Docker Certbot

docker_certbot.md

Docker Certbot obtain SSL Certificate

Starting Nginx Server

Create nginx.conf file:

server {
  listen 80;
  server_name your_domain.uz;

  location /.well-known/acme-challenge/ {
    root /var/www/certbot;
  }
}

Start nginx using docker

docker run -d --name nginx \
   -p 80:80 \
   -v "/root/nginx.conf:/etc/nginx/conf.d/default.conf" \
   -v "/data/certbot/letsencrypt:/etc/letsencrypt" \
   -v "/data/certbot/www:/var/www/certbot" \
   nginx

Change /root/nginx.conf to the path of your nginx.conf file

Running CertBot

docker run --rm --name temp_certbot \
  -v "/data/certbot/letsencrypt:/etc/letsencrypt" \
  -v "/data/certbot/www:/tmp/letsencrypt" \
  -v "/data/servers-data/certbot/log:/var/log" \
  certbot/certbot certonly --agree-tos \
  --renew-by-default --preferred-challenges http-01 \
  --webroot -w /tmp/letsencrypt \
  --email <your_email> \
  -d <your_domain>

If you are using Nginx locally (without Docker), you can bind direct dirs that nginx will use, without middle-dirs like /data/certbot:

docker run --rm --name temp_certbot \
  -v "/etc/letsencrypt:/etc/letsencrypt" \
  -v "/var/www/certbot:/tmp/letsencrypt" \
  -v "/certbot-logs:/var/log" \
  certbot/certbot certonly --agree-tos \
  --renew-by-default --preferred-challenges http-01 \
  --webroot -w /tmp/letsencrypt \
  --email <your_email> \
  -d <your_domain>

Renewing Certificate

Make sure you have binded necessary volumes in your running nginx container, and have nginx configured to handle acme-challenges

docker-compose.yaml example:

nginx:
  image: nginx
  volumes:
    ...
    - "/data/certbot/letsencrypt:/etc/letsencrypt"
    - "/data/certbot/www:/var/www/certbot"
    ...

Then run:

docker run --rm --name temp_certbot \
  -v "/data/certbot/letsencrypt:/etc/letsencrypt" \
  -v "/data/certbot/www:/tmp/letsencrypt" \
  -v "/data/servers-data/certbot/log:/var/log" \
  certbot/certbot certonly --agree-tos \
  --renew-by-default --preferred-challenges http-01 \
  --webroot -w /tmp/letsencrypt \
  --email <your_email> \
  -d <your_domain>

Reload Nginx:

docker exec -it <nginx_container> nginx -s reload

or if you are running Nginx locally:

sudo systemctl restart nginx