{"id":25770848,"url":"https://github.com/borfast/auto-docker-letsencrypt","last_synced_at":"2026-05-15T02:45:50.430Z","repository":{"id":50156229,"uuid":"122679564","full_name":"borfast/auto-docker-letsencrypt","owner":"borfast","description":"A simple container to automate creating and renewing HTTPS certificates using Let's Encrypt certbot","archived":false,"fork":false,"pushed_at":"2023-08-02T08:55:24.000Z","size":133,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2023-08-02T10:11:50.853Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/borfast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-23T22:32:00.000Z","updated_at":"2022-12-09T12:39:03.000Z","dependencies_parsed_at":"2023-01-25T21:30:41.925Z","dependency_job_id":null,"html_url":"https://github.com/borfast/auto-docker-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borfast%2Fauto-docker-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borfast%2Fauto-docker-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borfast%2Fauto-docker-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borfast%2Fauto-docker-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/borfast","download_url":"https://codeload.github.com/borfast/auto-docker-letsencrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240967288,"owners_count":19886215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-27T02:38:37.052Z","updated_at":"2026-05-15T02:45:50.371Z","avatar_url":"https://github.com/borfast.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auto Docker Let's Encrypt\n\nDockerized [certbot](http://certbot.eff.org/) to be run as a sidecar in a \nmulti-container environment.\n\nThe container has certbot to generate a certificate for all the specified\ndomains and runs a cron daemon to automatically renew the certificate.\n\n\n### Assumptions\n\n* This uses Certbot's AWS Route53 DNS for domain ownership verification, which\nmeans you must use Route53 for the domain's DNS configuration. Pull requests to\nsupport other DNS providers or certbot verification mechanisms are welcome.\n\n* A container running this image exists in a cluster of containers, just like \nany other service. For now, this targets Docker Swarm or Compose. Pull requests\nto support other platforms are welcome.\n\n* Nginx is the web server that will use the generated certificate. Pull\nrequests to support other web servers are welcome. \n\n\n### Shared volumes\nWhen running the container, you will need to mount a few volumes:\n* a couple of let's encrypt directories, namely `/etc/letsencrypt` and\n`/var/lib/letsencrypt`.\n* Docker's socket from the host machine (which needs to be the Swarm manager)\nin `/var/run/docker.sock`.\n\nThe Docker socket from the host is necessary because the nginx restart script\nneeds to communicate with the swarm manager, and thus *this container needs to\nrun on a manager node*.\n\n\n### Environment variables\n\nYou also need to pass a few environment variables:\n* **DOMAINS**: the comma-separated list of domains to handle.\n* **NGINX_SERVICE_NAME**: the name of the nginx Docker service. \n* **EMAIL**: the email address to be used for the certificate registration.\n* **CRON_TIME**: a cron-compatible time definition of the time at which you\nwant the cron job to run, like `0 2,14 * * *`.\n* **AWS_ACCESS_KEY_ID**, **AWS_SECRET_ACCESS_KEY**, **AWS_DEFAULT_REGION**: the\nAWS keys and default region.\n\n\n### Notes\n\n*Important*: the job is supposed to run twice a day, as per Let's Encrypt\nrecommendation, so that if they need to revoke a certificate before it's time\nto renew it, we won't be left without a functioning certificate for too long.\n\n*Also important*: We try to add a bit of randomness to the time the renewal\nprocess is run so that not every renewal request runs at the same time,\ncontributing to overload Let's Encrypt's servers. That's what the Python bit at\nthe beginning of the cron command does: it `sleep`s for a random number of\nminutes before actually running the renewal command. \n\n\n### How to use\n\nIf you're adding this to Docker Swarm or Compose, the service definition would\nlook something like this:\n```\nauto-docker-letsencrypt:\n  image: auto-docker-letsencrypt\n  volumes:\n    - /etc/letsencrypt:/etc/letsencrypt\n    - /var/lib/letsencrypt:/var/lib/letsencrypt\n    - /var/run/docker.sock:/var/run/docker.sock\n  environment:\n    - DOMAINS=sub1.domain1.com,sub2.domain1.com,domain2.org,sub.domain3.net\n    - NGINX_SERVICE_NAME=my_nginx_service\n    - EMAIL=your@email\n    - CRON_TIME=0 2,14 * * *\n    - AWS_ACCESS_KEY_ID=XXX\n    - AWS_SECRET_ACCESS_KEY=YYY\n    - AWS_DEFAULT_REGION=ZZZ\n  deploy:\n    restart_policy:\n      condition: on-failure\n    placement:\n      constraints:\n        - node.role == manager\n      \n```\n\nIf you are running the container independently, the whole command would look \nsomething like this:\n```\ndocker run -it --rm --name certbot \\\n-v \"/etc/letsencrypt:/etc/letsencrypt\" \\\n-v \"/var/lib/letsencrypt:/var/lib/letsencrypt\" \\\n-v \"/var/run/docker.sock:/var/run/docker.sock\" \\\n-e \"DOMAINS=sub1.domain1.com,sub2.domain1.com,domain2.org,sub.domain3.net\" \\\n-e \"NGINX_SERVICE_NAME=my_nginx_service\" \\\n-e \"EMAIL=your@email\" \\\n-e \"CRON_TIME=0 2,14 * * *\" \\\n-e \"AWS_ACCESS_KEY_ID=\u003cXXX\u003e\" \\\n-e \"AWS_SECRET_ACCESS_KEY=\u003cYYY\u003e\" \\\n-e \"AWS_DEFAULT_REGION=\u003cZZZ\u003e\"\nauto-docker-letsencrypt \\\n/usr/local/bin/pipenv run certbot certonly --dns-route53 --agree-tos -n \\\n--agree-tos --email your@email \\\n--domains sub1.domain1.com,sub2.domain1.com,domain2.org,sub.domain3.net \\\n--post-hook '/usr/bin/python3 /auto-docker-letsencrypt/restart-nginx.py nginx'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborfast%2Fauto-docker-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fborfast%2Fauto-docker-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborfast%2Fauto-docker-letsencrypt/lists"}