Update certificate for proxy to docker container


#1

Hi all,
i renewed a few certificates using
certbot renew
and it took me a while to obtain all certificates cause of an, to me, unknown manual process.

So i would be interested in opinions on how to automate the renew process for the following architecture:

Given is a single server. The server hosts an apache2 server which has direct access to the certificates and acts as a proxy to a few webservices running in docker containers on the same host. The docker containers don’t have the document root as a volume because the container is meant to act as a single working instance with the whole project source code within the container.

Thus access to the document root is not as easy as a simple docker mounted volume within the container and so i cannot use the webroot method of certbot.

Anyone has suggestions on how to automatically update the certificates in this situation?

Kind regards,
gj


#2

Hi @gjwnc,

Did you obtain the certificates using --manual or something?

It should be possible to configure this Apache server so that the path /.well-known/acme-challenge points to a single static directory on the host system rather than to any container service. Once this is done, the host system can obtain and renew all of the certificates without the containers’ cooperation. Apache and other servers can selectively proxy certain paths and not others, because each path in a URL space can be handled differently.


#3

No, but i stopped the proxy, ran certbot renew and this command restarted the proxy by itself. All further certificates failed because port 443 was in use (because of the proxy). So i needed to stop it again, renew, stop it, renew and so on until all certificates were updated. It was a surprise that certbot starts the proxy by itself. But now i know it.

Argh, the obvious solution. Many thanks for your hint.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.