Skip to content

Instantly share code, notes, and snippets.

@taufiqpsumarna

taufiqpsumarna/README.md

Last active April 15, 2025 03:04
Show Gist options
  • Save taufiqpsumarna/8358ec20bbb6c20ee92244cc3b48eedb to your computer and use it in GitHub Desktop.
Save taufiqpsumarna/8358ec20bbb6c20ee92244cc3b48eedb to your computer and use it in GitHub Desktop.
Download ZIP
Docker Nginx + Certbot: Auto HTTPS with Let's Encrypt
Raw
README.md

Automated SSL with Docker, Nginx, and Certbot

This setup enables automatic creation and renewal of free SSL certificates using Let's Encrypt with Certbot in a Dockerized Nginx environment.

βœ… Features:

Issue new HTTPS certificates via Certbot using --webroot challenge

Auto-renew certificates before they expire (via cron)

Docker volume persistence for /etc/letsencrypt and challenge files

Secure and non-interactive deployment with optional Nginx reload hook

πŸ“¦ Components:

Nginx (Docker): Acts as a reverse proxy and serves challenge files

Certbot (Docker): Manages certificate issuance and renewal

Cron job: Scheduled renewal script with optional logging and error handling

πŸ” Perfect for production-ready Docker environments that need HTTPS without manual renewal.

Raw
cronjob
#Certbot (Renew cert every 2 Months)
0 0 1 */2 * /path/to/renewal.sh
Raw
newcert.sh
#!/bin/bash
docker run --rm --name temp_certbot \
-v $(pwd)/certbot/letsencrypt:/etc/letsencrypt \
-v $(pwd)/certbot/www:/tmp/letsencrypt \
-v $(pwd)/certbot/log:/var/log \
certbot/certbot \
certonly --webroot --agree-tos --renew-by-default \
--preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory \
--text --email REPLACE_WITH_YOUR_EMAIL \
-w /tmp/letsencrypt -d REPLACE_WITH_YOUR_DOMAIN -v
#For Test only (staging-letsencrypt)
# docker run --rm --name temp_certbot \
# -v $(pwd)/certbot/letsencrypt:/etc/letsencrypt \
# -v $(pwd)/certbot/www:/tmp/letsencrypt \
# -v $(pwd)/certbot/log:/var/log \
# certbot/certbot \
# certonly --webroot --agree-tos --renew-by-default \
# --preferred-challenges http-01 --server https://acme-staging-v02.api.letsencrypt.org/directory \
# --text --email [email protected] \
# -w /tmp/letsencrypt -d REPLACE_WITH_YOUR_DOMAIN -v
Raw
renewal.sh
#!/bin/bash
docker run --rm \
-v /home/ubuntu/docker/nginx/certbot/letsencrypt:/etc/letsencrypt \
-v /home/ubuntu/docker/nginx/home/ubuntu/certbot/www:/var/www/certbot \
certbot/certbot renew --webroot -w /var/www/certbot --no-random-sleep-on-renew \
docker restart nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment