- Docker with the Docker Compose plugin
Download the following files and place them in your working directory:
compose.yaml— a sample production Docker Compose file.compose.override.yaml— includes development configurations. More about how overrides work can be found here..env— a sample environment file. Docker Compose will automatically use this for interpolating variables in your compose YAML files.
Download the Pebble test CA certificate from this link and save it as pebble.minica.pem.
⚠️ Important Notes:
- The
pebble.minica.pemfile is required by Traefik to securely communicate with the Pebble ACME server, as Pebble only serves requests over HTTPS.- This file acts as the default TLS certificate for the Pebble ACME server.
- Do not add
pebble.minica.pemto your system’s list of trusted root certificates. It is intended only for local development and used internally by Traefik.- If needed, you can generate a different CA manually. Refer to the official Pebble documentation for details.
Place the pebble.minica.pem file in the same directory as compose.override.yaml, or adjust the volume mount path in that file to match your setup.
Open and edit the .env file with the following changes:
- Set
ACME_CA_SERVERtohttps://pebble_acme:14000/dir— this is the Pebble container’s internal ACME directory URL. - Replace the default domain in
WHOAMI_HOST(e.g.,example.local) with your own development domain or subdomain.
Run the following command to launch the stack:
docker compose upOnce running, Traefik should automatically request and assign a TLS certificate to the configured WHOAMI_HOST.
🔄 Heads-up: Every time the Pebble container restarts, a new certificate will be issued for the domain, subdomain(s), or wildcard you've configured. This is by design—Pebble does not retain state by default and there's no built-in persistence for certificates across container restarts.