Let's Encrypt with Docker

Since I started to move my dev servers into Docker containers, I found a new way to fetch SSL certificates for my domains. Let’s Encrypt will issue free certs with the Certbot app. (https://certbot.eff.org/lets-encrypt/ubuntutzesty-other)

Install Certbot for Ubuntu

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Since I run my own Go servers, I wanted to find a lightweight apache Docker image to work with the Certbot app. On my Docker machine, I place all custom code in /opt and created an html directory where I can run the lzrbear/docker-apache2-ubuntu Docker image. This image will host a website where Let’s Encrypt can verify your ownership of the your domain. In example below, I am using my maalbox.com domain.

Create directories and download docker image

mkdir -p /opt/apache/html
cd /opt/apache
docker pull lzrbear/docker-apache2-ubuntu

run-apache.sh

#!/bin/bash
docker run -dit --name ub-apache-app -p 80:80 -v "$PWD"/html:/var/www/html lzrbear/docker-apache2-ubuntu

get-cert.sh

#!/bin/bash
certbot certonly --webroot -w /opt/apache/html -d maalbox.com

After you run Certbot, the new certs will be written to the Let’s Encrypt archive directory.

/etc/letsencrypt/archive/DOMAIN.COM/

Docker cleanup

Here’s a few Docker commands to clean up after you fetch the certs.

docker ps
docker container ls -a
docker stop CONTAINER_ID
docker container kill CONTAINER_ID