All the configuration needed to deploy certbot in docker and integrate it with your hosting reverse proxy.
You can clone or download the project from the current repository.
Create in the directory of the project the file .env
and setting up the following information:
DOMAINS="guilledev.com www.guilledev.com"
DOMAIN=guilledev.com
EMAIL=my@guilledev.com
CERTBOT_CERT_PATH=/home/app/angemy/certbot
DOMAINS
: Is the list of domains that you want to have under the same ssl certificate.DOMAIN
: Is the main domain related to the ssl certificate.EMAIL
: Email under Let's Encrypt will send and communicate with you.CERTBOT_CERT_PATH
: This is a folder where all the information related to certbot will be stored by the docker container.
In any place of your hosting you need to create a folder that will be used to store the information used by the certbot docker container.
This new configuration need to be added to the hosting nginx. With this configuration certbot will be able to make the validation of the domain and at the same time nginx will be integrated with the certificates generated by Let's Encrypt.
server {
listen 80;
server_name guilledev.com www.guilledev.com;
location /.well-known/acme-challenge/ {
# CERTBOT_CERT_PATH
root /home/app/nginx/certbot_config;
}
# Force any unsecure navigation to use SSL
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
server_name guilledev.com www.guilledev.com;
# CERTBOT_CERT_PATH with the internal path to the certificates, #
# change guilledev.com by you main domain #
ssl_certificate /home/app/nginx/certbot/live/guilledev.com/fullchain.pem;
ssl_certificate_key /home/app/nginx/certbot/live/guilledev.com/privkey.pem;
# The internal redirection to your services
location / {
default_type text/html;
return 200 "<!DOCTYPE html><h2>in progress!!!</h2>\n";
}
}
After the steps 1 and 2 where finish, you can follow the following steps to start your docker container.
# ./deploy.sh <name of the docker container>
./deploy.sh guilledev_certbot
Note: this will start the docker container with some dummy certificates to allow nginx restart with the new configuration
After the docker container is running, it will create a dummy certificate so the configuration of nginx will not fail because the certificates are not available. Before restart the nginx, run the following command to the check the integrity of the nginx configuration:
sudo nginx -t
If the output is ok then you can restart the nginx:
sudo service nginx restart
After the nginx was restarted, then you can execute the next command that will allow the certbot docker container to validate and get the new certificates from Let's Encrypt.
./continue.sh
To be sure that everything when right, you can check the docker container logs:
docker logs <contaner name>
The license of this application can be found here LICENSE.md