Letsencrypt + Docker - the best way to handle symlink? [closed]

Instead of running let's encrypt on the host, you should do everything inside Docker. And the best is there is already a solution for that: https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/

This enables the proxy to automatically obtain and renew certificates.

The symlinks within the letsencrypt folder will resolve within a docker container as long as the entire /etc/letsencrypt directory is mounted as the volume. Or rather, as long as both the live and archive directory for the site of interest are mounted. What I mean is, one of the symlinks for a letsencrypt domain cert looks like this:

/etc/letsencrypt/live/example.com/cert.pem --> ../../archive/example.com/cert1.pem

To be able to reference the "live" cert name from within my docker container, I created the following volume mounting the whole letsencrypt etc directory:

-v /etc/letsencrypt:/certs

Since the full /etc/letsencrypt is mounted, the volume gets both live and also archive, so the symlink of ../../archive resolves as long as I'm referencing the absolute path to the file I want. In my server config file:

certfile /certs/live/example.com/cert.pem

This works!

Now the really ugly part of this is that I just made all of my letsencrypt certs available to just this one container. But it works for my use case right now where I only have one domain I'm using letsencrypt for on this server. I have used letsencrypt-nginx-proxy-companion before and I prefer that by far, when I can do it.

Edit: Thought of a way to only share the certs needed for the site. Two volume entries:

• /etc/letsencrypt/live/example.com:/etc/letsencrypt/live/example.com
• /etc/letsencrypt/archive/example.com:/etc/letsencrypt/archive/example.com