82 lines
3.1 KiB
Markdown
82 lines
3.1 KiB
Markdown
# docker-certbot-cron
|
|
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*. Define the environment variables `DOMAINS` (space-separated list of fully-qualified domain names) and `EMAIL` (your letsencrypt registration email) to automatically run `certbot` to renew/fetch your SSL certificates in the background. Configure `nginx` to pass off the ACME validation challenge, and you'll have zero-downtime, 100% automatic SSL certificates for all your Docker containers!
|
|
|
|
# ACME Validation challenge
|
|
|
|
To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container.
|
|
|
|
The recommended way to use this image is to set up your reverse proxy to automatically forward requests for the ACME validation challenges to this container.
|
|
|
|
## Nginx example
|
|
|
|
If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
|
|
|
|
``` nginx
|
|
server {
|
|
listen 80;
|
|
location '/.well-known/acme-challenge' {
|
|
default_type "text/plain";
|
|
# Note: this works with docker-compose only if the service name is `certbot`,
|
|
# and the `nginx` service `depends_on` the `certbot` service!
|
|
proxy_pass http://certbot:80;
|
|
}
|
|
}
|
|
```
|
|
|
|
## `docker-compose` example
|
|
|
|
To use this container with `docker-compose`, put something like the following into your configuration:
|
|
```yml
|
|
version '2'
|
|
services:
|
|
...
|
|
certbot:
|
|
image: staticfloat/docker-certbot-cron
|
|
container_name: certbot
|
|
volumes:
|
|
- certbot_etc_letsencrypt:/etc/letsencrypt
|
|
restart: unless-stopped
|
|
environment:
|
|
- DOMAINS="foo.bar.com baz.bar.com"
|
|
- EMAIL=email@domain.com
|
|
...
|
|
nginx:
|
|
...
|
|
depends_on:
|
|
- certbot
|
|
volumes:
|
|
- certbot_etc_letsencrypt:/etc/letsencrypt:ro
|
|
...
|
|
volumes:
|
|
certbot_etc_letsencrypt:
|
|
external: true
|
|
```
|
|
I personally like having my certificates stored in an external volume so that if I ever accidentally run `docker-compose down` I don't have to re-issue myself the certificates.
|
|
|
|
# More information
|
|
|
|
Find out more about letsencrypt: https://letsencrypt.org
|
|
|
|
Certbot github: https://github.com/certbot/certbot
|
|
|
|
This repository was originally forked from `@henridwyer`, many thanks to him for the good idea. I've basically taken his approach and made it less flexible/simpler for my own use cases, so if you want this repository to do something a particular way, make sure [his repo](https://github.com/henridwyer/docker-letsencrypt-cron) doesn't already do it.
|
|
|
|
# Changelog
|
|
|
|
### 0.5
|
|
- Change the name to `docker-certbot-cron`, update documentation, strip out even more stuff I don't care about.
|
|
|
|
### 0.4
|
|
- Rip out a bunch of stuff because `@staticfloat` is a monster, and likes to do things his way
|
|
|
|
### 0.3
|
|
- Add support for webroot mode.
|
|
- Run certbot once with all domains.
|
|
|
|
### 0.2
|
|
- Upgraded to use certbot client
|
|
- Changed image to use alpine linux
|
|
|
|
### 0.1
|
|
- Initial release
|