I recently re-installed LetsEncrypt on my Ubuntu 18.04 server. Its working great, with Apache, my TICK stack and various other applications.
However I also run Home Assistant in a Docker container. It also uses SSL certificates and puts them in the /home/user/docker/hassio/ssl folder.
I cannot get Home Assistant to use the /etc/letsencrypt/live/{domain_name.com} folder to find fullchain.pem and privkey.pem.
So instead I copied these files from archive, applied chmod 777 to them and put them in the SSL folder…manually.
Someone suggested a CRON job to do this once per day but I cant;'t help thinking there must be an easier way…a symlink that keeps live for example? Aren’t the four keys in the /etc/letsencrypt/live/{domain-name.com} folder just symlinks to the actual files which get updated in the archive folder?
You can run docker with the -v command to mount an external directory into your docker container.
docker run -v /etc/letsencrypt/live/{domain_name.com}:/home/user/docker/hassio/ssl:ro -d [other options] IMAGE_ID
That way, there is no need to copy your SSL certificates into the docker container
Can you clarify, does that copy the contents of /etc/letsencrypt/live/{domain-name.com} into the SSL folder, or does it somehow link the two folders ?
What does the :ro do , I am guessing Read Only?
It is mounting (read only) your external (to the docker container) certificate store to the internal path the container uses to find your certificates.
Nothing is copied. This way docker can read your certificates from their original location on your host.
If the interesting trick posted by @ferdiS don’t work for you (I am a bit baffled on how is working mounting a directory containing only symbolic links to files in a directory that is not mounted itself, but I don’t know anything about docker), you can copy a certificate in a deploy post hook.
IMAGE_ID , is this the docker container ID?
0bcbb36d3ca6 homeassistant/qemux86-64-homeassistant "/bin/entry.sh pytho…" 3 days ago Up 10 hours homeassistant
0763e1861c49 homeassistant/amd64-hassio-supervisor "/bin/entry.sh pytho…" 4 days ago Up 10 hours hassio_supervisor
and is it for hassio supervisor or homeassistant in my docker containers above?
i ran using 0bcbb36d3ca6 and got
Unable to find image '0bcbb36d3ca6:latest' locally
The IMAGE_ID refers to the underlying filesystem template for the docker container.
I was just reading the documentation of docker and found that there also is a --mount option, with another syntax that is preferred over the -v or --volume command.
More info about these commands in the docker documentation:
[https://docs.docker.com/engine/reference/commandline/run/]
and
https://docs.docker.com/engine/reference/commandline/service_create/#add-bind-mounts-or-volumes
That was a useful link. I manged to get portainer working with SSL from LetsEncrypt using:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /root/portainer/data:/data -v /etc/letsencrypt/live/<redacted>:/certs/live/<redacted>:ro -v /etc/letsencrypt/archive/<redacted>:/certs/archive/<redacted>:ro --name portainer portainer/portainer --ssl --sslcert /certs/live/<redacted>/cert.pem --sslkey /certs/live/<redacted>/privkey.pem
That worked perfectly and lets me run portainer from anywhere using HTTPS and a correctly shown padlock in chrome.
Note that mapping the archive folder did the trick.
Now I only need to identify which container is home assistant (not easy) and then find out how to restart it with a similar command line, also not easy as it was all installled with a script.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.