Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Request/Done] Let's Encrypt Container

Featured Replies

EDiT: The following container works flawlessly!

I just created a new container with Nginx and letsencrypt built-in. I have been testing it for the last few days and it seems to work pretty well.

 

It is fully ephemeral as rara1234 requested  ;)

 

At start-up and every 9 days (cron) it checks whether the certificates exist and are still valid. If they don't exist, or if they are to expire within 30 days, it creates/renews the certificates. Nginx config is already set up to utilize the most recent certificate (through a symlink)

 

All the config files, as well as the www folder are available in the config folder.

 

You can find it in the Community Applications listed as Nginx-Letsencrypt

 

Just browse the Community Apps as suggested above or visit: https://hub.docker.com/r/aptalca/nginx-letsencrypt/

 

Those of us lucky enough to have gotten an invite to Let's Encrypts Closed Beta (and those soon joining the Open one) would surely be interested in a running container version of their tool.

 

What I am looking for:

 

-Simple way to give letsencrypt the information required of my server

-Access to my webroot dir (nginx) for authentification

-Access to my certificates folder (for letsencrypt to automatically renew them)

-Implementation of recurring cert renewal

  • Replies 576
  • Views 112.7k
  • Created
  • Last Reply

Im interested, but can't do much here untill we get a invite or it becomes public

  • 1 month later...

From another thread I was pointed to their Docker Container:

 

As people are thinking about containers for these things I would like to suggest you think about adding support for Let's Encrypt https://letsencrypt.org/

 

Let's Encrypt already has an official docker here and instructions on how to use it here

  • Author

any success on creating a template for this?

 

ideally it would store the certificate files to /mnt/cache/appdata/nginx/cert (a path accessible by nginx docker) and run on port 80/443

 

so one would just have to stop nginx to run lets encrypt once every three months. that would be ideal

My best hope for it at the moment is for this pull request to go through on the nginx-proxy docker container. I managed to get nginx-proxy working on unRAID. I'll post my config in the other thread.

It's a webserver, with reverse proxy and built in Let's Encrypt support.

Docker repos are listed in the github link.

 

2 Fish 1 Barrel

  • Author

This sounds super cool! Care to share a working template? The git page links to 5 different docker images that vary from recently updated to months old with only one referencing lets encrypt at all...

I'm not that guy, I was just sharing info about the project I stumbled upon.

I just used letsencrypt to create a certificate for my custom domain that points to my home server. I can connect to all my unraid docker gui's with a legit SSL connection. It was very easy and straightforward once you figure out how it works.

 

You don't need a docker to do that. All you need is a (preferably linux) machine that your url of choice points to.

 

I used an Amazon aws instance running ubuntu to do that. But you can easily use the nginx container for unraid.

 

Here's how you do it:

1) point your custom domain to your machine, or a dynamic dns domain that points to your machine (I have one from duckdns, updated by the duckdns docker container)

2) Forward the ports 80 and 443 on your router to your unraid server (to the ports nginx reports to the host)

3) docker exec into the nginx container

4) git clone https://github.com/letsencrypt/letsencrypt

5) go into its folder

6) sudo service nginx stop (letsencrypt needs to set up its own webserver to authenticate and it needs to use port 80)

7) ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

8- get the certificate/key from the "live" folder and place it wherever you like (preferably somewhere under /config so it persists through updates)

9) Modify nginx config and point to the certificate/key

10) Restart nginx

 

That's all

 

...

3) docker exec into the nginx container

4) git clone https://github.com/letsencrypt/letsencrypt

5) go into its folder

6) sudo service nginx stop (letsencrypt needs to set up its own webserver to authenticate and it needs to use port 80)

7) ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

8- get the certificate/key from the "live" folder and place it wherever you like (preferably somewhere under /config so it persists through updates)

9) Modify nginx config and point to the certificate/key

10) Restart nginx

...

 

won't that entire configuration get lost when the container updates?

  • Community Expert

...

3) docker exec into the nginx container

4) git clone https://github.com/letsencrypt/letsencrypt

5) go into its folder

6) sudo service nginx stop (letsencrypt needs to set up its own webserver to authenticate and it needs to use port 80)

7) ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

8- get the certificate/key from the "live" folder and place it wherever you like (preferably somewhere under /config so it persists through updates)

9) Modify nginx config and point to the certificate/key

10) Restart nginx

...

 

won't that entire configuration get lost when the container updates?

