https://github.com/mujz/lets-encrypt-docker

Free SSL cert with one command from Let's Encrypt
https://github.com/mujz/lets-encrypt-docker

cert certbot certificate docker letsencrypt ssl

Last synced: 3 months ago
JSON representation

Free SSL cert with one command from Let's Encrypt

• Host: GitHub
• URL: https://github.com/mujz/lets-encrypt-docker
• Owner: mujz
• Created: 2017-01-13T04:25:00.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2018-11-15T09:53:18.000Z (over 6 years ago)
• Last Synced: 2025-01-15T11:17:25.144Z (5 months ago)
• Topics: cert, certbot, certificate, docker, letsencrypt, ssl
• Language: Dockerfile
• Size: 4.88 KB
• Stars: 2
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Let's Encrypt Certbot

Get a signed SSL certificate from [Let's Encrypt](https://letsencrypt.org) with one command.

# Usage

## Issuing a new certificate:

```shell

docker run -it --rm \

	-p 80:80 -p 443:443 \

	-e DOMAINS="example.com www.example.com" \

	-v $(pwd)/out:/etc/letsencrypt \

	mujz/lets-encrypt-docker

```

You'll be asked to enter your email address and agree to the terms of service next. The cert files will then be generated for you inside the `out` directory. Make sure you set your own domains instead of the "example" ones. 

## Renewing an existing certificate:

```shell

docker run --rm -v $(pwd)/out:/etc/letsencrypt mujz/lets-encrypt-docker certbot renew

```

This will renew your certificate for you if it is due for renewal.

You can also set up a cron job so you don't have to do it manually every 3 months. To do this in Ubuntu, for example, you can run `crontab -e` and paste:

```

30 2 * * 1 /usr/bin/docker run --rm -v :/etc/letsencrypt mujz/lets-encrypt-docker certbot renew >> /var/log/le_renew.log

35 2 * * 1 /usr/bin/docker restart 

```

This will run the renew job every week on Monday at 2:30 in the morning.

# How it works

Let's start by disecting the command above:

- `docker run --rm -it` runs an interactive docker container that will be deleted once it is stopped.

- `-p 80:80 -p 443:443` maps the host ports 80 and 443 to those of the container.

- `-e DOMAINS="example.com www.example.com"` sets the container's environment variable `DOMAINS` to the domains you want to get the cert for. The certbot looks at this variable to generate the certs.

- `-v $(pwd)/out:/etc/letsencrypt/live` mounts the local directory "out" onto the container's "/etc/letsencrypt/live", which is where the cert files will be generated.

- `mujz/lets-encrypt-docker` tells docker to run this image.

The image is built by installing certbot on `debian:jessie`. When the run command is executed, we first check if the `DOMAINS` env variable was set and then run `certbot certonly --standalone`, which starts a local server on the ports 80 and 443 and generates the certificate.