There are three things you need to do:
- Run software to obtain the certificate
- Obtain the certificate
- Install the certificate
Under Docker, the first two things are very simple. There are official containers and docs for running Certbot under Docker (see bleow). You’ll be able to complete challenges via the HTTP-01 mechanism (Port80); you can also opt to use the DNS-01 challenge and run Certbot from any computer that can manage DNS.
If you use Docker or elect to run an ACME client to handle DNS-01 challenges from your computer, you must manually install the certificates. This is because Certbot’s Docker container is sandboxed from your Application’s Docker container.
In terms of installing the certs and running services, you could have the Python app handle SSL termination, you could run it in a container that handles SSL termination (uwsgi, gunicorn, etc), or you could install a webserver to run on port 80/443 (nginx and caddy are popular) and then proxy the traffic to your app on the higher port.
Hope this helps!