jeanclaude
/
Wiki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Wiki/letsencrypt.md

2.5 KiB
Raw Permalink Blame History

Generate SSL Certificates using Certbot and Docker

Based on this post

Preparation

  1. In pwd create Site with a dummy index.html

  2. Create docker-compose.yml with the following content:

version: '3.1'

services:
    letsencrypt:
        image: nginx:latest
        container_name: letsencrypt
        ports:
            - 80:80
        volumes:
            - ./nginx.conf:/etc/nginx/conf.d/default.conf
            - ./Site:/usr/share/nginx/html
        networks:
            - docker-network

networks:
    docker-network:
        driver: bridge
  1. Create nginx.conf with the following content:
server {
    listen 80;
    listen [::]:80;
    server_name jeanclaudegraf.ch *.jeanclaudegraf.ch;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /usr/share/nginx/html;
    }

    root /usr/share/nginx/html;
    index index.html;
}

Sign Certificate for Domain or Subdomain

  1. Create Subdomain and all necessary records

  2. Start Nginx docker service docker-compose up

  3. Create Test Certificate

sudo docker run -it --rm \
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
-v ${PWD}/Site:/data/letsencrypt \
-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
certbot/certbot \
certonly --webroot \
--register-unsafely-without-email --agree-tos \
--webroot-path=/data/letsencrypt \
--staging \
-d www.jeanclaudegraf.ch

  1. Remove temp files rm -rf /docker-volume/

  2. Create Certificate

sudo docker run -it --rm \
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
-v ${PWD}/Site:/data/letsencrypt \
-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
certbot/certbot \
certonly --webroot \
--email mail@jeanclaudegraf.ch --agree-tos --no-eff-email \
--webroot-path=/data/letsencrypt \
-d www.jeanclaudegraf.ch -d jeanclaudegraf.ch
  1. Get Info about certificate
sudo docker run --rm -it --name certbot \
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
-v ${PWD}/Site:/data/letsencrypt \
certbot/certbot \
--staging \
certificates
  1. Stop Nginx docker container docker-compose down