Versions Compared

Old Version 1

changes.mady.by.user John

Saved on

compared with

New Version Current

changes.mady.by.user John

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

> ./certbot-auto certonly

...

Installing with NGINX in a Docker Container


Build an image with certbot installed

> vi Dockerfile

Code Block
FROM webdevops/php-apache:ubuntu-12.04

RUN wget https://dl.eff.org/certbot-auto
RUN chmod a+x ./certbot-auto
RUN   ./certbot-auto -n --install-only

> docker build -t ca/certbot .

debian:buster

# Installation de NGINX et dnsmasq
RUN apt-get update
RUN apt-get install nginx curl dnsmasq -y
RUN apt-get install -y wget
RUN apt-get install -y apache2-utils
RUN apt-get install -y python-minimal

# Création du dossier contenant les certificats
RUN mkdir /etc/nginx/certificates

# Volumes
VOLUME /etc/nginx/sites-enabled
VOLUME /etc/nginx/certificates

# Copie des fichiers de configuration
COPY confs/nginx.conf /etc/nginx/
COPY confs/proxy.conf /etc/nginx/conf.d/

RUN apt-get install -y certbot
RUN apt-get install -y python-certbot-nginx

# Exposition du port
EXPOSE 80 443

# Add command
CMD ["nginx", "-g", "daemon off;"]
HEALTHCHECK CMD curl --fail http://localhost || exit 1

docker build -t jmehan/nginx .

. 


Create a container from the image

> vi buildDocker.sh

Code Block
CONTAINER=certbotproxy
IMAGE=cajmehan/certbotnginx
HOSTNAME=$1

echo Configuring with hostname: $HOSTNAMEDIR=`pwd -P`

docker stop $CONTAINER
docker rm $CONTAINER
#docker rmi $IMAGE

docker run -d \
--net host \
--name $CONTAINER \
 -p 7077:80--restart=always \
-h $HOSTNAMEv $DIR/conf:/etc/nginx/sites-enabled \
-v $PWD$DIR/webconf.d:/appetc/nginx/conf.d \
-v $PWD$DIR/letsencrypt:/etc/letsencrypt \
-e php.short_open_tag='On' \
-e php.post_max_size='20971520' \
-e php.upload_max_filesize='20971520' \
-e php.magic_quotes_gpc='off' \
-e php.session.save_handler='files' \
$IMAGE

--health-cmd='curl --fail https://wiki.jmehan.com || exit 1' \
$IMAGE

docker logs -f $CONTAINER


> ./buildDocker.sh


View logs to see if the certbot our container started properly

> docker logs -f certbotproxy


Execute certbot-auto to create our cert

> docker docker exec -it certbot .proxy /usr/bin/certbot --auto certonlynginx

Code Block
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

HowWhich names would you like to authenticateactivate with the ACME CAHTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: creativeattitude.com
...
----------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
---------------------------------------

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2

Plugins selected: Authenticator webroot, Installer None

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): test.jmehan.com

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.jmehan.com
Input the webroot for test.jmehan.com: (Enter 'c' to cancel): /app
Waiting for verification...
Cleaning up challenges

...


Renewing Certificates


Script: renewAllCerts.sh

Code Block
languagebash
titlerenewAllCerts.sh
#!/bin/bash
  
set -e

DOMAINS=(
 "bcs.jmehan.com"
 "www.jmehan.com"
)

for d in ${DOMAINS[*]}; do
  echo "*** Renewing - $d"
  docker exec -it proxy /usr/bin/certbot --nginx -n -d $d
done

echo "**** ALL DONE *****"

      

References

ReferenceURL
Getting Startedhttps://letsencrypt.org/getting-started/
*Using Certbot Autohttps://certbot.eff.org/docs/install.html#certbot-auto
Certbot User Guidehttps://certbot.eff.org/docs/using.html#certbot-commands