Create a Docker Apache image with LetsEncrypt
You should remove certbot from your apache image and run letsencrypt in a separate container like blacklabelops/letsencrypt.
- Create dummy certificate with certbots testmode during image build
- Start apache on target system
- Start blacklabelops/letsencrypt in webroot mode, no port is used and challenges are exchanged by an apache webcontext.
- Create the real certificate and keep the container running for monthly updates
The letsencrypt container must be started in Webroot Mode:
$ docker run -d \ -v letsencrypt_certificates:/etc/letsencrypt \ -v letsencrypt_challenges:/var/www/letsencrypt \ -e "LETSENCRYPT_WEBROOT_MODE=true" \ -e "LETSENCRYPT_EMAIL=dummy@example.com" \ -e "LETSENCRYPT_DOMAIN1=example.com" \ --name letsencrypt \ blacklabelops/letsencrypt
Note: Here certs will be written to docker volume
letsencrypt_certificates
the webchallenges will be written toletsencrypt_challenges
Your apache must mount that volume and publish challenges under the webroot: /.well-known/acme-challenge/
.
Example, files under letsencrypt_challenges must be reachable under:
http(s)://yourdomain.com/.well-known/acme-challenge/