Using Let’s Encrypt and Certbot with Nginx to enable connections over HTTPS

How it works

Installing Let’s Encrypt certificates while running Nginx on a Docker container

Volumes to the rescue

services:
...
nginx:
image: nginx:1.15
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
...
- certs:/etc/letsencrypt
- certs_data:/var/www/certbot
...
...
...
volumes:
...
certs:
certs_data:

Getting a new certificate

  • a special file: this is created by certbot's container (more to it further)
  • a special URL: <your domain>/.well-known/acme-challenge/
server {
listen 80;
...
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
  • It downloads certbot Docker container from Docker Hub
  • Spins this container in interactive mode (-it) and sets it to be removed as soon as it finishes running (--rm)
  • The container then runs the certonly command with the webroot options and additional data (marked by the -d flag); documentation about this command you can find here

Renewing the certificate

  1. On the terminal, type sudo crontab -e
  2. That will open cron configuration file. Add this line (modify settings accordingly) to it: docker run --rm -it --name certbot -v "website_certs:/etc/letsencrypt" -v "website_certs_data:/var/www/certbot" certbot/certbot:v0.30.0 renew --webroot --webroot-path /var/www/certbot >> /home/fabio/log/cronrun
  3. Save and close crontab

--

--

--

Back-End Web developer, Industrial Automation Engineer, Husband & Father.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Performance, Load and Stress Tests

Frontend Fundamentals

Weekly report(6.1–6.6):

Scheduling Algorithms in Operating Systems

Top 3 Challenges in Cross Browser Testing and How to Tackle Them

Win-Kex Kali Linux Seamless Error Fix

Moving from CarrierWave to ActiveStorage in a Rails app

Flashplayer For Mac

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fábio Molinar

Fábio Molinar

Back-End Web developer, Industrial Automation Engineer, Husband & Father.

More from Medium

Docker Desktop Alternative (Docker-CLI + Docker-Compose + Minkube + Hyperkit)

Install Ubuntu Server 64-bit on Raspberry Pi 4

Running OpenSSH in Windows PowerShell

Reduce the size of your Docker images with docker-slim