Using Certbot Docker Image

This tutorial will show you how to use the Certbot Docker image to generate Lets Encrypt SSL certificates. This does so by serving up a TXT record that LetsEncrypt will check for. Thus it requires that this action be taken on the server that the domain points to.

Prerequisites

This tutorial assumes you have installed Docker.

Steps

Run the command below on your server (after changing the DOMAIN variable)

LETSENCRYPT_VOLUME_DIR=$HOME/letsencrypt
DOMAIN="www.mydomain.com"

sudo docker run \
  --interactive \
  --tty \
  --rm \
  --name certbot \
  -p 80:80 \
  -p 443:443 \
  -v "$LETSENCRYPT_VOLUME_DIR:/etc/letsencrypt" \
  certbot/certbot \
  certonly -d $DOMAIN --standalone

After you have completed this once, you can automatically renew by running the following:

LETSENCRYPT_VOLUME_DIR=$HOME/letsencrypt
DOMAIN="www.mydomain.com"
EMAIL="support@mydomain.com"

sudo docker run \
  --interactive \
  --tty \
  --rm \
  --name certbot \
  -p 80:80 \
  -p 443:443 \
  -v "$LETSENCRYPT_VOLUME_DIR:/etc/letsencrypt" \
  certbot/certbot \
  certonly --standalone -d $DOMAIN --quiet

This appears to only work with one domain at a time. Using multiple -d $DOMAIN with different domains won't work.

The certificates will be in $LETSENCRYPT_VOLUME_DIR/archive with a symlink to the latest ones in $LETSENCRYPT_VOLUME_DIR/live, so we can copy them to where we want by using:

sudo cp \
  --recursive \
  --dereference \
  $LETSENCRYPT_VOLUME_DIR/live \
  /path/to/output/dir

sudo chown --recursive $USER:$USER  /path/to/output/dir

References

• Certbot.eff.org Docs - Running With Docker