a5e9215d92 | ||
---|---|---|
scripts | ||
Dockerfile | ||
LICENSE | ||
Makefile | ||
README.md | ||
crontab |
README.md
docker-certbot-cron
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client certbot. Define the environment variables DOMAINS
(space-separated list of fully-qualified domain names) and EMAIL
(your letsencrypt registration email) to automatically run certbot
to renew/fetch your SSL certificates in the background. Configure nginx
to pass off the ACME validation challenge, and you'll have zero-downtime, 100% automatic SSL certificates for all your Docker containers!
ACME Validation challenge
To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container.
The recommended way to use this image is to set up your reverse proxy to automatically forward requests for the ACME validation challenges to this container.
Nginx example
If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
server {
listen 80;
location '/.well-known/acme-challenge' {
default_type "text/plain";
# Note: this works with docker-compose only if the service name is `certbot`,
# and the `nginx` service `depends_on` the `certbot` service!
proxy_pass http://certbot:80;
}
}
docker-compose
example
To use this container with docker-compose
, put something like the following into your configuration:
version '2'
services:
...
certbot:
image: staticfloat/docker-certbot-cron
container_name: certbot
volumes:
- certbot_etc_letsencrypt:/etc/letsencrypt
restart: unless-stopped
environment:
- DOMAINS="foo.bar.com baz.bar.com"
- EMAIL=email@domain.com
...
nginx:
...
depends_on:
- certbot
volumes:
- certbot_etc_letsencrypt:/etc/letsencrypt:ro
...
volumes:
certbot_etc_letsencrypt:
external: true
I personally like having my certificates stored in an external volume so that if I ever accidentally run docker-compose down
I don't have to re-issue myself the certificates.
More information
Find out more about letsencrypt: https://letsencrypt.org
Certbot github: https://github.com/certbot/certbot
This repository was originally forked from @henridwyer
, many thanks to him for the good idea. I've basically taken his approach and made it less flexible/simpler for my own use cases, so if you want this repository to do something a particular way, make sure his repo doesn't already do it.
Changelog
0.5
- Change the name to
docker-certbot-cron
, update documentation, strip out even more stuff I don't care about.
0.4
- Rip out a bunch of stuff because
@staticfloat
is a monster, and likes to do things his way
0.3
- Add support for webroot mode.
- Run certbot once with all domains.
0.2
- Upgraded to use certbot client
- Changed image to use alpine linux
0.1
- Initial release