I'm relatively sure the answer to this is simply "you can't do that". But I figured I'd ask before giving up
Short question. Is there any way to get certificates for use in a docker compose stack and only within that stack without having DNS A names for the domain in question?
Longer question.
I'm setting up E2E automation testing for my new project. This is using docker compose to run, amongst other things, an nginx container with the static frontend and a series of selenium containers for the actual tests.
However, because I'm using Auth0 I then fall foul of the Secure Origin rules. My nginx container needs to either be called localhost - which isn't possible - or needs to be accessed over HTTPS.
So, I've been trying to get HTTPS working for the nginx container. And certbot is refusing to work if the domain name that the server is hosting isn't one that is valid and is owned by my email address. And since "e2e-webapp" isn't a real domain, that's a bit of a problem.
Currently my best thought is to set up a real subdomain that I own with a dummy IP address, but that feels a bit rubbish. And I'm not sure if that would just hit a next problem either!
You could set up your own private ACME server for testing purposes. Take a look at Pebble, which is a miniature version of Boulder (the ACME software used by Let's Encrypt) for testing purposes.
Also, if it's not specifically certbot/ACME you want to test, you could also set up a private CA without Pebble. There are numerous software packages capable of doing such a thing if you don't want to mess with OpenSSL manually. The EasyCert project seems simple enough. Or the Smallstep Certificates or Certstrap project. (Note: I don't have experience with any of them..)
I was starting to think about the route of a private CA and getting certificates registered with the Selenium hosts. I'm just not (yet) sure how to do that in a 100% automated, ephemeral situation - though I'm sure it is possible!
So - it turns out this was simpler than expected after all, and that LetsEncrypt - whilst a fantastic solution - was overkill for my needs!
As it happens, apparently WebdriverIO somehow just ignores the fact that I'm using self-signed certificates that the browser doesn't trust. So, I've made my nginx container generate a self-signed certificate on startup and now it all works
