Launching new servers with SSL certificates

Short description

docker compose certbot configurations with Backward compatibility (without certbot container).
Use docker compose --profile certbot up to use this features.

The simplest way for launching new servers with SSL certificates

1. Get letsencrypt certs
   set .env values

   NGINX_SSL_CERT_FILENAME=fullchain.pem
   NGINX_SSL_CERT_KEY_FILENAME=privkey.pem
   NGINX_ENABLE_CERTBOT_CHALLENGE=true
   CERTBOT_DOMAIN=your_domain.com
   CERTBOT_EMAIL=example@your_domain.com

   execute command:

   docker network prune
   docker compose --profile certbot up --force-recreate -d

   then after the containers launched:

   docker compose exec -it certbot /bin/sh /update-cert.sh

2. Edit .env file and docker compose --profile certbot up again.
   set .env value additionally

   NGINX_HTTPS_ENABLED=true

   execute command:

   docker compose --profile certbot up -d --no-deps --force-recreate nginx

   Then you can access your serve with HTTPS.
   https://your_domain.com

SSL certificates renewal

For SSL certificates renewal, execute commands below:

docker compose exec -it certbot /bin/sh /update-cert.sh
docker compose exec nginx nginx -s reload

Options for certbot

CERTBOT_OPTIONS key might be helpful for testing. i.e.,

CERTBOT_OPTIONS=--dry-run

To apply changes to CERTBOT_OPTIONS, regenerate the certbot container before updating the certificates.

docker compose --profile certbot up -d --no-deps --force-recreate certbot
docker compose exec -it certbot /bin/sh /update-cert.sh

Then, reload the nginx container if necessary.

docker compose exec nginx nginx -s reload

For legacy servers

To use cert files dir nginx/ssl as before, simply launch containers WITHOUT --profile certbot option.

docker compose up -d