Certgrinder is a client/server system for getting LetsEncrypt certificates for your infrastructure. ACME challenges are handled by the Certgrinder server, making it possible to get certificates in highly isolated environments, since only an SSH connection to the Certgrinder server is needed.

Stars: ✭ 24 (-63.08%)

Mutual labels: letsencrypt, certbot

acme

Go client library implementation for ACME v2 (RFC8555)

Stars: ✭ 77 (+18.46%)

Mutual labels: letsencrypt, certbot

View All Similar Projects ➔

DEPRECATED

I'm not updating this repo anymore

Docker - Apache with Let's Encrypt

This is a debian-based image which runs an apache and get's it SSL-certificates automatically from Let's Encrypt.

Instructions

Prepare your apache-config

There are some things you have to care about in your apache-config if you want to use it with certbot:

for every domain given in DOMAINS there must be a apache-vhost which uses this domain as ServerName or ServerAlias. Else certbot won't get a certificate for this domain.
this image contains a simple apache webserver. Therefore you can configure your vhosts like you ever did.

Run it

For an easy test-startup you just have to:

$ docker run -d --name apache-ssl birgerk/apache-letsencrypt

Now you have locally an apache running, which gets it SSL-certificates from Let's Encrypt.

The image will get letsencrypt-certificates on first boot. A cron-job renews the existing certificates automatically, so you don't have to care about it.

If you want to expand your certificate and you can remove the existing docker-container and start new one with the updated DOMAINS-list. If you don't want to recreate the container you can execute the following commands:

$ UPDATED_DOMAINS="example.org,more.example.org"
$ docker exec -it apache-ssl /run_letsencrypt.sh --domains $UPDATED_DOMAINS

Configuring docker-container

It's possible to configure the docker-container by setting the following environment-variables at container-startup:

DOMAINS, configures which for which domains a SSL-certificate shall be requested from Let's Encrypt, default is "". Must be given as comma-seperated list, f.e.: "example.com,my-internet.org,more.example.com".
WEBMASTER_MAIL, Let's Encrypt needs a mail-address from the webmaster of the requested domain. You have to set it, otherwise Let's Encrypt won't give the certificates. Default is "". Must be given as simple mail-address, f.e.: "[email protected]".
STAGING, if set with a not-null string use Let's Encrypt Staging environment to avoid rate limits during development.

Location of letsencrypt-certs

After letsencrypt did authenticate your domains and you got your certificates, you'll find your certificates under /etc/letsencrypt/live/<example.com>/.

So your https-virtualhost should like:

<VirtualHost *:443>
    ServerName example.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/html

    SSLCertificateFile /etc/letsencrypt/live/${VIRTUAL_HOST}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${VIRTUAL_HOST}/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

BirgerK / docker-apache-letsencrypt

Programming Languages

Labels