Let’s Encrypt is a free, open, and automated certificate authority (CA). And its Certbot is a fully-featured, extensible client for Let’s Encrypt CA that can automate the tasks of getting, renewing and even installing SSL certificates.
First, you need to get Certbot. There are a few ways to install Certbot. But with Docker, you don’t need to install, you just need to download the Docker image and run the container. However, the caveat is that this method does not install the certificate automatically respecting to your web server. But if you’re like me, running your server in another Docker container, this might be the way to go.
First, download the image. You can download the
latest version (tag):
But the latest usually is not a stable release:
Therefore, it’s better to use a specific release, which can be found in Certbot’s GitHub page: https://github.com/certbot/certbot/releases.
The latest one now is
v0.9.1. We can pull that from Quay.io:
Confirm the release version:
Let’s take a look at the Docker image:
Dropping things don’t care, the output is:
ENTRYPOINTallows you to configure a container that will run as an executable.[^1]
And the command line arguments to
docker run becomes the arguments to
certbot command. As we saw earlier to obtain the release version by using
You can override the
ENTRYPOINTinstruction using the
docker run --entrypointflag.[^1]
For example, to override and run the container without executing the
But we are more concerning about others, such as exposed port and mapped volumes. The exposed port is 443, HTTPS port. The most important volume (directory) is
/etc/letsencrypt. All generated keys and issued certificates can be found in there. Directory
/var/lib/letsencrypt is the default working directory, some backup stuff are stored. I have yet to find it useful. However, the logs directory
/var/log/letsencrypt is not being used. This could be useful if things went haywire.
Based on the documenation Where are my certificates?, both
privkey.pem should be used, which are located at the directory
Now start or restart your Docker app:
Viola! Next: Renewing Let’s Encrypt SSL Certificate with Docker.
- Certbot v0.9.1
- Docker v1.12.1
[^1]: ENTRYPOINT, Dockerfile reference