NEW: Lets encrypt SSL Sign

2021-03-18 18:09:18 +01:00 · 2021-03-18 18:09:18 +01:00 · 95a9c62236
parent f73543cbe2
commit 95a9c62236
1 changed files with 94 additions and 0 deletions
--- a/letsencrypt.md
+++ b/letsencrypt.md
@ -0,0 +1,94 @@
+# Generate SSL Certificates using Certbot and Docker
+
+Based on [this post](https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx)
+
+## Preparation
+1. In `pwd` create `Site` with a dummy `index.html`
+
+2. Create `docker-compose.yml` with the following content:
+```
+version: '3.1'
+
+services:
+    letsencrypt:
+        image: nginx:latest
+        container_name: letsencrypt
+        ports:
+            - 80:80
+        volumes:
+            - ./nginx.conf:/etc/nginx/conf.d/default.conf
+            - ./Site:/usr/share/nginx/html
+        networks:
+            - docker-network
+
+networks:
+    docker-network:
+        driver: bridge
+```
+
+3. Create `nginx.conf` with the following content:
+```
+server {
+    listen 80;
+    listen [::]:80;
+    server_name jeanclaudegraf.ch *.jeanclaudegraf.ch;
+
+    location ~ /.well-known/acme-challenge {
+        allow all;
+        root /usr/share/nginx/html;
+    }
+
+    root /usr/share/nginx/html;
+    index index.html;
+}
+
+```
+
+## Sign Certificate for Domain or Subdomain
+1. Create Subdomain and all necessary records
+
+2. Start Nginx docker service `docker-compose up`
+
+3. Create Test Certificate
+```
+sudo docker run -it --rm \
+-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
+-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
+-v ${PWD}/Site:/data/letsencrypt \
+-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
+certbot/certbot \
+certonly --webroot \
+--register-unsafely-without-email --agree-tos \
+--webroot-path=/data/letsencrypt \
+--staging \
+-d www.jeanclaudegraf.ch 
+```
+
+3. Remove temp files `rm -rf /docker-volume/`
+
+4. Create Certificate
+```
+sudo docker run -it --rm \
+-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
+-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
+-v ${PWD}/Site:/data/letsencrypt \
+-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
+certbot/certbot \
+certonly --webroot \
+--email mail@jeanclaudegraf.ch --agree-tos --no-eff-email \
+--webroot-path=/data/letsencrypt \
+-d www.jeanclaudegraf.ch -d jeanclaudegraf.ch
+```
+
+5. Get Info about certificate
+```
+sudo docker run --rm -it --name certbot \
+-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
+-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
+-v ${PWD}/Site:/data/letsencrypt \
+certbot/certbot \
+--staging \
+certificates
+```
+
+6. Stop Nginx docker container `docker-compose down`