certbot

Containerized certbot with helpers for LetsEncrypt cert management

For use on Linux platforms running apps that want https support. Clone repo onto machine and run the provision script from inside this repo root directory. LetsEncrypt may prompt you to enter an email address and answer some yes/no questions:

./provision-new-certs.sh $DOMAIN_NAME $SERVICE_NAME $SERVICE_PORT

If successful, new certs will be written to disk at:

ls -al ./generated/live/${DOMAIN_NAME}/

And new nginx config will be generated with default http and https settings:

cat ./generated/nginx.conf

Enable https connections via nginx

Include a nginx proxy service with the generated certs in the docker-compose.yaml for app that wants https support:

services:
  # ... other services

  nginx:
    image: nginx:latest
    platform: linux/amd64
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "~/certbot/generated/nginx.conf:/etc/nginx/nginx.conf:ro"
      - "~/certbot/generated/:/etc/nginx/ssl/:ro"
    restart: unless-stopped

  # ... other services

Automatic certificate renewal

Run script to setup cert autorenewal via crontab:

./autorenew-certs.sh $APP_DIR

Manual certificate renewal

Run renew script and restart app services:

./renew-certs.sh
pushd $APP_DIR && docker compose restart