Sample config files to demonstrate seup that creates and updates free SSL certificates from Let's Encrypt given that the domains are maintained at CloudFlare service.
Certbot verifies domains ownership by accessing CloudFlare API that adds temporary TXT DNS records. To enable it You must provide your CloudFlare API token. More details in documentation for dns-cloudflare Certbot plugin.
Certbot saves created certificates in Docker volume certbot_etc
. Pay attention to output of the certbot run - it mentions path to the created certificates.
-
Setup docker, docker-compose, domains, nginx – make your website work via plain HTTP.
-
docker-compose run certbot
to create certificates. It will wait for 60 seconds in the middle. Note the output of the command – it will contain actual paths to certificates. -
Update
nginx.conf
to use the right paths to certificates. -
ssl-dhparams.pem
is like a cryptographic "salt" - required by some of algorithms. Copy that file from somewhere or generate one with command:openssl dhparam -out ssl-dhparams.pem 2048
- that will take some minutes to generate.Copy the file into
certbot_etc
volume by command similar to:docker cp ./ssl-dhparams.pem my_app_nginx_1:/etc/letsencrypt/ssl-dhparams.pem
supposing the running NGINX container name is "my_app_nginx_1" - check withdocker ps
-
Test if NGINX config is OK:
docker-compose exec nginx nginx -t
-
Make NGINX reload the updated config:
docker-compose exec nginx nginx -s reload
@sergiks will the certificate get always renewed when the container starts in the docker compose file? I've looked into the official doc of the container and there are no details about it.