How to enable or connect SSL from host to Docker Mautic container

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mautic.sivangarr.com

I basically ran these command:

sudo a2ensite mydomain.conf
sudo a2dissite 000-default.conf
sudo systemctl restart apache2
sudo ufw allow http
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email <emailaddress> -d mydomainname.com

It produced this output:
The SSL certificates were created successfully.

/etc/letsencrypt/live/domain_name/fullchain.pem
/etc/letsencrypt/live/domain_name/privatekey.pem
/etc/apache2/sites-available/mydomain-le-ssl.conf

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 20.04.2

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

I suppose the issue I'm having requires some Docker expertise, and I'm hoping there are Docker experts in this community. All I'm trying to do is enable SSL for my Mautic instance that is running in a Docker container. I was able to get LetsEncrypt certificate installed successfully on the host, but I'm still having issues trying to figure out how to enable it for the Docker container. I read many differnet postings but most are using Ngnix and basically I'm going from one rabbit hole to another. Seems like this should be straightforward, but I'm missing something.

So far, in my docker-compose.yml file, I've added the binding of port 4430:443 to the Mautic container. I've also tried to mount the volumes, and I think this is where I'm not doing it right.

 ports:
      - 8080:80
      - 4430:443
  volumes:
      - mautic_data:/var/www/html
      - /etc/letsencrypt/live/mydomain.com:/var/lib/docker/volumes/root_mautic_data/_data/??? 

Should I mount the certificates to the /etc/ssl/certs directory inside the container?
If so, how do I actually properly reference this path from the host (the Mautic container root directory is /var/www/html)?

I ran netstat -tulpen on the host and it shows port 80 and 443 listening.

Is there anything else I need to do?

Thank you.

Hi @jenshine, and welcome to the LE community forum

certbot needs to know that it should be running on port 8080 locally; as 80 is expected as default:

Can you test HTTP access to your site (from the Internet)?
Is there an Apache listener responding?

EDIT:
I'm no Docker expert but the 8080:80 seemed backwards.
And this is showing that might be a problem:

curl -Iki http://mautic.sivangarr.com:8080
HTTP/1.1 302 Found
Date: Thu, 29 Jul 2021 06:42:50 GMT
Server: Apache/2.4.38 (Debian)
X-Powered-By: PHP/7.3.27
Cache-Control: max-age=0, must-revalidate, private
Location: /s/dashboard
Expires: Thu, 29 Jul 2021 06:42:50 GMT
Content-Type: text/html; charset=UTF-8

HTTP works great. I'm accessing it by the http://serverIP:8080.
But I would like to get it so that https://serverIP:4430? (something like this? or I need everything going to http://serverIP:8080 to direct to https) to work so that https://mautic.sivangarr.com would be secure.

From where?
I get:

curl -Iki http://mautic.sivangarr.com/
curl: (56) Recv failure: Connection reset by peer

You're so quick to reply!

I added some clarification to my post. Not sure if that helps.

OK I understand what you want.
But the simplest way to get a cert is via HTTP authentication - which requires port 80 (not 8080).
If you can't use port 80, you can't use the simples authentication method.
But there are others...
The next simplest is DNS authentication.
Which can generally be done manually with just about any DSP.
But the ideal goal here is to fully automate the renewal process; So we try to avoid doing anything (other that initial setup) manually.
So... which DNS Service Provider do you use?
[we need to see if they support API updates to your DNS zone]

OMG! You use Cloudflare for DNS.
Why not just use there CDN and certs too?

So I don't need a cert on the server side too if I have a cert on Cloudflare already?

You can also get a cert from Cloudflare for your server (that only they trust).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.