier to use as long as all of your webservers follow that pattern.
Use this image with a Dockerfile such as:
FROM staticfloat/nginx-certbot
COPY *.conf /etc/nginx/conf.d/And a .conf file such as:
server {
listen 443 ssl;
server_name server.company.com;
ssl_certificate /etc/letsencrypt/live/server.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server.company.com/privkey.pem;
location / {
...
}
}Wrap this all up with a docker-compose.yml file:
version: '3'
services:
frontend:
restart: unless-stopped
build: frontend
ports:
- 80:80/tcp
- 443:443/tcp
environment:
- CERTBOT_EMAIL=owner@company.com
...- Ditch cron, it never liked me anway. Just use
sleepand awhileloop instead.
- Complete rewrite, build this image on top of the
nginximage, and runcron/certbotalongsidenginxso that we can have nginx configs dynamically enabled as we get SSL certificates.
- Add
nginx_auto_enable.shscript to/etc/letsencrypt/so that users can bring nginx up before SSL certs are actually available.
- Change the name to
docker-certbot-cron, update documentation, strip out even more stuff I don't care about.
- Rip out a bunch of stuff because
@staticfloatis a monster, and likes to do things his way
- Add support for webroot mode.
- Run certbot once with all domains.
- Upgraded to use certbot client
- Changed image to use alpine linux
- Initial release