- create a new 'ssl' folder and cd into it
- create a dockerfile based on
certbot/certbotif needed - craft a command to get a certificate
--standalone - ask me to setup a dns entry so your machine is publicly available.
- get a certificate
- package https demo app in
package.md, and run it so It's accessible on port 443
Below are some examples from my projects
FROM certbot/certbot:v0.23.0
RUN apk add --update curl bash docker
RUN pip install certbot-dns-cloudflare
RUN pip install certbot-dns-google
ADD scripts /scripts
WORKDIR /scripts
ENTRYPOINT []#! /bin/sh
set -eu
certbot certonly \
--work-dir=/letsencrypt/lib \
--logs-dir=/letsencrypt/logs \
--config-dir=/letsencrypt/etc \
--non-interactive \
--keep-until-expiring \
--dns-cloudflare \
--dns-cloudflare-credentials=/run/secrets/credentials.ini \
[email protected] \
--no-eff-email \
--agree-tos \
--cert-name=decihub \
-d app.decihub.com,api.decihub.com,auth.decihub.com,www.decihub.com#! /bin/bash
set -eu
docker service create \
--replicas 1 \
--with-registry-auth \
--name certbot \
--constraint 'node.labels.web == true' \
--restart-condition none \
--mount type=bind,source=/letsencrypt,destination=/letsencrypt \
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
--secret source=dns_key,target=credentials.ini \
$IMAGE /scripts/update-swarm-certs.sh