Deploy a Let's encrypt container, and provide a snippet to use that from nginx.
We don't need a nginx server for this purpose, as we can share a folder between the host and the container.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | dereckson | T822 SSL certificates: migrate from Startcom to Let's encrypt | |||
| Resolved | dereckson | T654 Apply Let's encrypt SSL certificates for *.nasqueron.org | |||
| Resolved | dereckson | T659 Install letsencrypt on Dwellers |
Event Timeline
Comment Actions
Container
The Let's encrypt container is usable as is.
docker pull quay.io/letsencrypt/letsencrypt:latest
Helper script
/usr/local/bin/letsencrypt
#!/bin/sh docker run -it --rm \ -v /data/letsencrypt/etc:/etc/letsencrypt \ -v /data/letsencrypt/var:/var/lib/letsencrypt \ -v /data/letsencrypt/www:/www \ quay.io/letsencrypt/letsencrypt:latest $*
Setup
$ mkdir /data/letsencrypt $ cd /data/letsencrypt $ mkdir etc var www $ letsencrypt auth
How to use it from nginx?
We can use the same snippet we use in Ysul with T560, but with /data/letsencrypt/www as folder.
/etc/nginx/letsencrypt
# -------------------------------------------------------------
# Configuration for Let's encrypt nginx
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Author: Sébastien Santoro aka Dereckso
# Created: 2016-01-05
# Description: Get SSL certificates from Let's encrypt
# -------------------------------------------------------------
location /.well-known/acme-challenge {
default_type text/plain;
root /data/letsencrypt/www;
}A sample of vhost is given in T224.
How to create a new certificate?
- Add ìnclude letsencrypt; in the nginx vhost for this domain.
- letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=/www -d sub.domain.tld