Initially you have to init the certbot and get the certificate manually.<\/p>\n\n\n\n
# Directories used:\n\/var\/www \n\/var\/www\/certbot # handshake sites from certbot\n\/etc\/letsencrypt # certificates are stored here<\/code><\/pre>\n\n\n\n# Initialize Certbot:\ndocker run --rm -ti \\\n -v \/var\/www:\/var\/www \\\n -v \/etc\/letsencrypt:\/etc\/letsencrypt \\\ncertbot\/certbot certonly --webroot -w \/var\/www\/certbot -d <yor-domain-name> --email your.email@something.com <\/code><\/pre>\n\n\n\nThe letsencrypt and the www directory must be mounted on both containers. Certbot will check the certificates every 12h and nginx must reload the configuration periodically.<\/p>\n\n\n\n
nginx:\n image: nginx:1.17.8\n ports:\n - 80:80\n - 443:443\n volumes:\n - \/var\/www:\/var\/www\n - \/etc\/nginx.conf:\/etc\/nginx\/nginx.conf\n - \/etc\/letsencrypt:\/etc\/letsencrypt\n command: \"\/bin\/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \\\"daemon off;\\\"'\"\n\n certbot:\n image: certbot\/certbot\n restart: unless-stopped\n volumes:\n - \/var\/www:\/var\/www\n - \/etc\/letsencrypt:\/etc\/letsencrypt\n entrypoint: \"\/bin\/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w \/var\/www\/certbot; sleep 12h & wait $${1}; done;'\"<\/code><\/pre>\n\n\n\nNginx must be configured to publish the certbots well-known sites for the handshake and your sites must be configured to use the certificates from letsencrypt.<\/p>\n\n\n\n
server {\n listen 80;\n server_name <your-domain-name>;\n server_tokens off;\n location \/.well-known\/acme-challenge\/ {\n root \/var\/www\/certbot;\n }\n\n location \/ {\n return 301 https:\/\/$host$request_uri;\n }\n }\n\n server {\n listen 443 ssl;\n server_name vcm.winccoa.at;\n\n ssl_certificate \/etc\/letsencrypt\/live\/<your-domain-name>\/fullchain.pem;\n ssl_certificate_key \/etc\/letsencrypt\/live\/<your-domain-name>\/privkey.pem;\n\n root \/var\/www;\n index index.html;\n\n location \/ {\n try_files $uri $uri\/ =404;\n }<\/code><\/pre>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Initially you have to init the certbot and get the certificate manually. The letsencrypt and the www directory must be mounted on both containers. Certbot will check the certificates every 12h and nginx must reload the configuration periodically. Nginx must be configured to publish the certbots well-known sites for the handshake and your sites must … Continue reading Nginx & Certbot (Letsencrypt) via Docker…<\/span>