Doesn't matter. He is only doing this to generate the certificate to use. Once the certificate has been generated and put where needed you don't need the container changes anymore.

 

Doesn't matter. He is only doing this to generate the certificate to use. Once the certificate has been generated and put where needed you don't need the container changes anymore.

 

The certificates are only valid for a short period - 90 days I think. One of the principles of lets encrypt is that certificates are short lived but renewed automatically.

 

Doesn't matter. He is only doing this to generate the certificate to use. Once the certificate has been generated and put where needed you don't need the container changes anymore.

 

The certificates are only valid for a short period - 90 days I think. One of the principles of lets encrypt is that certificates are short lived but renewed automatically.

 

Well, when you git clone, use a folder under /config so it persists. Instead of moving the certificates, leave them where they are and point the nginx config file to that location.

 

To automate it, you can add a crontab entry for letsencrypt-auto.

 

That way, if you update the container, you will only have to add the crontab entry again. Everything else should work . . . theoretically :-)

Yes but it also violates a key "rule": https://docs.docker.com/engine/articles/dockerfile_best-practices/#containers-should-be-ephemeral

 

Which makes it harder for users to safely consume - a user might be hesitant to update if they think they have some config to do, and for something like a web server or ssl certificate that could be an important issue…

Violate is such a strong word [emoji14]

 

Remember I didn't create a docker container so I don't have to abide by those rules. [emoji6]

 

Plus the rules say "absolute minimum set up and configuration". Adding a single crontab entry is pretty minimal to me. You only have to do it if the nginx container is updated. How frequently is that, really?

 

If that really bothers you, the nginx container source is open, feel free to fork it and add the instructions I listed above and share with the world [emoji6]

I just created a new container with Nginx and letsencrypt built-in. I have been testing it for the last few days and it seems to work pretty well.

 

It is fully ephemeral as rara1234 requested  ;)

 

At start-up and every 9 days (cron) it checks whether the certificates exist and are still valid. If they don't exist, or if they are to expire within 30 days, it creates/renews the certificates. Nginx config is already set up to utilize the most recent certificate (through a symlink)

 

All the config files, as well as the www folder are available in the config folder.

 

You can find it in the Community Applications listed as Nginx-Letsencrypt

 

 

I was planning to but new year got in the way :D

I do however plan to try it out in the next couple of days!

Happy new year to you as well :D

I just stop my apache instance, and run the following on my server:

 

docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
            -v "/mnt/cache/.custom/apache/config/letsencrypt/etc:/etc/letsencrypt" \
            -v "/mnt/cache/.custom/apache/config/letsencrypt/lib:/var/lib/letsencrypt" \
            quay.io/letsencrypt/letsencrypt:latest auth

prompts for domain name(s) and a contact email address, and then generates certs etc

 

it works, but I suppose one built into an existing apache docker would be more ideal (preferred by letsencrypt too I believe). It could automatically renew as needed etc

 

Your one sounds ideal aptalca, but Ive not used nginx before, and have apache working pretty well at the mo. Maybe once I get a bit of time, I might try a changeover

  • Author

No one tried it yet? [emoji17] Well, happy new year everyone

 

New Years kept me busy  ::)

 

I have just replaced your nginx with this docker. It works perfectly well! Just had to move my previous www/ dir and my site.conf and THAT's IT! Thank you so very much. Never again am I paying a dime for a basic SSL certificate. No more hassle to get through startssl's procedure.

 

It works perfectly well (see attachment)!

LE.JPG.96cc26707f5d0af24c424a6e8d50585f.JPG

No one tried it yet? [emoji17] Well, happy new year everyone

 

New Years kept me busy  ::)

 

I have just replaced your nginx with this docker. It works perfectly well! Just had to move my previous www/ dir and my site.conf and THAT's IT! Thank you so very much. Never again am I paying a dime for a basic SSL certificate. No more hassle to get through startssl's procedure.

 

It works perfectly well (see attachment)!

Nice [emoji3]

 

Glad to hear it worked

How would i go about creating a certificate which is also valid for xxx.example.com and xyz.example.com?

Right now when i try to pass multiple domains in the setting nothing happens.

 

The log says:

Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --standalone --standalone-supported-challenges tls-sni-01 --email [email protected] --agree-tos -d example.com -d www.example.com -d xxx.example.com -d xyz.example.com

Jan 2 20:00:04 b5ad9d44859e syslog-ng[123]: syslog-ng starting up; version='3.5.3'

 

I tried both without and with the -d parameter.

 

Cheers :)

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.