Automated renewal SSL on Google, Container-Optimized OS


I am trying to setup an automated renewal SSL on Google Cloud Platform using Google, Container-Optimized OS.

I am struggling to find a guide where someone has done something similar using php apache.

My Dockerfile image is using:

FROM php:7.2-apache
COPY / /var/www/html/
1 Like

Hi @tommyhutcheson,

Welcome to the community forum!

There are several ways to do this.

  1. Add some RUN commands to install certbot and any plugins you made need and issue the certificate directly inside the container. WARNING When this container dies, the public and private key data will be destroyed.
  2. Same as option 1, except with a volume mounted from the host. I’m not sure if that is possible in GCP
  3. Use a certbot container as a sidecar. To do that, you’ll want to utilize volumes for this task. The goal is to have the certbot container and php/apache container mount a shared volume which contains a certificate. Ideally this would map to the location in the apache config that defines where a vhost can find said certificate.
1 Like

Hi @Phil
Thanks for the information, that put me down the right path, I have added the certbot python-certbot-apache to my RUN section within my Dockerfile

RUN apt-get -y update && apt-get install -y \
    software-properties-common \
        vim \
    certbot python-certbot-apache

This now requires me to remote onto the docker image and run certbot --apache which then with a few steps applies my SSH, however I would love to be able to script the process / steps for running of the certbot --apache part, having a trouble with that tho:
so far I am trying to run the following but this isnt working and I am not sure how I would go about parametrising the setting that asks about automatic renewal which is option 2

certbot --apache -d -d --email --agree-tos

To help with automation, you can use the following flag. You’re most likely going to need to install cron.

  -n, --non-interactive, --noninteractive
                        Run without ever asking for user input. This may
                        require additional command line flags; the client will
                        try to explain which ones are required if it finds one
                        missing (default: False)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.