Skip to content

Latest commit

 

History

History
87 lines (84 loc) · 3.14 KB

ssl.md

File metadata and controls

87 lines (84 loc) · 3.14 KB

SSL

SSL certificates with Certbot/Lets Encrypt and Nginx

  • Request a Staging Certificate
sudo docker container run -it --rm \
  -v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
  -v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
  -v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
  -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
  certbot/certbot \
  certonly --webroot \
  --register-unsafely-without-email --agree-tos \
  --webroot-path=/data/letsencrypt \
  --staging \
  -d haskellbazaar.com -d www.haskellbazaar.com
  • With a TXT DNS challenge
sudo docker container run -it --rm \
  -v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
  -v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
  -v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
  -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
  certbot/certbot \
  certonly \
  --manual \
  --preferred-challenges dns \
  -d haskellbazaar.com \
  -d www.haskellbazaar.com
  • Request a Production Certificate
sudo docker container run -it --rm \
  -v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
  -v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
  -v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
  -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
  certbot/certbot \
  certonly --webroot \
  --email [email protected] --agree-tos --no-eff-email \
  --webroot-path=/data/letsencrypt \
  -d haskellbazaar.com -d www.haskellbazaar.com
  • Get additional information about your certificates
sudo docker run --rm -it --name certbot \
  -v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
  -v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
  -v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
  certbot/certbot \
  --staging \
  certificates
  • Add the following to your nginx config
server {
    ...
    listen 443 ssl;
    server_name your_domain.com;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ...
}
  • Renew certificate
docker container run --rm -it --name certbot \
  -v "/docker-volumes/etc/letsencrypt:/etc/letsencrypt" \
  -v "/docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt" \
  -v "/docker-volumes/data/letsencrypt:/data/letsencrypt" \
  -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
  certbot/certbot renew \
  --preferred-challenges dns \
  --dry-run
  • Add a Cron job
sudo crontab -e

# Place the following at the end of the file
0 23 * * * docker run --rm -it --name certbot -v "/docker-volumes/etc/letsencrypt:/etc/letsencrypt" -v "/docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/docker-volumes/data/letsencrypt:/data/letsencrypt" -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker kill --signal=HUP haskell-bazaar-nginx