Sign inSign up

ceroic/certbot-generator

By ceroic

Updated over 9 years ago

Generates Let's Encrypt SSL certificates using certbot.

Image
2

427

OverviewTags

ceroic/certbot-generator repository overview

certbot-generator

certbot-generator reads a list of domains and requests SSL certificates from letsencrypt.org on their behalf using the webroot plugin. It takes an additional step of combining the the full chain and key into a single certificate file.

The image itself is designed to be run as a command that terminates and not a long running process.

Important! You need to run it in tandem with a web server that will give letsencrypt.org access to validate the domain. This is explained a bit more below.

Usage

$ docker run -e [email protected] \
             -v challenges:/var/local/certbot/challenges \
             -v domain_list.txt:/var/local/certbot/in/domains \
             -v certs:/var/local/certbot/out \
             ceroic/certbot-generator

If successful certificates for each domain listed will be available in the output volume.

Environment Variables
VariableDescription
CERT_EMAILThe email address used for certificate authentication.
Volumes
VolumeInternal PathDescription
Challenges/var/local/certbot/challengesThis is where certbot will write the challenges to validate w/ letsencrypt.
Input/var/local/certbot/inWhere to mount the input list file. (Should be mounted as a file named domains with no extension.
Output/var/local/certbot/outWhere the combined certificates will be written after concatenation.
Let's Encrypt/etc/letsencryptIn production you should mount this to a persistent volume so certificates can be reused and renewed correctly.
Input List File

A simple file with one domain per line you would like a cert for. Should be mounted to the Input volume with the filename domains. (There is no extension).

Sample file contents:

mydomain1.com
mydomain2.com
yourdomain3.net
Validation Server

Let's Encrypt has to be able to validate you have access to the domain before it will give you a certificate. To do this, they'll send a web request to the domain as explained here:

https://certbot.eff.org/docs/using.html#webroot

For the whole process to work you should run a simple webserver that serves the mounted challenges volume. For example, here's a docker-compose snippet for an nginx server:

certbot-server:
    image: nginx:stable
    volumes:
      - challenges:/usr/share/nginx/html

challenges in the above example would be the same Challenges volume mentioned under Volumes.

Testing things locally

This process is difficult to test locally since Let's Encrypt needs to successfully send requests to your domain. Here's how we do it with the awesome program ngrok.

  1. First start your certbot-server.
  2. Start up ngrok and point it at your certbot-server.
$ ngrok http 192.168.99.100:80

This example assumes you are using docker-machine and have a separate IP.

  1. Generate certs!
$ docker run -e [email protected] \
             -v challenges:/var/local/certbot/challenges \
             -v domain_list.txt:/var/local/certbot/in/domains \
             -v certs:/var/local/certbot/out \
             ceroic/certbot-generator

As mentioned above, in production you should also mount the lets encrypt directory to a persistent volume so certs can be renewed / reused correctly.

Tag summary

Content type

Image

Digest

Size

101.2 MB

Last updated

over 9 years ago

Run in Docker Desktop

Requires Docker Desktop 4.37.1 or later.