Let's Encrypt + Nginx + Docker, how to update keys?

A

alex stephen2017-10-05 17:15:04

Nginx

alex stephen, 2017-10-05 17:15:04

In general, I created a Docker-compose application, threw SSH keys generated through let's encrypt there, after which 90 days flew by very quickly and the key expired.

The question is how to make the automatic key update inside the container once every n-days? Google issues a solution for the nginx-proxy container, but I have a regular nginx, and rewriting now is at least inconvenient.

What tell me?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

C

chupasaurus, 2017-10-05
@berezuev

In the compose file:

services:
  ...
  certbot:
    image: certbot/certbot
    volumes:
      /etc/letsencrypt_docker:/etc/letsencrypt
    command: ["renew"]

Create certificates through

docker-compose run certbot certonly --web-root=/etc/letsencrypt/challenges -d domain

.
In nginx configs:

server {
  server_name some.domain;
  ...
  location /.well-known/acme-challenge {
    root /etc/letsencrypt_docker/challenges;
  }
}

In crowns

docker-compose -f /path/to/docker-compose.yml up certbot

K

ky0, 2017-10-05
@ky0

Put " certbot-auto renew ; service nginx reload" in the crontab, set it to run once a month.
Of course, you need to properly configure the /.well-known/acme-challenge url in nginx.

S

silverjoe, 2017-10-05
@silverjoe

And what is the problem with generating certificates on the host and forwarding the folder to docker with nginx?