Automate TLS/SSL
by Certbot
with auto renewal via Nginx
on Ubuntu 16.04
(xenial)
- Proof of concept (NOT SUCCEED YET, DON'T USE!!!)
- Your registered domain name for
DOMAIN
. - Domain name server pointed to your hosting.
- Domain name record already setup at hosting.
- Working email for
CERTBOT_EMAIL
.
- Compose
nginx
with volumes.- /etc/nginx/conf.d:/etc/nginx/conf.d - /etc/ssl/dhparams.pem:/etc/ssl/dhparams.pem - /var/www:/var/www
- Prepare
nginx
default/usr/share/nginx/html
page for--webroot
. - Compose
certbot
with volumes.- /etc/letsencrypt:/etc/letsencrypt - /var/lib/letsencrypt:/var/lib/letsencrypt - /var/log/letsencrypt:/var/log/letsencrypt
- Run
certbot
with--webroot
challenge withDOMAIN
,CERTBOT_EMAIL
environment variables. - Create
dhparams.pem
withdhparams.sh
if not volume. - Enable
SSL
by applyhttps.conf
withDOMAIN
environment variables. - Disable
http.conf
config. - Validate and restart
nginx
. - Copy renewal script
./etc/cron.daily/renew.sh
to daily cron job. - Make
/etc/cron.daily/renew.sh
executable.
- Log to
/var/log/letsencrypt/daily.log
- Do renewal if need.
# Config you domain and email.
cp .env.example .env
nano .env
# Compose to remote by docker-machine. (or something else)