Public | Automated Build

Last pushed: 2 years ago
Short Description
Generates Let's Encrypt SSL certificates using certbot.
Full Description


certbot-generator reads a list of domains and requests SSL certificates from on their behalf using the webroot plugin. It takes an
additional step of combining the the full chain and key into a single
certificate file.

The image itself is designed to be run as a command that terminates and not a
long running process.

Important! You need to run it in tandem with a web server that will give access to validate the domain. This is explained a bit more


$ docker run -e \
             -v challenges:/var/local/certbot/challenges \
             -v domain_list.txt:/var/local/certbot/in/domains \
             -v certs:/var/local/certbot/out \

If successful certificates for each domain listed will be available in the
output volume.

Environment Variables

Variable Description
CERT_EMAIL The email address used for certificate authentication.


Volume Internal Path Description
Challenges /var/local/certbot/challenges This is where certbot will write the challenges to validate w/ letsencrypt.
Input /var/local/certbot/in Where to mount the input list file. (Should be mounted as a file named domains with no extension.
Output /var/local/certbot/out Where the combined certificates will be written after concatenation.
Let's Encrypt /etc/letsencrypt In production you should mount this to a persistent volume so certificates can be reused and renewed correctly.

Input List File

A simple file with one domain per line you would like a cert for. Should be mounted
to the Input volume with the filename domains. (There is no extension).

Sample file contents:

Validation Server

Let's Encrypt has to be able to validate you have access to the domain before
it will give you a certificate. To do this, they'll send a web request to the
domain as explained here:

For the whole process to work you should run a simple webserver that serves
the mounted challenges volume. For example, here's a docker-compose snippet for
an nginx server:

    image: nginx:stable
      - challenges:/usr/share/nginx/html

challenges in the above example would be the same Challenges volume
mentioned under Volumes.

Testing things locally

This process is difficult to test locally since Let's Encrypt needs to
successfully send requests to your domain. Here's how we do it with the awesome
program ngrok.

  1. First start your certbot-server.
  2. Start up ngrok and point it at your certbot-server.
$ ngrok http

This example assumes you are using docker-machine and have a separate IP.

  1. Generate certs!
$ docker run -e \
             -v challenges:/var/local/certbot/challenges \
             -v domain_list.txt:/var/local/certbot/in/domains \
             -v certs:/var/local/certbot/out \

As mentioned above, in production you should also mount the lets encrypt directory
to a persistent volume so certs can be renewed / reused correctly.

Docker Pull Command
Source Repository