Example with nginx:
version: '3.8'
services:
certer:
image: certbot/certbot:latest
container_name: certer
working_dir: /srv
networks:
- locality
volumes:
- /srv/certer/:/etc/letsencrypt/:rw
nginx:
image: nginx:latest
container_name: nginx
networks:
- locality
volumes:
# letsencrypt
- /srv/certer/certs/archive:/etc/letsencrypt/archive
- /srv/certer/certs/live:/etc/letsencrypt/live
- /srv/certer/certs/www:/etc/letsencrypt/www
# config
- /srv/nginx/pwd:/etc/nginx/pwd
- /srv/nginx/conf.d:/etc/nginx/conf.d
- /srv/nginx:/srv/nginx:ro
# web
- /srv/web/blank:/srv/web/blank
ports:
- 443:443
- 80:80
command: bash -c "cp -rf /srv/nginx/nginx.conf /etc/nginx/nginx.conf && nginx -g \"daemon off;\" -c /etc/nginx/nginx.conf"
restart: always
networks:
locality:
external: true
Note: If you have no docker network, create it with docker network create locality or use your own.
Then, delegate your domain/subdomain to your web-server, and run this command in console:
docker compose run --rm certer certonly --webroot --webroot-path /etc/letsencrypt/www -d your_domain.dev && chmod -R 0755 /srv/certer/certs
In some situations, you need to reload Nginx config with docker exec nginx service nginx reload.
Set cron-script to refresh certs:
15 3 * * * docker compose run --rm certer renew --quiet && docker exec nginx service nginx reload
Top comments (0)