This wheel has been worked on for many years...
I'm not sure what you need it to do that already hasn't been done.
2 Likes
I would not mix the temporary self-signed certificate with the /etc/letsencrypt/ directory. It's not necessary. I would rather change the path in the nginx configuration after getting the certificate than to mix things.
In fact, even the self signed certificate isn't necessary. It's perfectly possible to have a HTTP only website (without HTTP to HTTPS redirect of course) to manage the ACME challenge. Once you have the certificate, you can generate the HTTPS nginx configuration and add a HTTP to HTTPS redirect.
But I don't know how nginx in that Docker setup is configured exactly, so I don't know about the details.
Which wheel? 
Docker support isn't very great with regard to Let's Encrypt/Certbot if I'm honest.
2 Likes
Guys, I have good news!
Firstly, I discovered the reason for the error regarding my main question (the one that gave rise to this post). In short, I was using variables in the directives referring to SSL, which ended up not working and the reason is explained here.
Secondly, I wanted to say that after reading the latest recommendations from @Osiris and @rg305 and doing a lot of testing and at the same time trying to better understand the complete flow, I:
- Removed the
--force-renewaloption; - I removed the part that removes the
live,archiveandrenewalfolders; - I changed the certificate key type from RSA to ECDSA;
- I also removed the step of generating temporary certificates (self-signed with
openssl).
In addition to these changes, I changed MANY other things in the script to the point where I could say that my modified script and the original have no direct connection.
In fact, there may already be scripts that do what mine does and even much better, however, I was so intrigued by this whole story that after the last answer people gave me here on the forum I couldn't stop until I got to mine. goal. Honestly, it was relatively stressful but the ending is doubly rewarding! I'm very happy to have learned and understood new things and if my script can help the community in any way, I will be delighted.
In short, my intention with my final script is to help someone who may have some difficulty with the Let's Encrypt certificate request process or who wants to automate this at some level. I detailed some information in the "README.md" in the repository... I think you managed to understand my intentions when reading it.
I want to emphasize that despite this journey I am still a junior in the subject and the script and the flow of the certificate request itself can certainly be improved.
Repository link: GitHub - rhuanpk/ncd
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.