Docker Community Forums

Share and learn in the Docker community.

How to handle AutoSSL updates with docker

Hi,
I have a server with drone.io CI (docker container), as well as Apache(without docker).
I’m mounting SSL key and cert, so the drone can handle HTTPS.
The problem is that every 3 months, AutoSSL creates a new cert/key files, and saves the files with a different name, so I need to rename the files manualy/ cron job that checks it every X hours.

Maybe any of you know a better way to handle this issue?

Thanks

What is AutoSSL?

If the CI server is accessible from the internet, you could put a letsencrypt capable reverse proxy container in front of it and let it take care of the creation and update of letsencrypt certificates. I can highly recommend traefik for this.

AutoSSL is a tool that creates new cert/key SSL files when the old ones are about to expire.
This tool comes with cPanel (web hosting control panel).

I think letsencrypt can only be used with ports 80/443, but as I’ve mentioned, I have Apache on the server, so these ports are used by Apache, and I’m using ports 8080/8443 for the drone.

In order to use the SSL files I’m running:

docker run
–volume=/path/to/ssl/cert:/path/to/ssl/cert
–volume=/path/to/ssl/key:/path/to/ssl/key


–publish=8080:80
–publish=8443:443 \

So the problem is that when AutoSSL generates new cert/key files, the files under volume paths expires…
I can fix it by running a Cron job to check and move old files, but I’m looking for a better way.

Maybe there is a way to insert a path to a script that will echo the cert files in “volume”?
I’ve tried to insert there a bash script, I got no errors, but could not reach the drone from browser with https.
Thanks

Official images of nginx and an automated build of certbot, the EFF’s tool for obtaining Let’s Encrypt certificates, are available in the Docker library.
Let’s begin with a basic docker-compose.yml configuration file that defines containers for both images:
version: ‘3’
services:
nginx:
image: nginx:1.15-alpine
ports:
- “80:80”
- “443:443”
volumes:
- ./data/nginx:/etc/nginx/conf.d
certbot:
image: certbot/certbot
Here is a simple nginx configuration that redirects all requests to HTTPS. The second server definition sets up a proxy to example.org for demonstration purposes. This is where you would add your own configuration for proxying requests to your app or serving local files.
Save this file as data/nginx/app.conf alongside docker-compose.yml. Change example.org in both occurrences of server_name to your domain name.
server {
listen 80;
server_name example.org;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.org;

location / {
    proxy_pass http://example.org; #for demo purposes
}

}
If you would try to run docker-compose up now, nginx would fail to start because there is no certificate. We need to make some adjustments.

Thanks for the reply.
I can’t listen in ports 80/443, Apache(without docker) is already listening at these ports.
This is why I’m using ports 8080/8443.

I found a combined file with the most new cert/key files.
Thanks anyway.